TOR was created by the government. It functions on a handful of entrance and exit nodes with a lot of bouncing around different nodes in between. If you control an exit node, you can see the traffic moving through it. Control enough exit nodes, and you have a good chance of intercepting something interesting.
There have been times in the past where the usual 4-5k nodes jumps by 10k+. If a single entity controls those 10k nodes, then they can now monitor 2/3 of the total traffic on the network, and it's not hard to do. You could do it with just a few high end servers. I could probably spend $3,000 and monitor 2/3 of the traffic for a month or two. It's not a secure network. Do not treat it as such. If you really must use it, use end to end encryption and a vpn as well.
You seem to think that controlling an exit node is the same as having a tap on the whole network, and you think most of the exit nodes are controlled. Neither of these are true.
Then you've misunderstood me. You can monitor traffic going through your specific exit node, one user's traffic. If you control more than one exit node, you can see more than one user's traffic. This assumes that the traffic is not encrypted. If you control 99% of all exit nodes, then you can see the traffic going to and from those exit nodes, again, assuming that the traffic is not encrypted. If you use end to end encryption, then the data is gibberish, but you can see where the traffic is heading from your exit node to wherever and then whatever is sent back to the user through your exit node.
Say, you use jewgle on tor without encryption, and you search for amputee midget porn. Anyone running the tor node can see that the user hidden behind the tor network is searching for amputee midget porn on google. If they encrypt the traffic, then whoever runs the node only sees that you are sending packets to google and receiving packets in response, but they can't read what those packets represent or where they are going.
Now let's say you log in to a service through tor, let's just say it's jewmail. Someone running a tor exit node can run a program that will sniff packets for usernames and passwords to popular services like paypal and in this case, jewmail. That person now has your jewmail username and password, and they're probably going to run a script that will attempt to log in to all of those other major services with that username and password. This isn't an uncommon practice for malicious users running tor exit nodes. I hope that was a little more clear.
view the rest of the comments →
metawizard ago
TOR was created by the government. It functions on a handful of entrance and exit nodes with a lot of bouncing around different nodes in between. If you control an exit node, you can see the traffic moving through it. Control enough exit nodes, and you have a good chance of intercepting something interesting.
There have been times in the past where the usual 4-5k nodes jumps by 10k+. If a single entity controls those 10k nodes, then they can now monitor 2/3 of the total traffic on the network, and it's not hard to do. You could do it with just a few high end servers. I could probably spend $3,000 and monitor 2/3 of the traffic for a month or two. It's not a secure network. Do not treat it as such. If you really must use it, use end to end encryption and a vpn as well.
HighLevelInsider ago
You seem to think that controlling an exit node is the same as having a tap on the whole network, and you think most of the exit nodes are controlled. Neither of these are true.
metawizard ago
Then you've misunderstood me. You can monitor traffic going through your specific exit node, one user's traffic. If you control more than one exit node, you can see more than one user's traffic. This assumes that the traffic is not encrypted. If you control 99% of all exit nodes, then you can see the traffic going to and from those exit nodes, again, assuming that the traffic is not encrypted. If you use end to end encryption, then the data is gibberish, but you can see where the traffic is heading from your exit node to wherever and then whatever is sent back to the user through your exit node.
Say, you use jewgle on tor without encryption, and you search for amputee midget porn. Anyone running the tor node can see that the user hidden behind the tor network is searching for amputee midget porn on google. If they encrypt the traffic, then whoever runs the node only sees that you are sending packets to google and receiving packets in response, but they can't read what those packets represent or where they are going.
Now let's say you log in to a service through tor, let's just say it's jewmail. Someone running a tor exit node can run a program that will sniff packets for usernames and passwords to popular services like paypal and in this case, jewmail. That person now has your jewmail username and password, and they're probably going to run a script that will attempt to log in to all of those other major services with that username and password. This isn't an uncommon practice for malicious users running tor exit nodes. I hope that was a little more clear.