[Gllug] Polipo - Was: Caching youtube videos
Richard Jones
rich at annexia.org
Sat Oct 4 08:34:14 UTC 2008
On Fri, Oct 03, 2008 at 02:45:34PM +0200, A.ALZOLA at telefonica.net wrote:
> >Am playing with TOR and thus installed Privoxy.
>
> Talking of which, I was wondering -- just how anonymous is a Tor connection in
> reality? I've read about the Metasploit people coming up with a method of
> tracing packets through a Tor network, but I believe that this only works if
> you are silly enough to have java connected while you browse. Is Tor
> anonymity a bit like PGP (i.e. Pretty Good Privacy only so long as someone
> doesn't have enough interest, money, and time to crack the key)? Does anyone
> on the list have an informed opinion? (... or am I opening a can of worms?)
Several weaknesses are mentioned in the wikipedia article:
http://en.wikipedia.org/wiki/Tor_(anonymity_network)#Weaknesses
There is another one I recall where a (well-funded) adversary sets up
many separate Tor nodes and can analyze traffic in between them.
Can't find a link to that one at the moment.
IMHO the real solution to privacy is always going to be to encrypt
much more HTTP traffic than is done right now (and that need is
becoming more urgent by the day). The recent change to Firefox 3
where it now refuses to go to sites that have self-signed certificates
(but not sites which have no encryption at all) is thoroughly stupid.
Instead it should act like ssh -- show the key when you first visit a
site, show nothing on subsequent visits unless the key changes.
Rich.
--
Richard Jones
Red Hat
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list