I first heard about The Onion Router on an episode of Numb3rs, where the perp used it to hide his identity. Of course, they were able to trace the chain and catch him in the end. I looked it up after seeing the episode, and saw an indication that it is pretty good anonymity unless a law enforcement or government agency gets involved, in which case all bets are off. Not too far from what was portrayed.
BTW, I would not have guessed that TOR referred to The Onion Router without having looked it up or had it expanded in the discussion. When I introduce one of the less-used acronyms, I like to expand it on the first reference, as suggested (of course such items as TCP/IP or LAN don't fall into this list. TOR certainly does. How many times has it been cited previously on this list, and how often?).
What about other routing schemes, such as the Mesh system used on OLPC systems? (One Laptop Per Child)
--Don Ellis
On Jan 9, 2008, at 12:17 PM, Billy Crook wrote:
The anonymity is not theoretical, it is very very real. Tor (when used properly) will protect the origin of connections. If you choose to give away your identity by what you use your connection for (searching for your name, or logging in as you, then YOU HAVE CHOSEN TO NULLIFY YOUR ANONYMITY. This is not a flaw, this is by design. Tor is not insecure. Tor was never built, and should not be thought of as a security mechanism (because it is not one). Tor is an anonymity layer.
Even without tor, your connections are being relayed through computers you can't control, and who can easily log you. The reason torrified (yes, that is in common usage) connections are more likely to be recorded and monitored is the societal implication of wanting anonymity. This will only change if more people use anonymity mechanisms for regular every day things.
Tor was never advertised as a security mechanism, and thats not their intention. It allows you to connect to a server with assurance that the server can in no way determine your identity using the connection, or (most obviously) your IP address. If you choose to supply that server with a username, email address, or cookie, you can undo that anonymity. And if you use tor, or any other network including your ISP without using encryption, that network will be able to intercept and tamper with the content of your communications.
On Jan 9, 2008 11:32 AM, Eric Johnson ericlj63@gmail.com wrote:
Damn 'reply' button!!
On Jan 9, 2008 11:29 AM, Eric Johnson ericlj63@gmail.com wrote:
On Jan 9, 2008 11:20 AM, Jonathan Hutchins hutchins@tarcanfel.org wrote:
On Wed, January 9, 2008 11:03, Jonathan Hutchins wrote:
The only places I've seen reference to "TOR" has been on IRC, where the comments have been pretty universally negative, in that not only is it considered impolite, it's not very secure, and doesn't really do what you think it does. That's what I've heard anyway, so I didn't immediately assume that's what you meant. In light of that, I'm surprised to see it seriously discussed here.
I've also read a few times lately that many of the gateway servers are actually run by hackers and probably various intelligence agencies, so the anonymity is primarily theoretical.
--
Eric Johnson