Delivery-Date: Sun, 06 Jul 2014 13:57:47 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 66AB41E0938
	for <archiver@seul.org>; Sun,  6 Jul 2014 13:57:43 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 369882FCA2;
	Sun,  6 Jul 2014 17:57:40 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 70BD32F706
 for <tor-talk@lists.torproject.org>; Sun,  6 Jul 2014 17:52:05 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id gP3Pd68viJF2 for <tor-talk@lists.torproject.org>;
 Sun,  6 Jul 2014 17:52:05 +0000 (UTC)
Received: from nm42-vm10.bullet.mail.bf1.yahoo.com
 (nm42-vm10.bullet.mail.bf1.yahoo.com [216.109.114.155])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 343A52F6FD
 for <tor-talk@lists.torproject.org>; Sun,  6 Jul 2014 17:52:05 +0000 (UTC)
Received: from [98.139.215.141] by nm42.bullet.mail.bf1.yahoo.com with NNFMP;
 06 Jul 2014 17:52:02 -0000
Received: from [98.139.212.217] by tm12.bullet.mail.bf1.yahoo.com with NNFMP;
 06 Jul 2014 17:52:01 -0000
Received: from [127.0.0.1] by omp1026.mail.bf1.yahoo.com with NNFMP;
 06 Jul 2014 17:52:01 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 972567.55745.bm@omp1026.mail.bf1.yahoo.com
Received: (qmail 15013 invoked by uid 60001); 6 Jul 2014 17:52:01 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024;
 t=1404669121; bh=rqTZQNqQQMSd7maBdbGUzzuizeu7zJH2RX9NkbwiJg4=;
 h=References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type;
 b=OFVNgYWFDSGG5CQVJ1WC59o0AZY9ozXwIiV4Q0stGgrnlyxiNPVMoIgFOD5XfFrjSdfgPI+jR7NdLslgIJ3Dc0KwtJdaEUHJ/vKHm5ZCdITaaDTMvsk+Hw7HNlJRGj5Ip9TQRwYdMgP9VlOXRR+mDzuJD7fPV959im6V9ZPp4Tw=
X-YMail-OSG: jReN20EVM1nSlvyyda.6MI3FqA95VYtirGA.wbtVgIL9N6Y
 sog4Om9hykofgKk8Oy3Tfab4BqTXzTbkGAjxv1GNTNRWtF5IpGHe.llK7RcI
 qtghKrGVT8MsgK3jqdPDciQQvpNLPYZ18zFmLbwlCfz07sw4J9VXlrqshfFH
 nkHR3HOh52qx74uQJXelOh3n_zp2FbPaLR_g_YfeLcBcvT5l2UwvkOTWKzjm
 2uxRiExkvn_3Yu1U_OMV7HzZTckAtFmYUuHsk0vOvBHfkwW1_rA_xfo2zL2P
 eeAvs.CSJqiZFoFIMlf6KQXQGywobMsRNUgoDOm8YFGKhDkVpHLqaAswpJZy
 jFM5lKQujTwfUEAe2CLY8eyLx63Jugy_idxMJTbLW0JV_aJer9hh.HkAQdho
 9KEKqntVqRiqs7l6VYOZmV2VgMdi4nPNtVzsWgcjC.hveKQTCp4PX8oCn5Le
 XO5vMcwR19dp.Y7U1ogHmAzQJ2iefoixIs_b9uVcF9y3eEIOdky3QzvqbKJ5
 dsS7eNpEKvq.D.INmdvZAWWA.q9D43lcSdXOhPVwuVutLe5M9H97qAUSYyZt
 Ce1oP82yKveode3RU8U2__zPKTuAYwT6JYJkcIpvpHvTgtildiylV16PdVZv
 y28wrFHlpHvNIEbzE2Y7fb.8l
Received: from [24.60.51.177] by web140804.mail.bf1.yahoo.com via HTTP;
 Sun, 06 Jul 2014 10:52:01 PDT
X-Rocket-MIMEInfo: 002.001,
 R29vZ2xlIHRyYW5zbGF0aW9uOgoKSsO8cmdlbiBTY2htaWR0Ck93bi1nb2FsCkRhbmdlcnMgb2YgVG9yIHVzYWdlIGluIGRhaWx5IGxpZmUKSW4gdGhlIGN1cnJlbnQgZGViYXRlIG9uZSBvZnRlbiBoZWFycyB0aGUgQ291bmNpbCwgZm9yIG1vcmUgcHJpdmFjeSBhbmQgc2VjdXJpdHksIG9uZSBzaG91bGQgdXNlIHRoZSBUb3IgYW5vbnltaXR5IHNlcnZpY2UuwqBJbiBmYWN0LCBob3dldmVyLCB0aGlzIGlzIGEgdmVyeSBkYW5nZXJvdXMgdGlwLsKgRm9yIG5vcm1hbCB1c2VycywgaXQgaW5jcmVhc2VzIGRlIGYBMAEBAQE-
X-Mailer: YahooMailWebService/0.8.191.1
References: <20140701174228.61787hk50z2lhmgw@www.vfemail.net>
 <53B47174.6040507@torservers.net>
 <CAKkunMZuJuaRHKvLo8POwn1exaZceaj-uaR4ej=xmOpQgUqHgg@mail.gmail.com>
 <53B4D3BD.2040106@torservers.net>
 <CAKkunMb4k6TJR6+a8bzwttGRqMLmHN6E_dg5RxcfFY0Tq_OuNg@mail.gmail.com>
 <CAOsGNSQvPQyVmunWFVM6MMvrrNDyVNRD1zZgdWKxsKbjiWeoHg@mail.gmail.com>
 <53B58F84.2060406@gmx.com>
 <1404415380.64225.YahooMailNeo@web140806.mail.bf1.yahoo.com>
 <53B71501.5080105@gmx.com> <53B72308.9000606@cryptopathie.eu>
 <53B96BDE.1060203@gmx.com> <53B97140.6040306@cryptopathie.eu>
Message-ID: <1404669121.61125.YahooMailNeo@web140804.mail.bf1.yahoo.com>
Date: Sun, 6 Jul 2014 10:52:01 -0700
From: C B <cb736@yahoo.com>
To: "tor-talk@lists.torproject.org" <tor-talk@lists.torproject.org>
In-Reply-To: <53B97140.6040306@cryptopathie.eu>
MIME-Version: 1.0
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Google translation:

J=FCrgen Schmidt
Own-goal
Dangers of Tor usage in daily life
In the current debate one often hears the Council, for more privacy and sec=
urity, one should use the Tor anonymity service.=A0In fact, however, this i=
s a very dangerous tip.=A0For normal users, it increases de facto the risk =
of being watched and spied upon.

V=A0orweg be said that Tor can be very useful if you know exactly what you'=
re getting into and then behaves accordingly.=A0For the internet everyday b=
y John Doe Tor, however, about as useful as a shortcut to the supermarket a=
 short cut through a highly toxic swamp.
=A0[1]
Tor as anonymizer
T=A0he misunderstandings begin already with the statement that goal encrypt=
 the transmitted data.=A0This is true for traffic to and through the Tor ne=
twork.=A0But what you put into sending unencrypted Tor, emerges on the othe=
r side also unencrypted back out and then is sent in plain text on through =
the Internet.
In the end gate is increased so that even the risk that third parties read =
along your data.=A0To eavesdrop on you, a monitor access to your Internet t=
raffic must first gain - for example with a corresponding warrant to search=
 your provider.=A0However, that does work and there are rules to be followe=
d.
However, if you use Tor, your Internet traffic comes here with a Tor exit n=
odes - without any further action and almost as fair game.=A0And the operat=
or can read anything you do not explicitly encode.=A0For example, the Swede=
 Dan Egerstad has fished in a short time over a thousand e-mail passwords f=
rom the network traffic of his Tor exit nodes - among other things, various=
 embassies and authorities.
The Tor network is operated by volunteers.=A0As there are no controls, one =
must assume that a significant part of the Tor exit nodes is operated not b=
y human rights activists, but by intelligence agencies already given the ch=
arming man-in-the-middle position.=A0During normal surfing so there is some=
 risk that your unencrypted traffic is overheard;=A0if you use Tor, which i=
s virtually certain.
So you have everything that goes through Tor, actively encrypt and himself =
make proper arrangements to ensure that there is slipping rather than by mi=
stake unencrypted.=A0And then send over your encrypted data with the best c=
ode breakers in the world and say, "grapeshot"
This can work.=A0At least then, if you are familiar really good, comply wit=
h all necessary safety precautions, perhaps because you know that your life=
 depends on it.=A0After all, nowadays, you can certainly encrypt data so th=
at even intelligence agencies like the NSA it hard nut to crack.
However, if you only in the evening after a busy day do a bit of surfing wi=
th a beer, things look different.=A0Then it can possibly ever happen that y=
ou annoyed wegklicken an error message.=A0That would have you to make you a=
ware that something was wrong with the certificate of the page that you wan=
t to just call.=A0And then have the NSA guys, you have turned a nose you by=
 the collar.
If you're unlucky, there are previously not even an error message.=A0Becaus=
e it should probably assume that NSA operates at least an intermediate cert=
ification authority with which they can issue as man-in-the-middle certific=
ates that accepts any browser without complaint.=A0Who can move & Co. to co=
llaborate Microsoft, Apple, Google will not let Certificate editors reject.=
=A0Simple SSL encryption of https pages then does not provide sufficient pr=
otection.Instead, you have to really the fingerprints of the web pages cert=
ificates check - each time.
Active attacks
The connections through the Tor network will also not only passive eavesdro=
pping.=A0Intelligence agencies and prosecutors consider the Tor users almos=
t as fair game and grab the at will.=A0A few weeks ago someone has exploite=
d specifically through the Tor network vulnerabilities in Firefox version t=
hat came Browser Bundle used almost exclusively in the anonymization packag=
e goal.=A0In this way, a small spy program was funneled to the computers of=
 Tor users.=A0It all looks as if the part of an FBI campaign for blowing up=
 a child porn ring was.
Overall, the probability that your privacy is sacrificed as collateral dama=
ge increases by the use of Tor significantly.=A0Looking at the advice of th=
e Tor developers on the safe use of their service to, it becomes clear wher=
e the journey goes.=A0Among other things, they put the change from Windows =
to a special Linux live distribution on DVD to the heart, recommend disabli=
ng JavaScript and a random setting the MAC address at every system startup.=
=A0The use of Flash and other Extensions is already off limits.=A0So, go wi=
th "still alittle bit rumsurfen, play and have fun" - without a helmet, gas=
 mask and bulletproof vest one has no place in the Tor network.
Meanwhile, there are also real doubts gate at all can still keep the promis=
e of anonymity.=A0Admin and also conventional criminal pursuer bite of cour=
se clear from the teeth.=A0But if the NSA can actually evaluate substantial=
 portions of the Internet traffic systematically, it offers a lever, this a=
nonymity to crack.=A0Very roughly simplified to lure the victim to a Web pa=
ge that reloads other resources such as images.=A0Size and timing of their =
packages, then form a pattern that you see on "the other side" of the Tor n=
etwork and could therefore assign a specific address.
If we add that the data dribble at a snail's pace and with sensible delay t=
hrough the Tor network, the associated limitations and risks outweighs the =
benefits for average Joe and his need for privacy on any more.=A0On the oth=
er side stands or falls on the concept so that enough normal Internet users=
 use Tor and thus those who are really dependent on anonymity, so to speak,=
 offer coverage.=A0Ideally, the dissidents and human rights activists who a=
re being persecuted by their government and really need this protection.=A0=
(=A0)
________________________________

URL of this article:=A0
http://www.heise.de/ct/heft/2013-20--2248651.html
Links in this article:=A0
[1]=A0http://www.heise.de/ct/zcontent/13/20-hocmsmeta/1379577863485453/cont=
entimages/ju.nichtanon2.ig.IG.jpg=A0
=A0
=A0
--
Christopher Booth


________________________________
 From: "no.thing_to-hide@cryptopathie.eu" <no.thing_to-hide@cryptopathie.eu>
To: tor-talk@lists.torproject.org =

Sent: Sunday, July 6, 2014 11:54 AM
Subject: Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
 =



Thanks for the notice.
The German Heise publisher provides good information to IT-related
topics, but in German. I tried my Google-translate-link just before,
and it worked via Tor, perhaps you could switch the exit? Anyway, here
ist the original link:
http://www.heise.de/ct/heft/2013-20--2248651.html

Best regards

Anton
-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

