[tor-bugs] #14097 [Website]: check.torproject.org is available over http
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Jan 3 23:36:20 UTC 2015
#14097: check.torproject.org is available over http
---------------------+---------------------------
Reporter: colons | Owner: Sebastian
Type: defect | Status: new
Priority: minor | Milestone:
Component: Website | Version:
Keywords: | Actual Points:
Parent ID: | Points:
---------------------+---------------------------
I think it should redirect to https, although I honestly can't immediately
think of anything useful you could achieve by MITMing it and lying to
someone south of you.
If someone is just typing 'check.torproject.org' behind someone who wants
to wrongly convince them that they are or are not using tor, it doesn't
really matter if the actual site is served over http or not; they can just
not serve the redirect that you do. If someone bookmarks it, though, they
start to be vulnerable.
Might be intentional, though; do you suspect there are be scripts that
don't support https hitting it?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14097>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list