Only problem is that TOR can be compromised by operating a hostile exit node. This involves running a packet sniffer on a exit node and analyzing the traffic.
What do you mean with compromised? A Tor exit node can sniff the traffic. So what? Unless you are signing in on a site, that doesn't matter. There is no MITM attack against your anonymity, provided you use Torbutton to block known Javascript/plugin exploits.
Don't use Tor to sign in you bank account or your email account. Reading news or Wikileaks through Tor? No problem. All what the exit node sniffer will see is an anonymous user reading news websites.
It depends on which attack was meant - there are two that come to mind. It annoys me that you're assuring security without being familiar with the systems, and that the legitimate concern expressed above and this response is now at the bottom due to downvoting of the former.
The first attack is simple packet sniffing for passwords and data. A few of these have been covered by the media[1]. This is considered a compromise of the system because ignorance of complicated security procedure should be expected and countered, but is not by default (as is attempted in, for example, I2P/Syndie). See sslstrip[2] for your MITM attack against anonymity, which does a great job of compromising even the security-aware. As for using a bank account or email, I would feel perfectly safe using both over Tor, as long as I entered the https: myself (my webmail is set to always use https). In fact, I would feel less safe using news websites, since my activity with these could be used to identify me as the same user over a number of exit nodes.
The second is the timing attack. Tor is low-latency and not a mix[3], so packet size & timing data can be correlated to determine whether two hostile nodes are on the same tunnel. You-H-N-H-Dest, where H are hostile nodes and N a neutral node. The one beside You is a guard node, and can determine its status as such by observing how often you connect to it (your node connects to only a small group of guard nodes). The second H is the exit node, and knows what the Destination is. A simple timing attack plus the mutual connection to N links your ip to the destination. There are 1800 tor nodes[4], I'll let you do the math on how long it would take an adversary with a very modest budget (or 20 zombies) to land two hostile nodes in this configuration. It's not very long, given that your 3 outbound tunnels reconstruct every 10 minutes.
As is common with security, you've gotten just about everything wrong. (No doubt I've made similar blunders in this short message.) Luckily, though, nobody actually cares about what people do on Tor - or perhaps they think that collecting data is more worthwhile than exposing vulnerabilities. Please take the time to learn more before commenting on (or using) these systems.
As for using a bank account or email, I would feel perfectly safe using both over Tor, as long as I entered the https: myself
DNS lookups are made through Tor. This means that a compromised exit node could phish your email or bank account. Unless you do the DNS lookups yourself off-Tor, of course, but then you won't be anonymous.
I would feel less safe using news websites, since my activity with these could be used to identify me as the same user over a number of exit nodes.
How? Torbutton doesn't use your non-Tor browsing cookies. And you can block cookies altogether anyway.
The second is the timing attack. Tor is low-latency and not a mix[3], so packet size & timing data can be correlated to determine whether two hostile nodes are on the same tunnel. You-H-N-H-Dest, where H are hostile nodes and N a neutral node. The one beside You is a guard node, and can determine its status as such by observing how often you connect to it (your node connects to only a small group of guard nodes). The second H is the exit node, and knows what the Destination is. A simple timing attack plus the mutual connection to N links your ip to the destination. There are 1800 tor nodes[4], I'll let you do the math on how long it would take an adversary with a very modest budget (or 20 zombies) to land two hostile nodes in this configuration. It's not very long, given that your 3 outbound tunnels reconstruct every 10 minutes.
You're right on this. I knew about timing attacks, but I didn't know they were so easy. I though you needed a big infrastructure like Echelon.
I think a solution for Iranians would be using I2P or Freenet, or even Tor if it's just with .onion websites, because then the traffic never leaves the darknet and therefore it's more resistant to a timing attack (You might need something like Echelon for a timing attack in this case). The problem is they wouldn't be able to use Twitter, Google or any other Internet sites.
The way Tor uses TLS/SSL is unique enough that it seems very possible to automatically classify Tor traffic.
I don't think this is really happening in Iran, but nobody knows for sure. My comment was misleading and what I really meant to say is that there is some evidence that encrypted protocols which can be used for tunneling traffic such as SSL and SSH are being automatically detected. Rather than blocking the connections completely, they are traffic shaping them to make them very slow.
Since the Tor link protocol is basically just SSL it will also be affected by any policy applied to all SSL connections.
No, and I'm not sure about it. The way that Tor uses certificates does not seem to be very well documented or I would have a stronger theory about how it could be done without causing an unacceptable level of false positives on regular SSL traffic.
