Tor Backfires On Users
Monday, September 17th, 2007Tor is a peer-to-peer anonymizer. It allows users to anonymously surf the web by routing the request through a pool of computers. This pool is created from users who donate processing time and bandwidth of their computers by setting them up as Tor servers. Anyone can set up a Tor server—it’s fairly easy to do.
Sounds good, right? The only problem is that Tor traffic goes through other peoples’ computers, and they can see whatever is being sent over the internet. Encrypted traffic, of course, is unreadable, but apparently web users send a non-trivial amount of sensitive, unencrypted information. In the linked article, the security expert was able to find login information for email accounts. Not a huge deal, but still worth noting.
Tech-savvy readers will immediately respond that this is not just a problem with Tor and that the whole internet is built this way. The difference, however, is that -anyone- can set up a Tor server without leaving their chair. With the internet at large, most routing is done through ISPs, hosting companies, and educational/government institutions. And while the danger still exists, it is not as severe as that posed by Tor. Simply put, though, it’s not a good idea to ever send sensitive information over an unencrypted internet connection.
Also, if you ever think of setting up a Tor server, be aware that illegal activities performed over the network may be traced back to your computer.
Link: http://arstechnica.com/…
UPDATE: The security expert in the above link was arrested and questioned. Just another example of killing the messenger.