Quote:
Originally Posted by adultmobile
Well most exit nodes are run by either governments, or private people who are sniffing passwords and whatever useful to hack the guys.
|
That happens on public WiFi, VPN exit points, and regular ISPs too. Also, did you forget about PRISM already? What do you think that actually does?
Tor doesn't magically fix the Internet, but it does enhance privacy a ton.
Also, I'm sure some exits are ran by bad people but there are exits ran by good people as well. I should know. I run some of the high speed exits and I don't monitor shit. Hell, I cripple the kernels so the bpf device doesn't work in the unlikely event that one of my nodes is compromised.
Quote:
Originally Posted by adultmobile
so better use vpn/ssl over tor if really one is paranoid.
|
Use SSL with *certificate pinning*. I can't stress this enough. Especially when banking over any ISP/service/vpn/tor/whatever.
Remember that the DHS and Chinese gov have CAs and can sign whatever SSL keys they want. They can easily MITM (Man in the middle) any SSL connection and have been able to do this since 2004. Proof of this was released online back then. There was some commercial product being sold to law enforcement agencies back then.
Quote:
Originally Posted by adultmobile
By the way the best way to go in Tor on a windows is whonix:
|
The best way to use Tor is with a physical router. Setup a Linux/*BSD router and force all traffic to flow from the LAN to the WAN via Tor. You can stop leaks this way.
This will properly hammer all traffic over Tor and prevent any leaky applications.
Also, if you value privacy and security don't use Windows or OSX. I know I'll get some flack for mentioning OSX, but it is closed source and I'm sure that a future Snowden leak will reveal that the NSA has code signing keys for it like they do with Windows.
