TOR, Anonymity and Security
I linked to a piece by Bruce Schneier on how TOR’s encryption does not make it a security tool. This cannot be stated strongly enough. The simple fact is that at the exit node from TOR, all your traffic is returned to whatever it was on entry. If you use clear text HTTP, then that is what also exits the network, regardless of how it is handled within the network, by the nodes.
Hackzine has an article that emphasize many of these points. It makes some additional points about the kind of scrutiny to which TOR traffic is provably subjected.
Anonymity is not the same as security. Be careful when using and advocating TOR as just one tool, among many, to help privacy online that you do not make this fundamental mistake and over sell it. Even strong security does not absolve you from not exercising a dash of skepticism and care. And consider how high profile TOR is, there is no surprise that many are watching it closely and that I have linked and spoken about many exploits that have been run against TOR to erode even its limited anonymizing capabilities.
Trackback from Programming Blog
Time November 8, 2007 at 4:40 pm
Tor and PHP - Resolve IP Address with Socks5
When using tor with PHP, dns resolution leaks can occur as they are generally not proxied. The following two functions can be used to resolve domain names or do a reverse lookup on IP addresses over a socks5 connection.
Tested with php4
function socks…