I was planning on writing about TOR sometime in the near future, but Bruce Schneier’s post spurred me on. Anyway, the onion router or TOR works by taking your Internet traffic, encrypting it, and forwarding it from one TOR router to another to another to another until it reaches the final TOR router, or exit node, where it decrypts the data and finally dumps it onto the Internet.

This means that posting to some odd website (or even the fact you visited that website) will be anonymous in the sense that the IP that the website sees will not be your true Internet IP address. And for that matter, anyone who sniffs your traffic will not see it either. However, this does not imply that you have privacy. Anything you send in cleartext like your gmail username and password will still be in cleartext when it gets dumped on the Internet. TOR doesn’t encrypt your traffic from the exit node to its destination.

You also have no guarantee that the TOR routers themselves will play fair. The exit node, since it sees everything right before it goes onto the Internet, can log every packet it sends. And apparently some do that very thing. How embarrasking…