|
Authored by: Anonymous on Friday, July 19 2013 @ 05:25 AM EDT |
With a VPN you have to trust that the "privacy-oriented" VPN provider
won't get strong-armed by some government to give your details away.
ToR was designed to get round that vunerability. (Initially by the US
Governamnt, for their operatives in hostile countries, now by everyone. So it
has standard FLOSS security from multiple opponents all using it, so none of
them want there to be any backdoors)[ Reply to This | Parent | # ]
|
|
Authored by: PJ on Friday, July 19 2013 @ 11:38 PM EDT |
Well, I'll tell you. My concern with Tor
is that it depends on individuals sharing
their servers/computers as relays.
I don't know how secure that makes it,
and in fact the instructions suggest not
logging in with passwords on it, last I
looked.
[ Reply to This | Parent | # ]
|
|
Authored by: Anonymous on Saturday, July 20 2013 @ 07:15 AM EDT |
Tor-birdy is a project that is in beta or perhaps alpha for using Thunderbird
over Tor. If you want to do this properly Thunderbird has to be audited for
privacy leaks. At the top of the list is DNS leaks. (If your client does its
own DNS requests, that can potentially be observed by an attacker and be used to
unmask you.) But there are many more subtle ways that unaudited Thunderbird
code might reveal your identity. The tor-birdy developers (one of whom is Jacob
Applebaum, IIRC) are committed to doing this correctly. If you simply configure
default Thunderbird to use the Tor client as a proxy you most assuredly will not
be doing things correctly and you should not deceive yourself into thinking you
have annonimity.
There is a lot of good information at torproject.org on how to use Tor properly
and on the limitations of onion routing. One of the limitations is timing
analysis. There is concern about "global passive observers" which can
see both the origin (your Internet connection) and the destination (GMail).
Under those circumstances it supposed to be trivial to, with a fairly high
degree of certainty, associate a user with a connection. It is unclear to what
degree the NSA matches the description of the global passive observer but it is
a concern. Then there are also discussions on the wider Internet about present
and future capability of the NSA to decrypt communications and about their
storing encrypted communications indefinitely until they have such ability.
"Google is your friend".
Addressing a concern of PJ's further down this thread there is the issue of
malicious exit nodes. While there have been various efforts to try to limit
malicious exit nodes (the last node in the Tor network prior to the final
destination) there is no guarantee that the exit node you use will not be
malicious. The exit node has the ability to monitor and modify anything you
send in clear text. The solution? Don't send anything in clear text! If you
use solid end-to-end encryption then you should be fine. I have not followed
tor-birdy development in detail but the developers are well aware of these
issues.[ Reply to This | Parent | # ]
|
|
|
|
|