U.R.Being.Watched writes: > http://www.deseret-tech.com/journal/psa-tor-exposes-all-traffic-by-design-do-not-use-it-for-normal-web-browsing/
There are some mistakes in the article -- for example the notion that Tor "was built for a specific purpose, which was the circumvention of restrictive firewalls" like the Great Firewall of China. If you read the original Tor design paper from 2004, censorship circumvention was actually not an intended application at that time: https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf ("Tor does not try to conceal who is connected to the network.") That has subsequently changed, the project adopted anticensorship uses as an additional goal, and nowadays Tor does sometimes try to conceal who is connected to the network, when they ask it to. (Sometimes this succeeds against a particular network operator, and sometimes not.) But the original design goal was privacy in a particular sense, and not censorship circumvention. My colleagues and I made an interactive diagram a few years ago to try to explain the same concern that this article presents. https://www.eff.org/pages/tor-and-https One part of it is that if you use Tor without additional crypto protection to your destination (like HTTPS), a different set of people can eavesdrop on you than if you didn't use Tor at all. That's definitely still true and is always a basic part of Tor's design. You might think those people are better or worse as eavesdroppers than the nearby potential eavesdroppers. The faraway eavesdroppers might be more organized and malicious about it, but they also might start out not knowing who you are. Whereas the nearby eavesdroppers might physically see you, or have issued you an ID card, or have your credit card. As we thought when we made that diagram, probably the best solution for this is more and better HTTPS. At some point (which may already be in the past), it might even be a good idea for Tor Browser to refuse to connect to non-HTTPS sites by default, although that might be a difficult policy to explain to users who don't understand exactly what HTTPS is and how it protects them, and just see that Tor Browser stops being able to use some sites that Internet Explorer can work with. -- Seth Schoen <sch...@eff.org> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk