TOR, Anonymity and Security

I linked to a piece by Bruce Schneier on how TOR’s encryption does not make it a security tool. This cannot be stated strongly enough. The simple fact is that at the exit node from TOR, all your traffic is returned to whatever it was on entry. If you use clear text HTTP, then that is what also exits the network, regardless of how it is handled within the network, by the nodes.

Hackzine has an article that emphasize many of these points. It makes some additional points about the kind of scrutiny to which TOR traffic is provably subjected.

Anonymity is not the same as security. Be careful when using and advocating TOR as just one tool, among many, to help privacy online that you do not make this fundamental mistake and over sell it. Even strong security does not absolve you from not exercising a dash of skepticism and care. And consider how high profile TOR is, there is no surprise that many are watching it closely and that I have linked and spoken about many exploits that have been run against TOR to erode even its limited anonymizing capabilities.

One Reply to “TOR, Anonymity and Security”

  1. Pingback: Programming Blog

Leave a Reply

Your email address will not be published. Required fields are marked *