On Thu, Jan 26, 2012 at 11:11 AM, Lorenzo Bandieri <lorenzo.bandi...@gmail.com> wrote: > Maybe slightly OT, but what do gentoo-users think about Tor?
As an anonymising proxy, in my opinion, I consider it to be the most hostile network one could ever use. I would only use Tor from within a virtual machine that contains no other data. Ensure you are not passing logins, cookies, credit card numbers, anything useful to "bad guys" is of utmost importance. I would encrypt everything prior to sending, if possible. Validate SSL fingerprints first off-network to avoid MITM attacks. If you're looking at it from the standpoint of hidden services, with good end-to-end security maybe it would be a little safer than using it to browse the open internet... I think something like Freenet, in concept, would be even more secure since it is decentralized, does not touch the open WWW at all, and nobody has to host content on a server, but in practice the bandwidth requirements are insane, and the moral ambiguity of hosting content that is not yours and could be objectionable. The terabytes of UDP traffic every month will probably draw unwanted attention to you, too... Of course, people where the government is more of a threat than Tor hackers/poisonous nodes might be willing to live with those risks. BTW, on my servers, I receive a lot of exploit attempts from Tor exit nodes. This could also give plausible deniability to black hats: "Oh, I didn't do this illegal stuff, I was running as a Tor exit node, it could have been anyone!"
