http://tor.eff.org/

An anonymous Internet communication system

Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.

I used tor for a while, works great. Especially tor + privoxy + the tor firefox add-on.

My daughter asked me to pay her credit card bill via the internet the other day. I plugged my bank routing number, account number and pressed enter: the payment went though with absolutely no security at all. No verification, ID, anything. Imagine how easy it would be for someone to get your numbers off a check. They could clean your bank account out in a matter of minutes!!!!!

I'm shredding all my checks!

fos....

I have learned to really dislike tor. It's a great idea that fails miserably.

Tor's problem is abuse, and there is a lot of it!

For a while I was an ircop on a small but controversial IRC network and we took alot of abuse from anonymous idiots connecting through tor. Getting fed up with that we decided to k-line all known tor nodes and that took care of a lot of the abuse. But then another kind of abuse started... abuse from tor server admins! On e-mail and on irc they kept herrasing us calling us communists, enemies of privacy, etc demanding that we lift the ban. For some bizarre reason the meant that anyone should be able to connect to *our* network anonymously (none of our registered members were anonymous. That was a major point to us) and that we denied people a basic human right by banning tor nodes.

Tor does have it's place in this crazy world of ours, no doubt about it, but as usual it's the few rotten apples that ruins it all.

Tina

I think it kinda depends. It is not a great idea to use tor for IRC anyway, since all traffic is traversing nodes that you don't know unencrypted, and may contain private conversations. But there are situations when that matters less. E.g. if I use a search engine, I don't really care about having people read my search queries, but I do care about search engines making profiles based on my IP address. It can help tremendously there.

What about "The Freenet Project"?
http://freenet.sourceforge.net/

Looks like the same kind of services...

I think it kinda depends. It is not a great idea to use tor for IRC anyway, since all traffic is traversing nodes that you don't know unencrypted, and may contain private conversations. But there are situations when that matters less. E.g. if I use a search engine, I don't really care about having people read my search queries, but I do care about search engines making profiles based on my IP address. It can help tremendously there.Do you mean that datas are sent unencrypted through Tor? Like passwords and personnal datas? As Tor would only hide the origin of the datas but not the datas temselves? What about sending mail with Tor enabled in Thunderbird?

Sorry, my bad. Traffic between nodes is actually encrypted. But, the last node that sends the data to the destination side decrypts the "tor stream". And you don't know the last node, so the argument applies almost equally. So, at any rate, if you use tor it is important to encrypt critical data (e.g. through HTTPS, IMAP over SSL, etc.).

Sorry, my bad. Traffic between nodes is actually encrypted. But, the last node that sends the data to the destination side decrypts the "tor stream". And you don't know the last node, so the argument applies almost equally. So, at any rate, if you use tor it is important to encrypt critical data (e.g. through HTTPS, IMAP over SSL, etc.).
So I do not need to disable it when I do online banking (https) or if I go to a site where I need to enter a password?

With the current state of affairs, someone who intercepts packets at an end node will need thousands of years of computing time (actually, a bit more) to crack packets brute-force. Of course, this reality may change within a few years, with new insights in cryptoanalysis or quantum computing. At any rate, it probably doesn't pose much of a danger.

On the other hand, it doesn't really help much either. Your bank knows who you are through the authentication, so it does not make much sense to use tor there. As far as passwords are concerned: if the session is https-encrypted, you are safe. Otherwise, someone may sniff them from your traffic. But sending passwords for important stuff in plain-text is never a good idea ;).

Thanks for your replies, Daniel. I am just trying to figure out if I need to switch it ON and OFF because I may, as you know, forget to at times. If that is the case, I'll leave it OFF because I care much about the datas like passwords than "if someone knows where I've been"... I am not a politician so it shouldn't cause me much trouble beside "targetted adds" from Google. :)