RE: Anonymize internet access

["Joshua Graham" <jgraham () anexix com>]

-----Original Message-----
From: Alexander Klimov [mailto:alserkli () inbox ru] 
Sent: Wednesday, September 28, 2005 7:11 AM
To: security-basics () securityfocus com
Subject: Re: Anonymize internet access

<snip>

* Should I snoop on the plaintext that exits through my Tor server?

No. You are technically capable of monitoring or logging plaintext
that exits your node if you modify the Tor source code or install
additional software to enable such snooping. However, Tor server
operators in the U.S. can create legal and possibly even criminal
liability for themselves under state or federal wiretap laws if they
affirmatively monitor, log, or disclose Tor users' communications,
while non-U.S. operators may be subject to similar laws. Do not
examine the contents of anyone's communications without first talking
to a lawyer.

 --
Regards,
ASK

</snip>

Hello,

Well this whole post got me interested in TOR so I went ahead and set it
up on my machine. Overall, I'm pretty impressed... the setup was simple,
and I was browsing "anonymously" in about 10 minutes. Too bad this last
statement is a little unnerving. For something that is created to help
with anonymity and privacy - having to worry about someone snooping on
my actions while using TOR is a little scary. Can someone please
elaborate on what exactly could be monitored or logged?

While we are at it Jeffrey mentioned a couple sites that helped check
your anonymity. One of those sites was:
http://www.stilllistener.com/checkpoint1/. One of the tests that they
had was a Java based test at:
http://www.stilllistener.com/checkpoint1/Java/. While running through
TOR in Firefox the page was still able to get my real IP address. I was
wondering if anyone could explain what happened and if there was anyway
around that. Thanks in advance.

Best Regards,
Josh