<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#ffffff">
<meta http-equiv="CONTENT-TYPE" content="text/html;
charset=ISO-8859-1">
<title></title>
<meta name="GENERATOR" content="OpenOffice.org 3.2 (Linux)">
<style type="text/css">
        <!--
                @page { margin: 2cm }
                P { margin-bottom: 0.21cm }
                A:link { so-language: zxx }
        -->
        </style>
<p class="western"><font face="Arial, sans-serif">Hello, </font>
</p>
<p class="western"><font face="Arial, sans-serif">There is a “Hints
and Tips for Whistleblowers Guide” available at <a
href="http://ht4w.co.uk/">http://ht4w.co.uk/</a>.</font></p>
<p class="western"><font face="Arial, sans-serif">The section on
proxies includes Tor-related information which I fail to
understand:</font></p>
<p class="western"><br>
<font face="Arial, sans-serif">"You may actually
get more anonymity when using the Tor cloud by </font><strong><font
face="Arial, sans-serif">not</font></strong><font face="Arial,
sans-serif">
using the <a class="moz-txt-link-freetext" href="https://">https://</a> version of a web page (if there is an
alternative,
unencrypted version available), since all the Tor traffic is
encrypted anyway between your PC and the final exit node in the
Tor
cloud, which will probably not be physically in the United
Kingdom." </font>
</p>
<p class="western"><br>
<font face="Arial, sans-serif">---I have no idea
what this means. I thought the whole point of using <a class="moz-txt-link-freetext" href="https://">https://</a> was
to
prevent Tor exit nodes from snooping and / or potentially
injecting
content. <br>
</font></p>
<p class="western"><br>
<font face="Arial, sans-serif">"This applies
especially to websites like the reasonably anonymous
whistleblowing
website </font><font color="#000080"><span lang="zxx"><u><a
href="http://wikileaks.org/" target="_blank"><font
face="Arial, sans-serif">wikileaks.org</font></a></u></span></font><font
face="Arial, sans-serif">
(based in Sweden) , which offer both <a class="moz-txt-link-freetext" href="http://">http://</a>, <a class="moz-txt-link-freetext" href="https:/and">https:/and</a> Tor
Hidden
Service methods of uploading whistleblower leak documents, but
who
tend to, mistakenly, insist on using <a class="moz-txt-link-freetext" href="https://">https://</a> encryption for
when
someone comments on their wiki discussion pages. When (not if)
the
wikileaks.org servers, or a blog or a discussion forum like the
activist news site </font><font color="#000080"><span
lang="zxx"><u><a href="http://www.indymedia.org.uk/"
target="_blank"><font face="Arial, sans-serif">Indymedia
UK</font></a></u></span></font><font face="Arial,
sans-serif"> are
physically seized (this happened to IndyMedia UK at least 3
times
now) , this may, in some circumstances, betray the real IP
addresses
of commentators with inside knowledge of a whistleblower leak
i.e.
suspects for a leak investigation." </font>
</p>
<p class="western"><font face="Arial, sans-serif"><br>
-----How on earth can it
be “mistaken” to insist on using <a class="moz-txt-link-freetext" href="https://">https://</a> encryption? Why would
using <a class="moz-txt-link-freetext" href="https://">https://</a> "betray the real IP addresses"?<br>
</font></p>
<p class="western"> </p>
</body>
</html>