What legit TOR traffic will a company ever use ?
Seriouosly I am curioous
I can't think of a single reason why a company would use it or support in for their customers.
Security researchers have discovered a botnet that uses the Tor anonymiser network to hide its command nodes. Owners of the compromised network of Windows PCs have placed their command-and-control server, which uses the common IRC protocol, as a hidden service inside of the Tor network. Aside from the use of Tor for extra …
Are companies are the only legitimate users of the internets?
I can think of a few legit uses, perhaps by posters outside China, Israel or similar.
I bet Bradley Manning could have used a bit of deniability too, although that depends on your definition of legit.
Yes, why would anyone want to use tor at all? They must have something to hide!
Like, oh, the discretion of their customers? No? Not good enough? Then what is?
I can think of plenty of busineses that legitimately want to keep their communication with their customers secret. Lawyers, for one. Plenty places that one's even enshrined in law. So in these times you'd want encrypted email and encrypted phones and that sort of thing. But that's not the whole picture.
Plenty times doing "traffic analysis" reveals enough information to make decrypting the actual messages a moot point. Traffic analysis? Yes, looking at patterns. Who talks to whom, or sends messages, or meets up, or whatever. So if confidentiality is legit at all, then so is hiding your traffic patterns, and tor helps exactly with that.
So any time a company has a legit interest in not revealing to third parties the contents of messages sent to or received from its customers, it should have a legit interest in tor, whether it does or not.
The single biggest issue with Tor is all of the idiots running nodes who given them host lookup names that identify them as Tor nodes. My company, for example, blocks any connections via the Tor network, which is easy to do most of the time because of all the Tor node morons who self-identify as Tor nodes (e.g. Host name: tor12.anonymizer.ccc.de, IP address 62.113.219.5). Gee whiz, might that be an anonymous proxy? And if the name isn't enough, they usually assigning the node an ISO 3166 Country Code of A1 (anonymous proxy).
Hey! Don't look at me! Nothing to see, move along...
There is no reason to call such people idiots, although it may be idiotic to waste the effort you do blocking Tor in such an ad hoc way since the Tor Project offers public lists to people who wish to block traffic from the network. See the Tor abuse FAQ under #Bans
Tor protects the anonymity of clients not relays (except bridges). So there is nothing idiotic in identifying via hostname or otherwise that a host is a Tor relay. The general Tor FAQ under #HideExits explains why the the network identity of exit relays are not hidden (partly so that people can choose whether they want to allow connections from the Tor network to their servers).
Tor nodes are not mean to be secret*. In fact I think you will find that the Tor Project publishes are convenient list of all exit nodes for anyone who wishes to block them. So you're only wasting your time looking at host names. But if doing it the hard and ineffective way makes you feel more 1337, go ahead.
*Except for bridge relays which are entry points only, and intended for people evading state censorship and such.
... those botnets would join the tor network as exit nodes. It'd be "giving back to the community" writ large. WIth resources you don't own, true, but that is pretty much the point of setting up a botnet in the first place.
No, I don't condone botnets, but if you're going to drag down whichever useful technology, you might as well be doing it with style.
Too many people are using Tor with the false belief that all information going through it (such as a cleartext password) remains completely encrypted to its destination, while in reality Tor only provides anonymity, not security. Because of this, running exit nodes is a great way to harvest passwords and other sensitive info from the unwary - the last thing we need is botnet exit nodes who do this on a massive scale.