On Wed, 2014-02-05 at 12:56 +0800, Hang wrote:
Some sites such as RiseUp and DuckDuckGo could be accessed via onion addresses. I would like to know which address (onion address vs clearnet address) should I use when using TBB. I believe both ways are more or less the same in terms of identity protection and communication security (provided that the clearnet addresses are using HTTPS). Perhaps the main difference is using the clearnet addresses adds burden to the exit relays, while using onion addresses only consumes bandwidth of middle relays which is relatives more in supply.
Am I right? Do I overlook anything? Or it doesn't matter at all for either way?
No you are not. Yes you are and it does matter.
There are two main differences:
1. When you access the clearnet you need dns name resolving which need to be "proxyfied" to avoid dns leaks. This issue is supposed to be solved on decent OSes and with TBB, but it is difficult to guarantee that other software/OS won't try to bypass you proxy settings, so it's a permanent worry. When you connect to hidden services, name resolving is done inside tor, never leaving out.
2. when connecting to clearnet, tor will only guarantee geolocation privacy (or actually your wan IP gets hidden from the servers you are connecting to), but the contents of your connection would be exposed if the underlying protocol is not safe. When you connect to hidden services, you connection will never hit the "clear" and will be encrypted end to end, even if the underlying protocol is not safe.
3. Also, hidden services provide anonymity to both ends, though it's said that hidden services are in need of love;