Feds use key logger to thwart PGP, Hushmail in MDMA case

Just a little follow-up (I'm installing Tor now to have a play),
as that diagram above suggests, Tor encrypts everything except the traffic on the final hop. This obviously has to be the case since the website or whatever that you're trying to get to needs to receive the data normally. It's not end-to-end encryption. Everything could be sniffed/snooped/port mirrored as it leaves the final Tor hop onto towards the destination network. Bear in mind that the final hop changes all the time - the path chosen over the Tor network is randomised.
So, if the authorities wanted to monitor your traffic, they would snoop at Hushmail or Bluelights hosting provider.
Fourth, Tor anonymizes the origin of your traffic, and it encrypts everything inside the Tor network, but it can't encrypt your traffic between the Tor network and its final destination. If you are communicating sensitive information, you should use as much care as you would on the normal scary Internet — use SSL or other end-to-end encryption and authentication.
 
OK, I've installed it now.
The default configuration of the windows installer is that it installs Privoxy (listening on port 8118, loopback only) which is :
"Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, modifying web page data, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk."

Privoxy is then configured (by default) to forward everything to 127.0.0.1:9050, which is the local Tor client.

Tor then blasts it out encrypted over a random path on the Tor network.

By default, both Tor and Privoxy are configured only to listen on 127.0.0.1.

So although it is possible, with a customised configuration, to have somebody connect into your Tor client (you could call it a Tor router I suppose), using either encrypted or unencrypted proxy connections, it's not the done thing.
 
^^ You guys are way off topic here, if you want to discuss techical details of software, please create a thread in SO.
 
Top