PSA: Tor exposes all traffic by design. Do NOT use it for normal web browsing.

As news of PRISM and other top-secret domestic surveillance programs cartier jewelry replica has been reported, many Americans have sought out means to prevent the government’s prying eyes from gaining access to their data. One of the most frequently cited methods of circumvention is Tor. NPR’s Science Friday, for instance, spoke about Tor as a potential PRISM circumvention on July 12, and the Tor Browser Bundle is one of the first things promoted on PRISM Break.

This is very bad. Tor should not, I repeat, NOT, be used as as a default wrapper for one’s browsing traffic. I’ve had to stop several friends from making this mistake after being misled by pseudo-technical sources, and now I’m here to stop you.

This is not about a flaw in the Tor protocol; rather, it is a correction of the myth that Tor can protect your conversations from random listeners. This belief is in fact the opposite of the truth; using Tor guarantees that at least one random party will have full access to all packets in both directions going over a specific node chain, because Tor is about hiding your IP address, not hiding your packet contents. As this is the effect that most people are attempting to avoid, Tor is not only counterproductive but dangerous for the average user.

PRISM can only be beaten by not playing

Before we discuss the specific mechanics of why it’s such a big no-no to wrap your web traffic in Tor by default, we should address a more fundamental point. PRISM is a voluntary program of data submission. This means that PRISM participants have been invited by the NSA to upload the contents of their database, and that the vendors have chosen to accept this invitation. It doesn’t matter how you access a PRISM participant’s resources, because they upload all the data they have on you anyway. Therefore, the only way to prevent your data from getting submitted to the NSA, whether you’re connecting from your home DSL or the Starship Enterprise, is to not give any data to the entities that are wrapping it in a neat bow and dropping it on the NSA’s doorstep. Tor will not help with this. Tor will do nothing to prevent this. Tor makes it harder for an endpoint to discover the data’s originating IP address, which is a fairly minor detail when we’re discussing something on the scale of PRISM, since they already have all the emails, IMs, photos, cell phone information, etc. of basically everyone.

I repeat: the only thing that will protect someone from PRISM is refusal to utilize the products of PRISM participants. It does not matter how or why or when or where you access it. If you upload any data to the service of a vendor who participates in PRISM, the NSA has it, and that’s the end of the story. As far as the U.S. government is concerned, using Tor will just result in a flag on your account that makes the guys who’re reading your email laugh and say, “Ha! This guy thinks we care so much about his boring emails that he should try to hide from us. What a jokester.”

However, it is very important that one doesn’t use Tor to do mundane things that are just as well done on a direct connection, because Tor’s infrastructure is inherently insecure for most ordinary uses.

Your traffic is visible to the exit node.

Tor is an acronym for “The Onion Router”. It is so named because it works by wrapping your request in several layers of encryption and then sending this request through an automatically generated chain of nodes. At some point, the request must be unwrapped to be sent to its final destination because most people are trying to communicate with an ordinary online service that doesn’t understand Tor’s methods.

The Tor node that performs the final unwrapping is called an exit node. The exit node decrypts the packet it received from its sibling on the chain of nodes and receives your full, plaintext request, which it submits on your behalf to the intended destination. The exit node waits for the response, encrypts it, and sends the encrypted response back up through the node chain until it reaches you, the dear user and the termination of the chain, where your Tor client decrypts the packet from your chain-sibling and presents your client with a comprehensible piece of data.

There is no way to restrict what an exit node can do with your session’s plaintext, and anyone can run an exit node. There is no qualification process and there are no restrictions. Barack Obama could be running an exit node within minutes, and so could Edward Snowden, and there’d be no way for either replica cartier love bracelet of them to ensure that the other couldn’t see the requests they were sending. The user simply checks a box in Vidalia and he’s running an exit node, relaying plaintext data between conversants. Exit nodes automatically change every few minutes, so many exit nodes will be relaying pieces of your conversation, possibly re-exposing sensitive data to many entities over the course of a single session. Anyone running a Tor exit node is a potential listener.

The Tor project attempts to scare exit node operators straight by citing the possibility of prosecution under wiretap laws, but this is a purely legal restriction; under Tor’s design, there is no possible technical implementation that would prevent the exit node operator from being able to save both incoming and outgoing messages as sent between conversants. Only the threat of prosecutorial pressure (which is basically non-existent for certain parties) stands betwixt an exit node operator and your data. Thus, Tor is extremely dangerous for the ordinary user. It must be used only for specific, carefully-planned sessions, or you risk exposing sensitive personal data to anyone running an exit node.

In principle, Tor is not very complex. It simply automates what would otherwise be a very cumbersome manual process of chaining proxies and encrypting a message for each replica cartier love bracelets proxy’s public key. Tor’s directories and announce mechanisms mean that one no longer must trawl for private proxies, but they also mean that anyone can register a node as a proxy and do whatever they like with the traffic they’re passing. Tor puts no restrictions on any of this — literally anyone running the Tor software can volunteer to pass along traffic and will automatically begin receiving the traffic of other users.

You are much safer with just the NSA spying on you than all the people you invite to spy when you utilize Tor indiscriminately.

What about SSL/TLS?

Encryption protocols implemented by browsers may mitigate this issue to varying degrees, dependent on the details of the cryptography’s implementation and negotiation (and the assumption that an exit node isn’t tampering with the negotiation handshakes to allow easier interception of the encrypted conversation), the validity and trustworthiness of the certificates in use, the server’s proper attribution of security flags, and other variables. That’s sure a lot of stuff to have to assume is in place when you’re broadcasting your packet-level conversations out to potentially any Joe Blow on the street.

Why does Tor exist if it’s so unsafe?

Because Tor is not designed to be a universal privacy tool. It was built for a specific purpose, which was the circumvention of restrictive firewalls. The default example is China; Tor could be used by Chinese dissidents to post or access information that is censored in China, but available in the “free world”. Tor would make it impossible for the Chinese government to tell which computer was used to post a certain piece of information, and would hide the fact that other information was being accessed at all. Tor is meant as a lifeline to the outside world. Tor actually makes it much easier to spy on random conversations between entities, if you’re into that kind of thing (and the government obviously is), because the idea is to get public information in and out of a locked-down environment. And it works very well for that.

With this in mind, it’s ironic to look back on the way that certain persons have clung to Tor as a solution to domestic spying, because in actual fact, Tor makes such spying easier for an adversary that is only slightly removed from many of Tor’s biggest participants (universities), and opens the user’s traffic up to the possibility of tampering or recording from a potentially infinite collection of more ignominious foes.

OK, when can I use Tor?

Assume any data you pass through Tor, including usernames and passwords, will be publicly visible. If you have a use case where you’re OK with that happening, you’re OK to use Tor; if not, you aren’t. As most people do many things that they don’t want publicized, Tor is a very bad solution for most people.

34 thoughts on “PSA: Tor exposes all traffic by design. Do NOT use it for normal web browsing.

  1. Pingback: PSA: Tor exposes all traffic by design. Do NOT use it for normal web browsing. | BRYAN LENETT OFFICIAL WEBSITE - BryanLenett.com

  2. You mention that Tor repeatedly wraps its contents in encryption, but that its also visible? Perhaps I’m a little confused, can you explain to me which is true:
    To clarify, do you mean that only the request for information is encrypted, but the entire message following/replying is in plain text? e.g. no-one knows where its going except the two endpoints, but everyone knows what it is.
    Or, do you mean that the entire request/reply/following is entirely encrypted, yet the exit node which unencrypts can read everything? e.g. no-one knows where its going, and no-one knows what it is, except the two endpoints.

    Surely, if the first scenario is true, the solution is to use a VPN and then Tor through it.
    If either scenario is true, that means that Tor is vulnerable to exit node flooding, enabling an entity to become the exit for a majority of the traffic, correct?

  3. The latter scenario is correct. Tor wraps the entire request in encryption for the whole node chain at once. It operates in reverse order; it encrypts the entire content of your request for the exit node’s public key, and then it encrypts the exit node’s encrypted message PLUS a header pointing to the exit node to the second-to-last node, then it encrypts THAT request for the third-to-last node plus a header pointing to the second-to-last node, and so forth until the node chain has been entirely traversed, and then the client sends the triple/quadruple/whatever-encrypted message to the first node on the chain, which decrypts the message, sees a header instructing it to forward the payload on to the IP address X (the next node on the chain) and an encrypted block which it cannot decrypt (because the first node does not have the second node’s private key), and the node follows these orders and sends the message through the chain in this manner.

    The exit node knows what was sent and received (it can read your request verbatim), but it doesn’t know who the original sender was, because it was sent through several hops in Tor. The pieces of a node chain are only aware of their immediate neighbors (the nodes to whom they forward an encrypted request). This is why it’s important to have a node chain of at least 2, but preferably 3 or more, hops. If an entity owns all nodes on a chain, that entity will be able to derive the original sender and the contents of their sent message (and if most Tor nodes are in the West, and the NSA has taps on all lines in the West, then it doesn’t become a very effective method of cirumvention…).

    Yes, Tor is vulnerable to an attack where a single entity may operate a preponderance of exit nodes and be able to read most of the traffic that is sent over the network. This seems unlikely to be plausible, however, since any client that informs the network that it wants to operate as an exit node is automatically sent into rotation and node chains are randomly assembled from available nodes when a chain is requested.

  4. So just to clarify, am I correct in saying the title is somewhat misleading? In essence Tor exposes all traffic by design to one participant per connection, so not ALL of your information is available to EVERYONE at once. And even if that participant was to get all of the information, it would not know from where it came.

    Still, by that, you should never log into services that can be traced back to you, because that would defeat the purpose of anonymity, or services that are tied with finances etc. while using Tor, for you put yourself at risk of snooping by the other participant. It should only be used as an anonymizer for generic services, and only as a PART of a good anonymizing plan (e.g. create a fake identity, use a VPN, use TOR, use a separate computer from your general use one, etc.)

    Is that all correct?

  5. Tor was not actually created to circumvent censorship, it was created to provide location anonymity. The censorship circumvention use came later, and has turned out to be the source of a lot of funding for the Tor Project, but Tor is still an anonymity tool first and foremost.

    It is true that it doesn’t provide much protection from PRISM, which retrieves data directly from Google et al’s servers, but it does provide some benefit: it enables you to use those services without revealing your geographic location (via your IP address) to them.

    However, PRISM is just one of the many surveillance programs which the public has recently learned about. Other programs collect data from internet transit companies, and Tor can be very helpful there. (Although, if someone can see both ends of a connection, with enough effort they can correlate the timing and quantity of data even if they can’t or don’t decrypt it. Tor does not currently make any effort to protect against that type of correlation.)

    It is very important to be aware of the risks of sending plaintext over Tor, but you should really consider the risks of sending plaintext over non-Tor connections too!

    I am posting this comment via Tor on a wifi network. Because I am using Tor, other people on the wifi network and the ISP it is connected to cannot see what websites I’m looking at, and the operator of this website doesn’t know what part of the world I’m located in. Because this site doesn’t use HTTPS, the Tor exit operator could see (and even tamper with) the data I’m sending and receiving, but they probably won’t. If I wasn’t using Tor, people on the wifi network or at the local ISP (or any other ISP between me and this site) could do the same thing.

    When you use unencrypted services, 3rd parties will inevitably be able to see and tamper with your data. Tor enables you prevent the 3rd parties who can do that from also knowing your location.

  6. @Anon: That is correct, though I don’t feel the title is misleading. The reason anyone can get your traffic is not because Tor publishes the plaintext to the entire network at once, but because anyone can run an exit node, Tor randomly chains available exit nodes that haven’t been marked as “bad exits”, and begin to get the plaintext traffic of Tor users.

    It would take some legwork for someone to target a specific person this way, unless the attacker was hooked into a majority portion of all exit nodes on the network.

  7. So in English, what the above is all trying to say is, your locations is safe…no one will know where or who you are.

    BUT the data being transferred is not safe, so all data content can be read.

  8. Hooked to a majority of exit nodes – That sounds like a job for the NSA – Let’s see how fast can they allocate resources to spawn a number of exit nodes? Oh wait – there’s probably a script on AWS to do that – Who can say they aren’t already running the majority of exit nodes? I think Groucho Marx had it right when he said ” I’d never belong to any club that would have me as a member” – I’d be willing to bet that any club being watched has NSA members, and that old fashioned espionage lead them to deal with the TOR issue in any number of ways.

  9. This guy clearly works for the NSA.
    NO ONE can crack Tor. The only way to read submitted text is to become an exit node.
    Even then it’s difficult to access every word as the whole conversation does NOT travel through the same exit node.

    TOR is great!!! Don’t listen to this shit!!

  10. Lol so “They” (the ones that you don’t want to see your stuff) still can’t track you which is still purposeful, and whoever started this obviously has their loyalties to “They”.

  11. HTTPS Everywhere encrypts the content of the pages and Tor provide location protection. To clarify, the end node CAN see what you see if the page is only http but https everywhere pushes the majority of sites we use to https thus protecting them.

  12. @Neo, the point is that exit nodes are the masters of all traffic. You’re exposing yourself to a potential MITM attack, practical for either eavesdropping or packet manipulation, any time you use Tor. That doesn’t mean that Tor isn’t useful for some things, it just means it’s not useful for all things and shouldn’t be a default browsing option. HTTPS Everywhere only works if the site you’re communicating with supports HTTPS and then only if the exit node is unable to inject certificates. Nation-states have been caught in the act of forging SSL certs for major players and injecting these mid-stream in the past (Iran was found to be doing so at least once), so it’s not really a stretch to imagine that it’ll occur on the Tor network as far as is possible. With the way the browser trust model works, if any state doesn’t have this capability, it can only be due to incompetence.

    True, the NSA can’t “break” Tor in that they can’t render its encryption useless, but as in all other things, there are ways to mitigate and circumvent. There are loopholes that users must be aware of if they’re going to successfully avoid detection. This post exists to make people aware of some of them, and combat the idea that Tor is a panacea.

  13. @jeffc I’m sorry but your fucking retarded. No one can “inject” an SSL certificate you dumb ass, your browser comes pre installed with trusted certificate authorities and when ever you request a page the public key they send you must be signed by the certificate authority or the key isn’t considered valid and you get a warning. A rouge certificate authority has absolutely nothing to do with Tor, and in fact can be prevented if there certificate is signed by someone you trust other then a certificate authority.

    The fact that some middle eastern people forged a certificate authority to spy on people effects only those who trusted the certificate authority in the first place and in addition would effect all users regardless of whether or not they were using tor. If anyone had a certificates authorities’ private key and you chose to trust that certificate authority in validating that you were visiting the correct website, then you have yourself to blame, and it wouldn’t matter if you were running Chrome,Firefox,IE,Tor, or whatever the hell you use to browse the web.

  14. Also imagine all the activists and people who are oppressed via the world wide web that you are hurting with this stupid post, what if they decide it’s a better idea to use Internet explorer because of your stupidity and they end up getting spied on or tortured you could in effect be hurting people by scaring them away from Tor with your false information.

  15. kip: I posted no false information. You don’t understand how browser trust works, and you don’t understand how Tor works. That’s OK, because cryptography and even crypto-concepts, are hard, but you probably shouldn’t try to do anything naughty with your internet connection until you develop a grasp of these things.

    The attack that was run by Iran injected an SSL certificate that was signed by a default trusted authority, because Iran had access to that CA’s key. Browsers all come pre-installed with trusted authorities, and any cert signed by those authorities will be trusted by your browser without notification to the end user. The trustworthiness of those CAs is the entire basis of the trust system, and was compromised in the attack I referenced.

    The reason Iran was able to inject that phony SSL cert that appeared valid to the user’s browser, with no action by the end user, is because the Iranian government had direct access to the packet stream that was flowing in their country. Incidentally, that’s the same access that you wilfully give to *anyone* who may be running a Tor exit node when you use Tor — direct access to your packet stream, which allows them to inject forged SSL certificates that your browser will happily accept without warning, or perform any other man-in-the-middle attack on the books. Usage of Tor inherently exposes all users to this attack vector, and no, SSL won’t keep you [entirely] safe. That’s what must be understood. It doesn’t mean they always *will* inject an SSL certificate, but it means they *can*.

    Sometimes that risk is OK, and sometimes it isn’t. Each user must decide that for his or her self.

    I’m not hurting anyone with this post. Anyone who reads this post about Tor, which acknowledges its good *and* bad qualities, and goes on to use Internet Explorer, is, as you put it, “fucking retarded” and should certainly not be trying to do anything with their internet connection that may get them into trouble.

    You also seem to think that Tor is itself a web browser, which is very, very wrong. Tor is software that manages the Tor network, only. This is another very important detail to using Tor and other anonymity solutions wisely, because there are variables in other software, like the software you use to make HTTP requests, render text, display images, and play videos, none of which is Tor, that could compromise or expose you.

    In the security community, we do not build dogmatic cults around brands. The Tor site itself is full of disclaimers and warnings that amount to this same thing. Your traffic is exposed to the exit node if you use Tor, and there’s no two ways about that; it’s by-design and readily acknowledged. In some cases, this isn’t a problem, and in other cases, it is. This post is here to help people learn when Tor use may be beneficial and when it may not be.

  16. Present your thesis to the Tor mailing list and let’s see how they answer your objections.

    If you’re correct then you’ll be helping improve a very good system.

    If you’re wrong then you’ll still get your pay check from the NSA.

  17. The Tor project itself makes similar recommendations and explains the vulnerabilities inherent in the exit node structure if you read their FAQs. No need to trouble the mailing list with content that’s already there. Tor is not a protection against PRISM and never has been, or purported to be. Exit nodes have control of your conversation and always have. The Tor project has always admitted this. Tor is not a panacea and Tor is not now and never has been meant for general purpose web browsing.

  18. SSL/TLS does offer an encryption method that would remove the ability for the exit node to view the contents of your packet. But, SSL can be defeated. If the exit node is running specific scripts it is possible to reroute all outbound port 443 traffic to the default 80 and remove SSL encryption from the packets, normally without user knowledge. Injecting counterfeit certificates is a stretch tho when it comes to our current internet structure in my opinion. You would not only have to control the exit node, but be able to seamlessly accept the packet, inject the SSL cert, forward the connection to the server via http (no encryption), accept the incoming connection, encrypt it again, and send it back. Now, not saying that its impossible, but highly unlikely. It would be much easier to simply redirect the traffic to 80 and block 443, which would be much quicker and easier to accomplish.

  19. So long as the data received by the exit node does not identify me in any way, then what difference does it make if that data can be accessed? Assuming one were to use TOR for illicit purposes, the exit node will only receive data of the crime but not of the criminal. Is this correct?

  20. If the exit node doesn’t receive identifiable data, then additional steps are necessary to unwrap the onion. It doesn’t necessarily mean you’re totally safe. Successful timing correlation attacks have been performed on Tor users and real people are in jail because of them. If someone can listen to both sides of your connection, whether it’s by operating both your entry and exit nodes (much more dangerous) or by tapping your line to the ISP and tapping/correlating with the final destination of your packets (only possible if you’re already a suspect), they can infer beyond a reasonable doubt that you are the person sending or receiving certain content, even though that content is encrypted on the wire and/or within the onion.

    It’s also important to recognize that a great deal more identifiable data is sent in each request than most people expect, and that client-side execution environments like Flash and JavaScript can often be used to produce a uniquely or near-uniquely identifiable profile even if everything else is scrubbed clean.

  21. This whole article is a farce. The author talks about Tor as if it behaves in a more open manor than traditional internet networking/traffic. Using traditional connection methods your data packets are still sent through nodes connected in a temporary network and any member of the node can ‘snoop’ on those packets because they have to read and re-send the data for it to be understood in the next chain in the temporary network. This is the way internet traffic has always worked.

    Tor provides a level of obscurity not provided by traditional protocols and never claims to hide the contents of the data you are sending. It is not possible to access the entire internet and still hide the data traffic as the participants in the transfers need to be using the same transfer protocols. Using Tor does not give rise to any breach in privacy not given in normal internet traffic.

    The author clearly seems extremely angry with Tor, however, although he seems to have a rudimentary understanding of how Tor works, he did not understand when publishing this article how generic internet protocols work.

    The author seems to be hell-bent on causing panic to Tor users, here is an extract from his article which serves as proof of this “Exit nodes automatically change every few minutes, so many exit nodes will be relaying pieces of your conversation, possibly re-exposing sensitive data to many entities over the course of a single session. Anyone running a Tor exit node is a potential listener.” – Whilst Tor does automatically change the structure of the network occasionally (this is a good thing for most users as it prevents significant patterns of traffic being created and identified), the exit nodes do not then share all data you are sending between them. Once you stop using an exit node it no longer has need, or receives, any of the data you are transferring. There is a short hand-off period where exit nodes will communicate any current connections/traffic you have coming out of the previous exit node in order to prevent disruptions in your connections. That is all, the way he words it seems to be in a manor in which to mislead people into believing that using Tor on an extended session would mean stacking up a huge list of exit nodes who have access to ALL of the data you transferred during your session, this is not true. Any exit node you connect to will only have access to a few minutes of the data you transferred during your session, and only the data that they require in order to made your connection possible.

    All in all, Tor is a very good thing and it’s users have achieved some very commendable accomplishments. Do not fear Tor.

  22. @Shandy: Thanks for your reply, but unfortunately, you’ve misread this generic warning. I am not “angry” with Tor at all, I think it’s a great system — I just want it to be understood and used properly. I’ve been using Tor since it was released and understand it well.

    You are right that other internet routers have this same ability to intercept traffic, and I never claimed otherwise. The reason it’s more problematic with Tor is because there is no control over which nodes become Tor exit nodes. The routers that are used to route your regular internet traffic are typically provided by only a small handful of companies and they handle massive amounts of traffic. Their locations are well-known. The people responsible for configuring and maintaining them are easily found. If the owners of this router are found to be exploiting their position by opening or manipulating traffic in a way they’re not supposed to, they can be arrested for violating wiretapping laws and sued for improperly discharging their commercial obligations right away.

    While your regular internet traffic is vulnerable to sniffing by the router’s owner and his friends, like governmental entities, it is less likely that a generalized bad actor will have access to this data. The complication with Tor is that any person can choose to place himself in this high-trust routing position at any time with absolutely no vetting or registration. That’s how Tor works, and that’s fine. It’s just important that people understand it. Tor is still useful for many cases, including cases where one would like to obscure transmitted data from the owners of the routers in his connection’s line (usually the owners of the nearest terminus, i.e., an employer).

    Tor is not meant to make your internet connection invincible. Any data you push through Tor is vulnerable to listening by any party who self-elevates to an exit node — there is no control over your exposure. On your normal internet connection, we can see everyone who has this access, and those people are generally massive companies that can be easily held accountable in case something goes wrong, and have no interest in your personal email or bank account details. This is not so with Tor.

    An individual exit node will have access to any data you send on that circuit. While new circuits will be used for new connections every X minutes depending on the configuration in torrc, old circuits are maintained for the duration of a connection. If you connect to a long-lived session like IRC, you will use the same exit node the whole time, and if that exit node is interested, they can listen to your whole conversation until you reconnect. Other connections behave this way as well. And the point is that you shouldn’t send personally identifiable information over Tor, because you never know if the exit node that’s on your current circuit is nefarious or not.

  23. Great article, Jeffc. TOR is indeed a valuable tool with some very significant limitations. Understanding those limitations is critical in order to get the most out of TOR. Expecting TOR to be a magic shield is silly, and unfortunately those expectations have been largely driven by recent major news stories profiling the service. Thanks for providing a great service with your article.

  24. Just about everything I just read, in the article, and comments, was wrong.

    Tor reveals your actual data to the exit node, yes. But unless you explicitly say your name and location etc. then the exit node has no idea where it came from. Therefore, it is irrelevant. Your data is not linked to you. That is the entire point of Tor. Tor has moved beyond simply averting firewalls and countrywide internet monitoring; it is no a method of anonymous browsing. Both of these functions still work if you don’t idiotically reveal yourself despite the numerous warnings on Tor’s website.

    As for the encryption used, it is crackable, and in a few years, it will be deemed obsolete, just like every encryption before it. However. It would take a massive amount of resources to link the unencrypted data to any one user because of the hopping. Encrypted or not, you would require to own two thirds of the Tor network’s nodes, in order to be able to say who send what to where.

    Please stop posting things on the internet. Both author, and commenters.

  25. I found this article balanced and factual: contrary to many commentators – many of which just seem rude and ignorant. It is important to inform people what tor is capable of and what are the weaknesses.

    However i disagree with the author about one thing: the use of tor for everyday surfing. He claimed the bandwidth should be left for those who need it most. This, however, is counterintuitive to the whole purpose of tor. The more people use it, the more secure it is i.e. the more difficult it is to filter out individuals based on their behavior.

    And increased usage together with projects that aim to increase overall web security, such as EFF’s Let’sEncrypt, will eventually lead also to far more secure tor. https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entire-web

  26. @Loki
    “If the exit node is running specific scripts it is possible to reroute all outbound port 443 traffic to the default 80 and remove SSL encryption from the packets, normally without user knowledge.”

    Please do that. Don’t write about security and cryptology: you just don’t know what you are talking about.

    First, TLS is used to session security now, and SSL is an obsolete protocol – the mere fact you mention SSL and not TLS show your lack of technical knowledge of cryptographic protocols.

    TLS protects the integrity and confidentiality of the data. There is no “rerouting” possible. The browser will connect to port 443 and expect a valid TLS welcome (actually, ServerHello) from the server. If the server cannot talk TLS, the browser will NOT retry with plain HTTP. The browser will issue an error.

    In order to “remove encryption from the packets”, you would need to install a TLS server with a valid certificate. Without a valid certificate, the browser will show a very scary error message.

    @kip
    “your browser comes pre installed with trusted certificate authorities”

    The browser (or OS) comes with many many trusted certificate authorities. Any single one could betray that trust.

    “The fact that some middle eastern people forged a certificate authority to spy on people”

    Yes, forged certificate happens, but not every day!

    A certificate authority may lose its reputation and may not be trusted anymore if it happens too often: Diginotar was removed as a trusted certificate authority in all browsers after a very bad security breach. Diginotar doesn’t exist anymore.

    HTTPS doesn’t offer absolute protection in practice. But it’s still strong, and people should use HTTPS whenever possible (Tor or not Tor).

    There are issues with the browser TLS certificate trust model.

  27. I just use it so data can’t be collected about my surfing habits. Obviously don’t use it for personal emails, finances, etc.

  28. @jeffc So how do you recommend being as secure as possible in your internet browsing activities?

  29. A bit late to the conversation, but I would like to input that your warning/information (even in comments) can be understood as either a few nights binge of research with zero understanding, or an over sophistication in knowledge which no longer understands exactly what the basics are (leaning heavily towards the former). All I learned from this article is that you use a few key words repeatedly without any explanation to your obvious target audience – people who know nothing on the subject.

  30. As a comfortable Tor user, here is the information straight from the source. https://www.torproject.org/
    It shows the different services that are available, and specific questions that are posed to it. Have a look there. This will alleviate any anxieties about Tor by seeing the strengths and weaknesses mentioned by Tor itself, along with some options and recommendations.
    Thanks for the article Bryan, but I disagree with the title too, and the target reader. I still don’t understand why you would want to warn people from using Tor for “normal” browsing. What are you exposing exactly? The insinuation of this website is that a person is expecting a silent line from their computer to the website which is also silent, and that is impossible as the only silent line is a dead, disconnected one. That is why the link is posted. As for criminal activity such as drugs weapons pornography and other, then I don’t care as to what means a person uses, as I hope they get caught out and corrected. In a way I hope they too use regular browsers, but with HTTP and no security, although this is unrealistic for most cases.
    Using Tor Browser to “browse” is secure for its named purpose. Enjoy your browsing.

Leave a Reply

Your email address will not be published. Required fields are marked *