-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Justin Bull
As a beginner in the crypto field, I thought Tor was actually quite secure. Seeing that is not the case, what is regarded as a safe, anonymous browsing practise? And, as far as I know, monitoring an exit node only reveals the destination address, not the sender... Is that really a security issue?
If by "secure" you mean that the individual doing the browsing cannot
be traced, note that in any low-latency Internet access, packet timing
correlations between the parties can easily confirm any suspected
linkage. As the Tor documentation itself states,
... for low-latency systems like Tor, end-to-end traffic
correlation attacks [8, 21, 31] allow an attacker who can observe
both ends of a communication to correlate packet timing and volume,
quickly linking the initiator to her destination.
http://tor.eff.org/cvs/tor/doc/design-paper/challenges.pdf
More difficult to trace is Internet access by email via the remailer
network. See my "uinmyn", URL below.
-- StealthMonger