jtrjtrjtr2001 at yahoo.com
Sun Apr 5 12:43:09 PDT 2009
I was looking at TOR's wikipedia entry
"Eavesdropping by exit nodes
In September 2007, Dan Egerstad, a Swedish security consultant, revealed that by operating and monitoring Tor exit nodes he had intercepted usernames and passwords for a large number of email accounts. As Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server, any exit node is in a position to capture any traffic passing through it which does not use end-to-end encryption, e.g. SSL. While this does not inherently violate the anonymity of the source, it affords added opportunities for data interception by self-selected third parties, greatly increasing the risk of exposure of sensitive data by users who are careless or who mistake Tor's anonymity for security."
Since a lot of people may be interested in running rouge exit nodes, why not have an optional setup where we can get rid of encrypting the traffic(i mean user data) and provide anonymity alone? It is best to take security out of the hands of the end user but in case the end user knows what he is doing and can run end to end secure services, wouldn't getting rid of this encryption(an optional provision) significantly speed up TOR?
More information about the cypherpunks-legacy