The anonymity is not theoretical, it is very very real. Tor (when used properly) will protect the origin of connections. If you choose to give away your identity by what you use your connection for (searching for your name, or logging in as you, then YOU HAVE CHOSEN TO NULLIFY YOUR ANONYMITY. This is not a flaw, this is by design. Tor is not insecure. Tor was never built, and should not be thought of as a security mechanism (because it is not one). Tor is an anonymity layer.
Even without tor, your connections are being relayed through computers you can't control, and who can easily log you. The reason torrified (yes, that is in common usage) connections are more likely to be recorded and monitored is the societal implication of wanting anonymity. This will only change if more people use anonymity mechanisms for regular every day things.
Tor was never advertised as a security mechanism, and thats not their intention. It allows you to connect to a server with assurance that the server can in no way determine your identity using the connection, or (most obviously) your IP address. If you choose to supply that server with a username, email address, or cookie, you can undo that anonymity. And if you use tor, or any other network including your ISP without using encryption, that network will be able to intercept and tamper with the content of your communications.
On Jan 9, 2008 11:32 AM, Eric Johnson ericlj63@gmail.com wrote:
Damn 'reply' button!!
On Jan 9, 2008 11:29 AM, Eric Johnson ericlj63@gmail.com wrote:
On Jan 9, 2008 11:20 AM, Jonathan Hutchins hutchins@tarcanfel.org wrote:
On Wed, January 9, 2008 11:03, Jonathan Hutchins wrote:
The only places I've seen reference to "TOR" has been on IRC, where the comments have been pretty universally negative, in that not only is it considered impolite, it's not very secure, and doesn't really do what you think it does. That's what I've heard anyway, so I didn't immediately assume that's what you meant. In light of that, I'm surprised to see it seriously discussed here.
I've also read a few times lately that many of the gateway servers are actually run by hackers and probably various intelligence agencies, so the anonymity is primarily theoretical.
--
Eric Johnson
"Where your pleasure is, there is your treasure: where your treasure, there your heart; where your heart, there your happiness." Saint Augustine
Kclug mailing list Kclug@kclug.org http://kclug.org/mailman/listinfo/kclug