Google translation: Jürgen Schmidt Own-goal Dangers of Tor usage in daily life In the current debate one often hears the Council, for more privacy and security, one should use the Tor anonymity service. In fact, however, this is a very dangerous tip. For normal users, it increases de facto the risk of being watched and spied upon.
V orweg be said that Tor can be very useful if you know exactly what you're getting into and then behaves accordingly. For the internet everyday by John Doe Tor, however, about as useful as a shortcut to the supermarket a short cut through a highly toxic swamp. [1] Tor as anonymizer T he misunderstandings begin already with the statement that goal encrypt the transmitted data. This is true for traffic to and through the Tor network. But what you put into sending unencrypted Tor, emerges on the other side also unencrypted back out and then is sent in plain text on through the Internet. In the end gate is increased so that even the risk that third parties read along your data. To eavesdrop on you, a monitor access to your Internet traffic must first gain - for example with a corresponding warrant to search your provider. However, that does work and there are rules to be followed. However, if you use Tor, your Internet traffic comes here with a Tor exit nodes - without any further action and almost as fair game. And the operator can read anything you do not explicitly encode. For example, the Swede Dan Egerstad has fished in a short time over a thousand e-mail passwords from the network traffic of his Tor exit nodes - among other things, various embassies and authorities. The Tor network is operated by volunteers. As there are no controls, one must assume that a significant part of the Tor exit nodes is operated not by human rights activists, but by intelligence agencies already given the charming man-in-the-middle position. During normal surfing so there is some risk that your unencrypted traffic is overheard; if you use Tor, which is virtually certain. So you have everything that goes through Tor, actively encrypt and himself make proper arrangements to ensure that there is slipping rather than by mistake unencrypted. And then send over your encrypted data with the best code breakers in the world and say, "grapeshot" This can work. At least then, if you are familiar really good, comply with all necessary safety precautions, perhaps because you know that your life depends on it. After all, nowadays, you can certainly encrypt data so that even intelligence agencies like the NSA it hard nut to crack. However, if you only in the evening after a busy day do a bit of surfing with a beer, things look different. Then it can possibly ever happen that you annoyed wegklicken an error message. That would have you to make you aware that something was wrong with the certificate of the page that you want to just call. And then have the NSA guys, you have turned a nose you by the collar. If you're unlucky, there are previously not even an error message. Because it should probably assume that NSA operates at least an intermediate certification authority with which they can issue as man-in-the-middle certificates that accepts any browser without complaint. Who can move & Co. to collaborate Microsoft, Apple, Google will not let Certificate editors reject. Simple SSL encryption of https pages then does not provide sufficient protection.Instead, you have to really the fingerprints of the web pages certificates check - each time. Active attacks The connections through the Tor network will also not only passive eavesdropping. Intelligence agencies and prosecutors consider the Tor users almost as fair game and grab the at will. A few weeks ago someone has exploited specifically through the Tor network vulnerabilities in Firefox version that came Browser Bundle used almost exclusively in the anonymization package goal. In this way, a small spy program was funneled to the computers of Tor users. It all looks as if the part of an FBI campaign for blowing up a child porn ring was. Overall, the probability that your privacy is sacrificed as collateral damage increases by the use of Tor significantly. Looking at the advice of the Tor developers on the safe use of their service to, it becomes clear where the journey goes. Among other things, they put the change from Windows to a special Linux live distribution on DVD to the heart, recommend disabling JavaScript and a random setting the MAC address at every system startup. The use of Flash and other Extensions is already off limits. So, go with "still alittle bit rumsurfen, play and have fun" - without a helmet, gas mask and bulletproof vest one has no place in the Tor network. Meanwhile, there are also real doubts gate at all can still keep the promise of anonymity. Admin and also conventional criminal pursuer bite of course clear from the teeth. But if the NSA can actually evaluate substantial portions of the Internet traffic systematically, it offers a lever, this anonymity to crack. Very roughly simplified to lure the victim to a Web page that reloads other resources such as images. Size and timing of their packages, then form a pattern that you see on "the other side" of the Tor network and could therefore assign a specific address. If we add that the data dribble at a snail's pace and with sensible delay through the Tor network, the associated limitations and risks outweighs the benefits for average Joe and his need for privacy on any more. On the other side stands or falls on the concept so that enough normal Internet users use Tor and thus those who are really dependent on anonymity, so to speak, offer coverage. Ideally, the dissidents and human rights activists who are being persecuted by their government and really need this protection. ( ) ________________________________ URL of this article: http://www.heise.de/ct/heft/2013-20--2248651.html Links in this article: [1] http://www.heise.de/ct/zcontent/13/20-hocmsmeta/1379577863485453/contentimages/ju.nichtanon2.ig.IG.jpg -- Christopher Booth ________________________________ From: "no.thing_to-h...@cryptopathie.eu" <no.thing_to-h...@cryptopathie.eu> To: tor-talk@lists.torproject.org Sent: Sunday, July 6, 2014 11:54 AM Subject: Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court Thanks for the notice. The German Heise publisher provides good information to IT-related topics, but in German. I tried my Google-translate-link just before, and it worked via Tor, perhaps you could switch the exit? Anyway, here ist the original link: http://www.heise.de/ct/heft/2013-20--2248651.html Best regards Anton -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
