Tor hack proposed to catch criminals This article is a couple of months old now, but I have been thinking about it a lot. Basically, HD Moore has created a set of tools to scan the contents of traffic leaving a TOR exit node, and to inject active tracking code into the data returned to the user. While this is possible in any anonymity system, the fact that almost anyone can run a TOR node makes the question of trust much more tricky.
I have talked to Roger Dingledine (one of the creators of TOR) about this but we seem to talk past each other. As I understand it, Roger feels that a user needs to take additional action to protect himself from such threats, including blocking all active content. He would further argue that if you are going to an insecure site, then you are putting yourself at risk. TOR is about anonymity, not security.
While all this is true, it runs aground on the reefs of reality. I am reminded of a statement by Yogi Berra: "In theory there is no difference between theory and practice. In practice there is." People want active content. People want to go to insecure websites. People want privacy. People don't want to work for it.
At the end of the day, that is really the difference between the TOR philosophy and the Anonymizer philosophy. We think that users should not need to be security experts. We think they should not have to research the trustworthiness of a number different individuals or groups. We think that the privacy threats normal people actually face in the real world are a long way from the unlimited money and resource attacks imagined by academic security researchers. Security is a balance. We strive to be secure, fast, and user friendly. I think 11 years with out a single breach of a user's identity from using the service is good evidence that we are doing something right.