WARNING: Tor is dangerous for the unwary

The short story is that Tor should be viewed as nothing more than an untrusted proxy server with the added feature that the proxy (theoretically) can not connect your ip to the traffic its handling.

This means that all the normal problems of untrusted proxy servers accompany the use of Tor. For instance, a malicious exit node can manipulate unencrypted traffic or steal sensitive data (read passwords). Compound this with the fact that many secure sites send secure data unsecurely, even google. The effect is that users may be better off not using Tor.

Of course, Tor is an anonymizing tool not a privacy tool, so this is to be expected. As Schneier points out, “the price you pay for anonymity is exposing your traffic to shady people”.

However, all is not lost! If there is end-to-end encryption to the website, no eavesdropping can occur. Many sites don’t have https versions of their site, so this isn’t always possible. Some sites that require a login perform that login over https, but then, after authentication, revert to http, allowing session cookies to be stolen and the account compromised. Using the ForceHTTPS firefox extension, one can enforce that a secure connection is always used after login.

Tangentially, an interesting idea I ran across was that since Tor exit nodes can manipulate unencrypted data however they wish, spammers could setup Tor exit nodes to crack captchas. What about manipulating the output of certain websites? All google search results now point to a link which exploits the browsers.

Tor introduces a man-in-the-middle injection point. What makes this worse than just using a direct connection, is that its easy to setup a Tor exit node. With a direct connection one of the routers along the way has to be accessible by an attacker. This is harder to obtain unless you obtain the assistance of the owner (ie not that hard for the government or telcoms themselves). Tor does allow a whitelist of exit nodes to be used, which should alleviate much of this concern (but do you really trust them?). You might setup your own Tor exit node and only use that one to be sure. But as a Tor operator you could be more highly scrutinized, possibly leading to a “cure worse than the illness” situation.

So if you’re going to use Tor for webbrowsing be very careful. Don’t sign in to sites without ForceHTTPS installed and protecting that site. Never, EVER accept improperly signed ssl certificates. Make sure you’re using the torbutton extension. And be generally conscious about what you’re doing over an insecure connection.


2 Responses to “WARNING: Tor is dangerous for the unwary”

  1. For quite sometime I have had a blog stalker on my WP site, I have statcounter set up and I was able to identify them because of this-this is someone I know IRL. I changed my blog’s address, user name and everything to be rid of the unwanted blog haunter-yet they somehow managed to find even my new blog. I confronted them and told them that I was aware of their activities on my site. All of the sudden I am now getting Tor Exit hits on my site on the regular; I am certain this is the same person attempting to hide their IP identity, and it shows that sometimes this person is on my site for hours, going through each and every post. I’m not very tech savvy, so should I be concerned that this person may be trying to hack into my account using the Tor proxy? What kind of damage can a person using these proxies do to the sites they visit while using them?
    Thanks for your time.

    • A very late reply, but in case this answer is useful to anyone in a similar situation. A person using a Tor proxy can’t do any more damage than what they could do without the proxy, just it will be hard to trace who it actually was. Also, if they were trying to hack into your wordpress account, I doubt they would need to be on your page to do it. If you want to control who can or can not see your posts, the only way I know is to make the post private and then give out the private link only to people whom you want to read it (and presumably they wouldn’t send the link to others). But to reiterate, the use of Tor proxies to access your blog isn’t a security threat in and of itself.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: