[liberationtech] Securing internet traffic/communications with Tor
Jacob Appelbaum
jacob at appelbaum.net
Mon Apr 30 11:54:32 PDT 2012
On 04/30/2012 08:41 PM, Brian Conley wrote:
> Hi all,
>
> So it's recently come to my attention that there may be a few issues with
> Tor. I'm hoping someone more knowledgeable than me can explain why these
> issues exist(our don't exist, inshallah), and what methods(if any) can be
> used to mitigate them. I'm just going to cut and paste the commentary in
> full, since it's not me but questions from an individual:
>
Ok.
> TOR can be used. But there are two problems:
> 1. Skype routes around TOR
I'm sure this is a tired thing to say but I'd highly encourage the use
of Jitsi or something other than Skype. There are remotely exploitable
flaws in Skype that are not patched and those bugs are used by various
groups to compromise computers of activists. These bugs are probably not
even known to the Skype team. Hacking Team and FinFisher are the two
that I believe have these exploits ready to go - both are active in
Syria, for example. It would be nice to catch these exploits in the wild
but I'm not holding my breath.
With that said - I understand that you work with people that don't care
to stop using Skype. My suggestion is for them to download Tails and
then to install Skype on Tails:
https://tails.boum.org/
Why am I suggesting this? Because frankly, I can't think of another way
to mitigate the absolutely stupid use of Skype. It's just a nightmare on
so many levels - not the least of which is this latest disclosure:
http://skype-ip-finder.tk/
If you're not anonymized, even with Skype, you're in deep trouble if the
attacker merely knows your Skype login!
At least with Tails, Skype traffic should not leave the machine unless
you configure it to use Tor properly - likely by setting a proxy in the
configuration screen for Skype.
> 2. Using TOR will, if somebody at network central is monitoring, turnon
> klaxons. VPN is to common to do that, the network central office becomes to
> noisy so nobody can sleep on their desk. TORs biggest utility is for
> anonymous surfing. It is not too usable with real time traffic which skype
> generates....back to square 1 for live reporting
>
klaxons? What? Alarms?
All the best,
Jacob
More information about the liberationtech
mailing list