TOR!

In a somewhat scary 4-page article ( http://www.theage.com.au/news/security/the-hack-of-the-year/2007/11/12/1194766589522.html) the author describes how easy, VERY EASY, it is to monitor sensitive, so-called anonymous electronic conversations that were previously thought to be on secure ground - traveling over the "TOR" network.

The use of TOR(http://www.torproject.org), an open source project, helps mask the origins of a user that wants to surf or send/receive data anonymously. However, the most obvious vulnerability of this software, that the endpoint (exit node) of the traffic can be monitored and plaintext, unencrypted data can be easily captured - was/is not very well understood by users.

The only solution is to use SSL (HTTPS) or end-end authentication and encryption (use GPG etc).

Who uses TOR? Lots of people: (apparently) the intelligence community, human rights activists in nations with a less-than-impressive human rights credentials, embassy employees, those that hold sensitive jobs, and, of course, people that want to see (ahem!) objectionable content while hiding behind mangled ones and zeroes.

Further, more than half the people that use it have is misconfigured, which can lead to some undesirable results. In any case, the point is that any software is only as good as its end-user understanding of it.

It's not the fault of the software that users/promoters allegedly overestimated its value (esp in terms of anonymity) - as the article says.I looked at TOR out of curiosity back in 2004/5, and found it incredibly slow, so I lost interest. But I do remember thinking this could be a pretty interesting tool for those that want the claws of the Web away from their private data.

Be safe!