Plaintext over Tor is still plaintext

by phobos | June 2, 2010

Recently, a few articles have been published regarding Tor, Wikileaks, and snooping data coming out of the Tor network. I write to remind our users, and people in search of privacy enhancing technology, that good software is just one part of the solution. Education is just as important. This is why there is a warning on the Tor download page about what Tor does and does not do. We also have a FAQ entry about this topic. Any plaintext communication over the Internet is open to intercept. This is true if the transport mechanism is email, http, tor, or carrier pigeons. Tor does not magically encrypt the Internet from end to end. Tor does wrap your traffic in encrypted layers as it transports it through the Tor network. See this diagram for a visual explanation.

Tor provides anonymity and privacy by hiding where your Internet traffic is going and where it came from, but users must protect the security of their traffic by using encryption. Once you exit the last relay, you are back on the open Internet. Some web email providers, banks, and other sites use encryption by default when you log in, something you can check by looking for "https://" at the beginning of a URL. For more information, check out Ethan Zuckerman's comments on this topic.

For reference, these articles are unclear and blur concepts about Tor and Wikileaks. An article about Julian Assange of Wikileaks in The New Yorker is the source of the confusion. Ryan Sholin deliberates on one paragraph from the New Yorker story. Ethan Zuckerman responded to Ryan's thoughts about Tor here. We thanked EthanZ for the accurate response in an dent. It seems Slashdot and Wired Threat Level have picked up on just that one statement in the article by the New Yorker.

We hear from the Wikileaks folks that the premise behind these news articles is actually false -- they didn't bootstrap Wikileaks by monitoring the Tor network. But that's not the point. The point is that users who want to be safe need to be encrypting their traffic, whether they're using Tor or not.


Please note that the comment area below has been archived.

June 02, 2010


Anyone who is transmitting private information in plain text via Tor or a open public WiFi is just asking for it. Am I wrong for assuming this as common sense between us electronics people?

This is also true for any Internet connection. Your ISP, local network provider, any hop in the path, etc can all intercept plaintext communications. Users need to learn to better assess risks and act accordingly. Encryption is cheap and easy, just not ubiquitous yet.

"Anyone who is transmitting private information in plain text via Tor or a open public WiFi is just asking for it"

You dont even know what you're talking about, eh? NOONE can read your data while is still is INSIDE the TOR-Network - ONLY the Exit-Node is able to read everything ... so if your exit-Node is trusted AND you dont leak data elsewhere you're pretty much unimpeachable. But thats the main problem : many people have big security-holes in their systems which even TOR is unable to close / bypass.
So all in all your statement is incorrect - only the latter people (with open public WiFis) are asking for it, TOR-users most certainly not

I made the assumption that yes, they were talking about exiting the Tor network on to the open Internet. Plaintext in Tor is encrypted. If you're going to a hidden service, your plaintext is safe as it's wrapped in layers of encryption in transit. If you're exiting the Tor network to an open IPv4/IPv6 Internet site, then you're on your own with plaintext.

"ONLY the Exit-Node is able to read everything ... so if your exit-Node is trusted AND you dont leak data elsewhere you're pretty much unimpeachable."

Ooh, almost there. The path between the exit node and the destination is unencrypted. There are still as many places to tap the line as there are hops.

June 02, 2010


In the age of supercomputing (I presume), does encryption even offer acceptable security for when an encrypted file is presumably to be run through a supercomputer trying to break the encryption?

Just a general question, I have no knowledge about that stuff, but I cannot help being sceptical.

No one tries to break the encryption anymore. Attackers focus on software flaws, the user, or other side-channel attacks. Instead of trying to decrypt a hard drive, just infect the machine with a keylogger and get the passphrase. There are also lots of snake oil solutions out there which promote their secret, proprietary encryption algorithms. These are generally the first to fall to brute force decryption. However, brute force decryption is time consuming and expensive. Side-channel attacks are cheaper and easier.

September 20, 2010

In reply to phobos


NSA collects and analyses nearly all traffic on the internet all over the world today and breaks most encryption used today on the internet. Whether that is because of there superior processing power, encryption flaws or a combination of those and other factors they probably won't tell any outsiders about.

A classical response/opinion, but actually not entirely true.

Like stated above, to encrypt is cheap today, strong and easy. AES, TwoFish, applications like GPG, TrueCrypt etc, makes the encryption per se so strong that "The Man" doesn't really bother with it. And since most of them are open source, you can check for the [lack of] back doors yourself.

So basically it is the "Quantum solution" vs the "Hammer on your head solution". []
It takes too much to break your encryption, so we use other means.

Why do you think you will hit the slammer for a couple of years in the UK if you are asked by the authorities to provide the passwords to your encrypted files and you refuse.
Hanlon's Razor, you know.

In some sense, no one is trying to break specific instances of encryption. People are trying to break RSA encryption by being able to factory Primary Numbers out of very large numbers faster. Once that has been accomplished all modern encryption will be worthless. Presumably if someone besides a math academic cracks this they won't tell the world though.


> being able to factory Primary Numbers

I know that people are also trying to find a way to factorize semiprimes (they're the product of two primes!!!!!) because they're used in the RSA encryption!!!! the RSA encryption isn't widely recommend anymore, because there is something of better available!!!!!!!!! it's also vulnerable to the Chinese remainder theorem, but i don't very know what's the real consequence of that (well, maybe, it's that you need big keys to have a good security!!!!!!!!!!!!)

I think that the RSA system is to avoid whenever it's possible!!!!!!!!! ElGamal, based on the very simple key exchange of diffie hellman is better!!! And there are also elliptic curve algorithms!!!! Yeah, everything is better than RSA!!!!!!!!!!!! but it don't think that the RSA is weak, atm!!!!!!!!! it's ok, but there is something of better!!!!!!!!

It would be nice, if TOR could replace the RSA!!!!!! Better safe, than sorry!!!!!!!!!!!!!!!!!!

Ha!!! With all this thinking about factors, guess what im thinking about?!!!!!!! it's my factor bee!!!! hahah!!!!!!!!! this is honey!!!


In the age of supercomputing breaking large keys would take longer than it will take the sun to burn out. As another responder said, social engineering and mistakes are how people attack encrypted data now. Freezing RAM that has the key decrypted inside it is a major attack vector. Hardware and software keyloggers work well in different scenarios.

If someone works out how to factor that other prime it's not the end of modern encryption, just public/private. Symmetric keys should still work fine as I understand.

"In the age of supercomputing"
What's that? Super computers nearly exist for as long as computers exist.

"breaking large keys would take longer than it will take the sun to burn out."
Wrong, but it takes very long even for big clusters - if you are using common sense and have chosen a secure password.

"Freezing RAM that has the key decrypted inside it is a major attack vector."
Depending on the situation, meaning it has to be frozen _very_ fast. If you are able to shut down your computer and if you are using something, like Liberté Linux you should be pretty secure.

"Hardware and software keyloggers work well in different scenarios."
Again, using a Live System, like Liberté Linux adds security. Against hardware keyloggers you can defend yourself using a secured case for your computer and a check, your hardware hasn't been modified. Maybe these ultra-flat rubber keyboards add an other layer of security or maybe a touch screen (be sure to clean it!).

"If someone works out how to factor that other prime it's not the end of modern encryption, just public/private."
Let's hope this never happens and make sure a lot of people research this, so it will be more likely we know about that, when it happens.

"Symmetric keys should still work fine as I understand."
Yeah, but they aren't always usable. If you want to be secure about cryptography, you should use OTPs, but they are even harder to use, but _very_ simple to implement.

I was replying to the above, who used the term "supercomputing". The context made it fairly clear he wasn't speaking about a Cray, he's speaking about the fact that my cell phone is more powerful than the full sized computer I built in university. So, the sentence should be more clear given that context.

Brute forcing a 4096 bit key would likely take far longer on today's equipment than it will take the sun to burn out. This is not actually an exaggeration (the sun should starting burning out in around 5 billion years - though this planet will fry in a mere 500 million).

You don't need to be very fast to freeze RAM, all you need is physical access while the computer is on. If you use whole disk encryption on your boot disk you likely have at least that key in memory the whole time your OS is booted. RAM freezing has been pulled off with very inexpensive, off the shelf equipment even by college students. Seriously, expect average law enforcement to have a kit for this very soon as well as updated procedures to not power down machines that they find. Sure, if you're in front of your computer when they kick your door down you can hit your power button. This is not how most folks use computers (they leave them on all the time, sometimes even overnight) and most folks only maintain one computer, not multiples for different tasks.

Yes, Live OS CDs can help with keyloggers, so can inspecting your machine. However, it's the very rare person who is this disciplined and uses their computer in such a fashion, only. Most folks want to watch lolcat videos and check facebook too, this is where all that security falls down.

Hoping that no one figures out how to factor the 2nd prime is not worth anyone's energy, the research is compelling (and should be done, as you said), but the method either exists or doesn't, we don't really invent math, just discover it. Regardless, we'll just move to something else and do the best we can if it does happen.

Symmetric keys work 100% of the time, it's their transmission that is a pain in the rump. OTPs are symmetric keys, in fact. Even your SSL session uses a temporary symmetric key that you share via public/private key exchange. Like I said, we'll cross that bridge when we get to it.

June 02, 2010



TOR works very well but only for what it's made for!!!!! Tor is also able to give end to end encryption, but only if it's used to connect with hidden services, within the tor-network!!!!

«Any plaintext communication over the Internet is open to intercept(tor TCP streams are encrypted and are part of the internet too!!! but they aren't open to intercept!!). This is true if the transport mechanism is email, http, tor(wth??!!!!!!!!!), or carrier pigeons»

Even this article at the tor blog is wrong!!!!!!!!!!!! lololol!!!!!!!!!!!!!!!!!!!!!!!!!!!! All tor-to-tor traffic is encrypted!!! and not just towards hidden services!!! The only problem exists when you're going from one tor node to one non-tor node!!!(the public Net!!).
If the endpoint of your connection is one hidden service, all plaintext communication going through Tor are very safe, because they're already encrypted!!!!! It doesn't even matter if it's a plain text SMTP, FTP or HTTP bit-stream!!!! It's okay to keep something in plaintext, as long as you're sending it to one hidden service!!!!!

Ah, yeah this is off topic, but I cannot read (and i don't want to read) that ryansholin website, because i'm sure everything written there has been written by a dumbass, as he's using bb and it's blocking people from accessing his blog!!!!!!!!!!!!!!!!!! not smart!!!!!!! i wrote one article about that very useless application only useful to break the HTTP standard at !!!!!!!!!! everybody read it and uninstall that useless application polluting the WWW!!!!!!!!!!!!!!!!

bye!!!!!!!!! ~bee!!!!!!!!!!!!


We're talking about people exiting the tor network on to the open internet. We at Tor are well aware of the encryption, even the layers of encryption, tor wraps around the user data as it travels through the tor circuits.

Hi phobos!!!!!!!!

Yeah, you're right!!!!!!!! im sorry!!!!!!!! I'm sure you and you at TOR know how TOR works!!! ~~ you made it!!!!!!!!!! lol!!!!!!!!!!!!
But this article; it seems to me a bit confusing!!! and «confusion is contagious»!!!!!!! yeah!!


June 02, 2010


WikiLeaks no longer use Tor, as far as the public are concerned.

Over six months ago, when the project shut down for lack of money, they used to offer a single Tor Hidden Service method of visiting their website and submitting "leaked" documents.


However since the supposed re-launch last month,and during the "time sensitive leaks only" publishing phase this year, they no longer bother to offer any Tor Hidden Services to the public.

WikiLeaks no longer even offer an SSL or TLS session encrypted web downloads for the "leaked" documents either.


only offers unencrypted

File | Torrent | Magnet

They do still, grudgingly, use their cloneable obsolete MD5 signed RapidSSL Digital Certificate as their allegedly "secure" document upload method.

WikiLeaks let their only authenticated public PGP public encryption key expire back in November 2007…

Many of us are sympathetic to stated aims of better investigative journalism and government and megacorps transparency etc., but they are becoming a textbook example of how not to run a "protect the whistleblowers" website in practice.

Would you trust with your life or career prospects, or those of your family and friends ?

June 02, 2010

In reply to phobos


Yet you speak on their behalf, without documenting your sources:

> We hear from the Wikileaks folks [...]

Do you mean to say that the Tor Project only wishes to act as Wikileaks' megaphone, rather than as a genuine interlocutor?

I wasn't aware this blog was about spreading Wikileaks' propaganda.

June 02, 2010

In reply to phobos


"You may have noticed that we aren't wikileaks"

However the mainstream media is mentioning the Tor project in the same breath as may or may not use standard or modified Tor software internally, in secret, but they certainly no longer use it on their public facing website, even though they still claim to do so.

"Perhaps you should take this up with Wikileaks, rather than our blog"

They have blocked new public comments on their "wiki" as well.

If you do have personal contacts with the WIkiLeaks people, then please ask them to either re-instate their public Tor Hidden Service or to stop falsely trading on the reputation of Tor, for their own "maximum political impact" purposes, because it is damaging the perception of the "Tor brand".

June 02, 2010


There is something wrong with my tor. Doesn't download encrypted pages. Do you know why?

June 04, 2010




I used CAPS LOCK for extra power. My tiger has got fu.

Learn the difference between encryption and authentication. Ssl certs blur these two concepts. A lock icon in your browser does not make you safe. Phobos is head of the curve by not trusting the certificate authority cartel, see Notice this blog is ENCRYPTED as well.

You are forewarned.

All the information transmitted from and to this blog is public, so I don't really understand why it is encrypted.

This is late, but I'll reply anyway.

All information to and from this website should be signed to protect against man in the middle attacks.

By also encrypting the data, outside sources cannot tell what pages are being accessed and what data is being transferred (for example, this comment is anonymous because of the encryption between tor and my PC).

March 21, 2011


When running a Tor Exit Node, my RealPlayer Downloader which runs in the background (similar to NetVideo Hunter Firefox plugin) captures FLV files of Arab porn sometimes. This definitely opens up the possibility of Tor nodes being run by hostile people.