Circumvention and Anonymity
We've always argued that safe circumvention requires anonymity, even from the circumvention service itself. There are many people wanting to record your Internet traffic and browsing patterns; from governments to commercial advertising networks. There are many ways to defeat the threat of traffic analysis; from simple proxy providers, virtual private networks, and distributed peer to peer solutions. Only some of these offer anonymity along with circumvention. Tor's open design and anonymity properties provide protections for the user from those watching the traffic and from us as an organization.
Our architecture and design don't force the user to assume trust in us. Our code is accessible and licensed under an open license. Our specifications are clearly detailed and published. Our packages follow a defined build process so the user can create the same binaries we do. Independent researchers can and do test the properties Tor provides [and help us to improve]. Moreover, The Tor software runs on a distributed network, where a single operator cannot capture or be forced to capture all users' traffic information, even under legal or coercive threat.
All of these should allow the user to trust The Tor Project as a not-for-profit company and to trust that Tor isn't surreptitiously watching the very information you're trying to protect and isn't gathering information we could be forced to disclose.
We're always willing to work with other organizations who understand that anonymity provides stronger circumvention protections than the alternatives.
Popular Chinese Circumvention Tools Sell User Data
http://blogs.law.harvard.edu/hroberts/2009/01/09/popular-chinese-filteri...
"Three of the circumvention tools — DynaWeb FreeGate, GPass, and FirePhoenix — used most widely to get around China’s Great Firewall are tracking and selling the individual web browsing histories of their users."
Even if they're not selling, and only tracking, that still seems to be a problematic
design. It would be great to have some details on exactly what they track, where
they track it, how they make sure to keep it safe, etc.
Why do we not need to trust
Why do we not need to trust you? If you want to use tor (not theoretically with an own net, but in a way that enables me NOW to surf anonymous), i have to trust the keys of your directory server. If you give your keys out, somebody can fake the server and publish only malicious tor-nodes. if done properly nobody will suspect.
Re: Why do we not need to trust
That's why the directory design is distributed. There are currently
six directory authorities, and a majority of them (four) need to agree
about what nodes are in the network before your Tor client believes
it. Specifically, the six are run by me (moria1), a cypherpunk in
Amsterdam (dizum), the German CCC (dannenberg), our Debian packager
who lives in Austria (tor26), a Tor developer in Germany (gabelmoo), and a
Tor developer in San Francisco (ides).
You do have to trust this group as a whole not to work together to try
to trick you, but I think that's a better situation than having a central
place that could trick you but promises not to.
Another big aspect of trust that we feel is important is transparency. We
try to tell you all the details of how Tor works, and be up-front about
pros and cons. You can read more about the v3 directory protocol here:
https://svn.torproject.org/svn/tor/trunk/doc/spec/dir-spec.txt
and a more general explanation of Tor's various layers of keys here:
https://www.torproject.org/faq#KeyManagement
Can't get a fully encrypted connection to gmail
Hi,
every time I go to https://mail.google.com via TOR, Firefox warns me that the connection is not fully encrypted and contains unencrypted info.
Tried several exit nodes.
What's up with that?
gmail option
there's an option in gmail to force all connections over ssl. if you haven't enabled this option, perhaps that's why. Another option is to start the Tamper Data plugin and see what is going plaintext to gmail.
I know with the option in gmail set to all ssl, firefox doesn't warn about mixed content.
Thanks!
Article was very useful and cognitive!
Prudish Software
http://grooming-spaniel.blogspot.com/
Privacy in Internet is very important. Not only advertising networks but also hackers want get access to your data. In last time this problem is growing
Dan, Cocker Spaniel Grooming expert.
https://blog.torproject.org/blog/circumvention-and-anonymity
Thank you, you answered the question I have been searching for which was whether or not to place keywords when blog commenting. mirc . chat . http://www.hayda.net/
http://blog.torproject.org/blog/circumvention-and-anonymity
Thank you, you answered the question I have been searching for which was whether or not to place keywords when blog commenting. mirc . chat . http://www.hayda.net/
Privacy in Internet is very
Privacy in Internet is very important. Not only advertising networks but also hackers want get access to your data. In last time this problem is growing
auto insurance
Interesting
I'm also interesting in privacy. Thank you, you answered the question I have been searching.
Gregory A., author of Custom Metatrader indicators and Forex Metatrader4 blogs.
Post new comment