Tor

[computerfreaker]

Like many other people, I've gotten especially concerned about privacy recently. A recent system change has left me even more concerned about privacy, so I'm looking into using Tor for normal browsing.
I've done some research, and opinions vary. Some people say Tor has security problems and will make browsing even more insecure than it already is (although NS strengths things immensely); some people swear by it.
I finally decided to try it myself, but for some reason it keeps crashing.

So now I've got 3 questions...

#1: Any opinions on the relative security of using Tor? (I'm already aware that Flash, JS, Java, etc. can be used to bypass it, btw - NoScript ftw!)

#2: Other than extreme slowness (I've successfully used OperaTor, so I know how slow it is), are there any downsides to using Tor?

#3: Anyone know where can I get some support for Tor? I found a Tor IRC channel, but it seems to be all but dead - my questions were unanswered an hour after messaging. I've been unable to find a Tor forum anywhere, either.


Thanks!

[Tom T.]

I had misgivings the moment I first read about it.

I'm reluctant to let my computer be used by others (i. e., as a relay), for obvious reasons.

I've read that various governments and other organizations have placed Tor nodes, with the intent of intercepting and reading/tracking messages.
From the WP article you linked:

The United States government, for example, has the capability to monitor any broadband Internet traffic using devices mandated by the Communications Assistance For Law Enforcement Act (CALEA) and can therefore monitor both ends of a US-based Tor connection.

Use of it may attract the attention of persons and agencies, legitimate and illegitimate.

Some breaks have been reported in its anonymity and in the contents of the messages.

It is detectable by web sites, if they try. See RSnake's Master Reconaissance Tool (MR. T., although I hope he has copyright permission for the name and image ). Some sites may bar any postings from TOR users, fearing spam, avoiding being banned, etc.

I share your concern for privacy, especially if your ISP assigned you a non-changing IP. For non-sensitive use, this is not too big of a problem, since many single IPs are shared by a number of users. For privacy-sensitive usage, there are legitimate proxy services and other ways to obtain a different IP now and then, depending on your ISP's setup. You might also inquire to the ISP whether they can assign your IP through DHCP randomly at each logon from their pool of available addresses. (Note: For this to work, you need to power down the modem at night once in a while. )

[computerfreaker]

I had misgivings the moment I first read about it.

I'm reluctant to let my computer be used by others (i. e., as a relay), for obvious reasons.

I've read that various governments and other organizations have placed Tor nodes, with the intent of intercepting and reading/tracking messages.
From the WP article you linked:

The United States government, for example, has the capability to monitor any broadband Internet traffic using devices mandated by the Communications Assistance For Law Enforcement Act (CALEA) and can therefore monitor both ends of a US-based Tor connection.

Use of it may attract the attention of persons and agencies, legitimate and illegitimate.

Oh, great. I hadn't considered my Internet traffic to be broadband, but I suppose it could be... and the Tor relays are almost certainly broadband. I have nothing to hide, so I don't have anything to worry about, even if the whole US government pores over my browsing records, but the invasion of privacy is significant (at least in my eyes).

Some breaks have been reported in its anonymity and in the contents of the messages.

It is detectable by web sites, if they try. See RSnake's Master Reconaissance Tool (MR. T., although I hope he has copyright permission for the name and image ). Some sites may bar any postings from TOR users, fearing spam, avoiding being banned, etc.

It's detectable by Flash, Java, and JavaScript - NoScript ftw!
(FWIW, OperaTor handily defeated the MRT, since it has *all* JavaScript turned off - decloak.net went under too)

I share your concern for privacy, especially if your ISP assigned you a non-changing IP. For non-sensitive use, this is not too big of a problem, since many single IPs are shared by a number of users. For privacy-sensitive usage, there are legitimate proxy services and other ways to obtain a different IP now and then, depending on your ISP's setup. You might also inquire to the ISP whether they can assign your IP through DHCP randomly at each logon from their pool of available addresses. (Note: For this to work, you need to power down the modem at night once in a while. )

Sent you a PM about this.

Thanks for the quick & helpful reply!