« CIO - China Makes Viruses for Cyberwar First-Strike
Cyberterrorism Trends »

Tor hack proposed to catch criminals

June 12th, 2007 by Lance Cottrell

Tor hack proposed to catch criminals

This article is a couple of months old now, but I have been thinking about it a lot. Basically, HD Moore has created a set of tools to scan the contents of traffic leaving a TOR exit node, and to inject active tracking code into the data returned to the user. While this is possible in any anonymity system, the fact that almost anyone can run a TOR node makes the question of trust much more tricky.

I have talked to Roger Dingledine (one of the creators of TOR) about this but we seem to talk past each other. As I understand it, Roger feels that a user needs to take additional action to protect himself from such threats, including blocking all active content. He would further argue that if you are going to an insecure site, then you are putting yourself at risk. TOR is about anonymity, not security.

While all this is true, it runs aground on the reefs of reality. I am reminded of a statement by Yogi Berra: “In theory there is no difference between theory and practice. In practice there is.” People want active content. People want to go to insecure websites. People want privacy. People don’t want to work for it.

At the end of the day, that is really the difference between the TOR philosophy and the Anonymizer philosophy. We think that users should not need to be security experts. We think they should not have to research the trustworthiness of a number different individuals or groups. We think that the privacy threats normal people actually face in the real world are a long way from the unlimited money and resource attacks imagined by academic security researchers. Security is a balance. We strive to be secure, fast, and user friendly. I think 11 years with out a single breach of a user’s identity from using the service is good evidence that we are doing something right.

- Lance Cottrell

Posted in Internet, Online Privacy, Personal Privacy
PermaLink
Digg this Add to del.icio.us Add Redit
This entry was posted on Tuesday, June 12th, 2007 at 7:47 am and is filed under Internet, Online Privacy, Personal Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Tor hack proposed to catch criminals”

  1. Ardan Michael Blum Says:
    July 5th, 2007 at 3:49 pm

    There is no doubt that ANONYMIZER is fast, user friendly and secure. The question is how does one explain to the general world the importance of being on a proxy when the average person uses the same 5 letter password to start up their computer and view emails. People seem to think that the work of security is done for them with a Microsoft patch. In some cases they go about saying (I must have heard this stupid line a hundred times:”I have nothing to hide”). So indeed in a sub-culture of a secure few the use of TOR is not secure surfing and frankly if you want to mask your ip just use WIFI and connect as the person next door and skip TOR.

    The point of importance, to me is HOW TO TELL OTHERS ABOUT A GREAT PRODUCT CALLED ANONYMIZER? One way is for anonymizer to offer a new SSL URI/URL that allows UNLIMITED FREE SSH ACCESS FOR 10 DAYS to potential clients. This would also allow people who do not have the funds to use a great service.

    Ardan Michael Blum, Geneva

  2. lance Says:
    July 9th, 2007 at 12:05 pm

    Most of our products already come with a fully functional trial for a limited time. We encourage you, and anyone else, to distribute links to download the trials.

Leave a Reply