-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Thx a lot Luther for the detailed explanation. Best Hang Luther Blissett:
On Wed, 2014-02-05 at 12:56 +0800, Hang wrote:
Some sites such as RiseUp and DuckDuckGo could be accessed via onion addresses. I would like to know which address (onion address vs clearnet address) should I use when using TBB. I believe both ways are more or less the same in terms of identity protection and communication security (provided that the clearnet addresses are using HTTPS). Perhaps the main difference is using the clearnet addresses adds burden to the exit relays, while using onion addresses only consumes bandwidth of middle relays which is relatives more in supply.
Am I right? Do I overlook anything? Or it doesn't matter at all for either way?
No you are not. Yes you are and it does matter.
There are two main differences:
1. When you access the clearnet you need dns name resolving which need to be "proxyfied" to avoid dns leaks. This issue is supposed to be solved on decent OSes and with TBB, but it is difficult to guarantee that other software/OS won't try to bypass you proxy settings, so it's a permanent worry. When you connect to hidden services, name resolving is done inside tor, never leaving out.
2. when connecting to clearnet, tor will only guarantee geolocation privacy (or actually your wan IP gets hidden from the servers you are connecting to), but the contents of your connection would be exposed if the underlying protocol is not safe. When you connect to hidden services, you connection will never hit the "clear" and will be encrypted end to end, even if the underlying protocol is not safe.
3. Also, hidden services provide anonymity to both ends, though it's said that hidden services are in need of love;
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJS88bWAAoJEM1lEe8L667FbEcP/08qotW/r2yHyAsVnQ35B0HG ZAr3WQqI91RDTKSBoxnciF5MV1mH42zd9mx/YZhnK3pQqYeHmrSriEWJ5GU52tY7 6cWofgN1+jJgRktFNzdVolDvuBYrgdoifBcyudNmofUNseLZw18UfpKtNRvSXKkN CCV0iHXqJ5Dp3l0ZCSs7Hq1pSTMB9mA1EvOwotOfJdOfVyJP1Z3EmOfgpC3kb0qO mGkVyOGcg8uRn+yZM7bAHAp3InWmiPl8ocgrlKnFNCMPh113LMkHxLlyd9m7zmp5 1Sfcsan6uxWzbMwj//LU7GOf5wku5pXAfhPGjBZI7UdVnlmNxp9wN89hvPt+sZUO IE4RNzfkuS09AYxDhF8g1j+zv7LZ6fQ/9cTLc9/VTStJ8FalT/hZX6D2aoIPYh7g xENjG3db9qjPuTOrbZYP0vAuyfGnUzTaNAI4OiJG7MfQkVAdcddglOyH1Hc2C87Q O8lTpTZlldaqQk5h3rtWL+eu0DEnwq2+z9UGPY9Bs3i1PP2J6K74WAWTKqhH4dWx zt8T2+BTTDq2ZieyM1AHubmZ7b7b+TuWxsKEnxTEbtaqHWMyJ88XMuCpccxWSTI3 mN09iLWJSbp/7PeHocNgxqbxDNKL8RMY5Xc3FWRdvN7SyJGJo8z+huvNV9JYM3iv spERnCD59E/bmuHDY1F6 =kmnH -----END PGP SIGNATURE-----