So I did some research on tor and found that anyone can setup an exit node and monitor your traffic since your connection is unencrypted from the last tor relay to the requested site. So my question is how secure is tor with the tails (based on debian) live USB /cd? And how can I completely cover that exit node flaw of the tor network?
>>53699774
He can monitor the traffic but he doesn't know who the sender is.
Flaw?
You have a bizarre interpretation of flaw.
Just don't send unencrypted information, dipshit.
>>53699825
NO shit sherlock. But how? Https doesn't do shit
>>53699819
That's not true, one who an exit node or more can easily spy on people, like performing a man on middle attack but since the exit node is secure and hidden then he's invisible. If you do some googling you'll find an article about a guy that set up 5 exit nodes and snooped on a dozen of emails for the Indian government and much more
>>53699865
Says who? If the exit node uses SSLstrip you'd notice the missing lock icon.
If you're asking how you can circumvent exit nodes entirely, the answer is hidden services.
>>53699908
What he meant is the exit node doesn't know the IP of the sender.
If the Indian government sends unencrypted mails via TOR, they're pants on head retarded.
>>53699865
https doesn't do shit. It is far surpassed, the CERTS are scams and Tor was an NSA aborted '"FEATURE'"
>>53700027
Watch out guys, we have an expert here
>>53699865
>>53700027
OK, probably taking a troll bait here, but whatever. If you really thing that sending data over SSL as opposed to regualr unexncrypted http, go ahead and compare the two with any packet sniffer.
>>53699774
It's true that if you have an exit node you can monitor unencrypted traffic, however the tor browser warns the users when inputing data over an unencrypted connection. so it's not really a problem.
OP youre obviously retarded, but your isp is worse than tor even in your shitty theoretical scenario.
>>53700284
assuming he knows what a packet sniffer even is. its that thiing only nsa has right?
>>53699774
>how can I completely cover that exit node flaw of the tor network?
git gud. write a paper. present at conference.
or just keep shitposting on 4chan. that solved anything ever.
It's been proven that Tor is crackable but it's too expensive to crack every Tor connection and as far as we know no one spends time cracking it because it's easier to catch people through social engineering than cracking Tor
If you were a Colombian drug lord and an order came through a monitored exit node for 1 trillion tons of cocaine, then maybe a government agency would try to decrypt that connection. More likely is that they will just wait for a package the size of a trillion tons of cocaine to go through the post and follow it to it's delivery location.
It is possible to crack Tor connections but it is much more time and cost effective to just connect the dots in the clear web. That is how every one who used Tor criminally has been caught. If you're not breaking the law, then the chances that you are being monitored as so tiny that you should consider them nonexistent
>>53701894
your post
>>53701894
>It is possible to crack Tor connections but it is much more time and cost effective to just connect the dots in the clear web. That is how every one who used Tor criminally has been caught.
bzzzzzzzzt, but keep talking shit.
just released last week that tp2 owners and all the recent pedos were caught using the hacks you mention as being to0 cost ineffective.
in fact carnegie mellon proved you could find the identity of anyone for just a few thousand dollars.
so keep being dumb, you seem to be very good at it.
TOR is plenty secure. If you're sending unencrypted shit to clearnet via TOR, then you're an idiot.
It's all about your threat model. Are you an internationally wanted criminal? or are you just trying to circumvent oppressive firewalls? Both require different approaches.
