[Trisquel-users] A few worries about Tor

gnuser at lavabit.com gnuser at lavabit.com
Thu Jul 18 21:49:55 CEST 2013


Tor being a honeypot is hard to be true (and even if it was, it would still  
be a good solution to use for some "small scale privacy attacks" anyway). As  
for the exit nodes, we should just assume that ALL of them are malicious  
(many are not, there are many good honest people running exit relays but  
still) and defend ourselves. Use https everywhere possible (tor browser uses  
an older version of https everywhere extension, some websites have https and  
it won't activate, if it's a website you know has https and Tor Browser  
didn't automaticaly redirected you, you can and should still make the change  
manually yourself), be careful not to mix public accounts with private ones,  
if you want to deal with sensitive accounts create a new session (in  
torbutton, not vidalia! vidalia won't clean your session cache, cookies etc),  
and basically use common sense. Also, there are many good hiddenservices that  
can be used, if possible use one of them instead of the surface.

I don't think we should fork the Tor project, if we do, not only will be  
(already small) team divided, it will also open doors for malicious features  
appearing and no one noticing. If someone wants to help improve Tor, he  
should help the core project, so that the entire community that runs services  
and projects based on Tor will benefit from them.


More information about the Trisquel-users mailing list