Topic: What are the downsides of Tor?

Anonymous e4d1347df67a5ed1e8315ddbf5dea391 started this discussion 2 months (2008-10-10 03:04:19 UTC) ago:

What are all these downsides people talk about regarding Tor, is it really that unsafe and easy to intercept or track?

Anonymous a888571bd5bc1c2b6453d126ec8529c9 replied with this 2 months (2008-10-10 03:04:41 UTC) ago, 22 seconds later (#68,167):

Cannot post on AT.

Anonymous d26f30c7f04f1a16a0dfb2a0b85de6bf replied with this 2 months (2008-10-10 03:10:19 UTC) ago, 6 minutes later (#68,170):

A huge plus for me is being able to visit secret .onion websites. Use the search function on AT if you ever want links to .onion websites. However, a downside for me is my Tor isn't working right now and I can't figure out why.

Anonymous 44f180364897ad0759d31ad4741d3fd1 replied with this 2 months (2008-10-10 03:15:10 UTC) ago, 5 minutes later (#68,172):

It's not easy to intercept at all. The most that can be done so far against it is a so-called "timing attack", which only proves that a specific connection was most likely made by you. But it's not definitive, and most likely not acceptable evidence in a court case.

The thing to keep in mind about Tor though is that it can only protect your identity, not your information. Tor works by sending your information through 3 "nodes" to obscure your identity. Here's a crude diagram:

Your Computer → Node 1 → Node 2 → Node 3 → Server

Locally, Tor encrypts the information you're sending and then sends it to node 1. Since node 1 has to make a direct connection to you, it knows who you are, but not what you're doing or what information you're sending. Node 1 sends this to node 2, which doesn't know anything about you since it sees the connection as coming from node 1. Node 2 sends it to node 3, which has to decrypt the information in order to send it to the server (which wouldn't be able to process it otherwise). Thus, node 3 knows what you're doing (keep in mind that this is only if the person running the node attempts to deeply analyze their traffic to find this out, it's not as if Tor just displays any of this info openly) but doesn't know who you are since it sees the connection as coming from node 2.

Therefore, we see the problem with Tor. At any point between node 3 and the server, somebody can intercept your information (but not find out who you are), unless you're using SSL along with Tor. Thus, Tor's security depends on your security needs. If you're sending sensitive government information that absolutely cannot be read by anybody else but you and the recipient, Tor is not your solution. If you're just browsing cp, Tor is fine. Nobody will be able to connect your identity to your cp browsing.

Anonymous b8311d4941015b2b6d1842eb477d4eb9 replied with this 2 months (2008-10-10 04:23:10 UTC) ago, 1 hour later (#68,205):

@68,172

I was about to quibble with a couple of minor technical points in this response, but after re-reading it (and deferring to topic relevancy), I think that there's really not much else to be said.

Great response, anon.

Anonymous 9842456c921f5ef0efc683b41600a85a replied with this 2 months (2008-10-10 19:58:43 UTC) ago, 16 hours later (#68,328):

@68,172

Unfortunately the problem runs deeper than that; it's a fundamental issue with proxied connections in general. If what you're sending is sensitive, always encrypt it.

Anonymous 6679f5874f63d2f93918cf98c71cf566 replied with this 2 months (2008-10-10 20:50:43 UTC) ago, 52 minutes later (#68,352):

The security isn't unbeatable, but it's so good that most investigators won't bother with it and will instead focus on sources with a higher yield. The main downside as I see it is the terrible slowness. It's really fucking slow.

Anonymous 0b6adeb85a2087ef8c8d2503c624e51d replied with this 2 months (2008-10-11 19:18:17 UTC) ago, 22 hours later (#68,603):

AnonTalk BBS — Discuss anything anonymously without registration.

Topic: What are the downsides of Tor?