On Fri, Mar 21, 2014 at 3:04 AM, rysiek <rysiek@hackerspace.pl> wrote:
Hi there,
As I am running a local cryptoparty and do a lot of basic encryption/privacy talks and workshops, I am often recommending Tor as one of the means of protecting one's privacy and yes, even security
speaking as a security enthusiasts and attending venues where hostile networks are expected and common, i can sum up my personal position as: 1. Tor has worked in environments where no other communication could. this includes situations where everything not-Tor was blocked or actively attacked. for this reason alone i believe it is an indispensable tool in the security practitioner's toolbox. 2. Exit nodes should be considered hostile. you'll be wrong most of the time (by design) but it doesn't hurt to remember that plain-text is not only observed but trivially manipulated through exit relays. 3. Defense in depth! Not only do 0day happen, but also accidents, oversights, catastrophes, the slow march of time... This can mean running a live Tor distro like Tails or constructing a series of isolated VMs for research on Qubes with a Tor Proxy VM. as for the concerns about identifying Tor users, the latest Tor bundles and Tails image have support for obfuscated proxies into the Tor network and other bridges. if Tor use alone is a concern, you're doing OPSEC wrong and/or living where obfuscated proxies are necessary. best regards,