I think there was an article last year showing that by monitoring a lot of exit nodes, it was possible in many cases to determine who had sent the traffic. Meanwhile, a lot of users weren't encrypting, under the assumption that TOR was encrypting the last hop. As a result someone (I forget who) was able to see Embassy and other quite sensitive communications. Actually, since https is readily available, forcing TOR to encrypt that last hop would actually slow things down, possibly noticeably.
Date: Tue, 7 Apr 2009 09:34:36 -0700 Subject: Re: TOR encryption From: coderman@gmail.com To: jtrjtrjtr2001@yahoo.com CC: cypherpunks@al-qaeda.net
On Mon, Apr 6, 2009 at 11:50 PM, Sarad AV <jtrjtrjtr2001@yahoo.com> wrote:
... Or am I mistaken. Does Tor nodes not encrypt the payload?
correct. Tor only encrypts from itself as client out to exit node. you must encrypt from client application to destination (end-to-end).
best regards,
_________________________________________________________________ Quick access to your favorite MSN content and Windows Live with Internet Explorer 8. http://ie8.msn.com/microsoft/internet-explorer-8/en-us/ie8.aspx?ocid=B037MSN... 5C0701A