-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Justin Bull <justin.bull@sohipitmhz.com> writes:
As a beginner in the crypto field, I thought Tor was actually quite secure. Seeing that is not the case, what is regarded as a safe, anonymous browsing practise? And, as far as I know, monitoring an exit node only reveals the destination address, not the sender... Is that really a security issue?
If by "secure" you mean that the individual doing the browsing cannot be traced, note that in any low-latency Internet access, packet timing correlations between the parties can easily confirm any suspected linkage. As the Tor documentation itself states, ... for low-latency systems like Tor, end-to-end traffic correlation attacks [8, 21, 31] allow an attacker who can observe both ends of a communication to correlate packet timing and volume, quickly linking the initiator to her destination. http://tor.eff.org/cvs/tor/doc/design-paper/challenges.pdf More difficult to trace is Internet access by email via the remailer network. See my "uinmyn", URL below. -- StealthMonger <StealthMonger@nym.mixmin.net> Long, random latency is part of the price of Internet anonymity. uinmyn: Is this anonymous surfing, or what? http://groups.google.com/group/alt.privacy.anon-server/browse_thread/thread/... stealthmail: Hide whether you're doing email, or when, or with whom. mailto:stealthsuite@nym.mixmin.net?subject=send%20index.html Key: mailto:stealthsuite@nym.mixmin.net?subject=send%20stealthmonger-key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/> iEYEARECAAYFAkz0SW0ACgkQDkU5rhlDCl5brgCgv4m4G4Z0NhXE76YkwhmrfJYL CKYAniic1yodWVjzAkCL5e4oWoIPzyV1 =Rye4 -----END PGP SIGNATURE-----