Looks like TOR isn't as safe as you were hoping...

[Wiimote]

By publishing his TOR hack, Swedish researcher Dan Egerstadt recently provided users with a timely reminder that The Onion Router (TOR) anonymisation network should be enjoyed with caution. By setting up five exit-nodes, Egerstad sniffed out large amounts of e-mail access data from embassies and government agencies and published some of this data on the internet. Since a user cannot know who operates the individual exit-node through which his traffic passes, TOR users are advised to always make use of additional encryption.

source: http://www.heise-security.co.uk/news/99333
and also see the links at the bottom, for info on TOR exit nodes doing MITM (man in the middle) attacks, and the first part of this story

 

[Echoes]

Not exactly a new concept but a good demonstration of its faults nonetheless. As far as I know, there is no way to be 100% anonymous online. If they (government) really want to find you then they can and will. I've heard of IP spoofers and MAC address spoofers but I can't say I've had any experience with them. I know I've read a few articles saying that they can't, in theory, work properly but I'm not sure. But yeah, everyone should know that TOR isn't really that safe. Pedophiles use it, hackers use it, etc. You can be certain the government has their eye on the network. "It is certainly generally believed that Chinese, Russian and American government agencies operate TOR exit-nodes. Large companies and illegal hacker groups are also thought to operate exit-nodes. Looking through the list of TOR exit-nodes, it is striking that the number of exit-nodes in China and the US has increased disproportionately over the last year." (from the article)

 

[Guest]

in theory the combustible engine will not run...it does

anything that man can conceive there is a loop hole for...for every action can be counteracted...shit man im high

 

[Echoes]

Understandable, brainthor. I am about to light up, myself. Cheers.

I'm now running across multiple links online for "IP spoofers" and "MAC address spoofers." I'll be studying up on it. Anyone who is more tech-savvy have any input? I certainly wouldn't go around downloading every link to spoofers that I find. Investigate the programs reviews first. Spoofing is mostly used by hackers/crackers/DDOS attackers so I tend to stay away from it. I'm not really condoning it, either.

 

[Guest]

People dont really spoof IPs, maybe if they are ddosing sure. but as far as that goes, you either use redirects, proxies, tor etc. one way or the other they are all hiding your true IP, its just a matter of whats more secure. unless your doing some pretty illegal things (posting on a growing forums isnt that bad) TOR will be fine.

Its no suprise data can be sniffed from TOR, people have been doing this stuff for a long time. its the same reason why proxies you find online arent always safe. People arent just nice and decide to give proxies to the public. Most of them have sniffers being ran, you would be amazed at the amount of information you can find putting 10k+ proxies out into the public and logging all the sniffed traffic.

TOR is fine though, if a person really thinks he needs more security then that he probably already knows how to do it. for someone just posting on a grow website or any website in general TOR will be fine.

 

[kp^]

TOR is a great utility if used right.

Check out JanusVM. (http://janusvm.com) Little app a few friends of mine created.

TOR + Janus + Virtual Machine = anonymous + private.

 

[boroboro]

Thanks for the tip on JanusVM. Looks interesting. I don't think TOR has ever been proposed as a perfectly anonymous solution. Much, much better than nothing, but not perfect.

 

[etrusco]

Of course, every kind of data can be sniffed from a TOR exit node, expecially if the outgoing connection itself is not encrypted (since traffic from the last node to destination is in clear).
TOR is only good for hiding the traffic origin.

IMO:
WRONG: Using TOR to pay online with a credit card, access online banking or other sensible private data.
GOOD: Using TOR to browse cannabis forums, upload plant pictures, access email accounts that you setup and use ONLY with TOR.

In other words, if someone sets up an exit node to "steal" my plant pictures while I post on a forum... I couldn't care less.

 

[George Hayduke]

the best thing to do is douse your computer in oil and light it on fire.