[tor-bugs] #24922 [- Select a component]: Misleading Help
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jan 17 15:58:35 UTC 2018
#24922: Misleading Help
----------------------------------------------+-------------------------
Reporter: RogerMont | Owner: (none)
Type: defect | Status: closed
Priority: Medium | Milestone:
Component: - Select a component | Version:
Severity: Normal | Resolution: invalid
Keywords: HTTPS, Self-Signed Certificates | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------------------------+-------------------------
Comment (by RogerMont):
Hello NickM.
Onion Services (Hidden Services) are NOT end-to-end encrypted. Did you
read the description of the problem?
The exit node does the final decryption. If the onion service does not
provide HTTPS, thinking it is unneeded, the user and onion service
provider communication is completely visible to their respective exit
node.
I would change the text to be something like:
Onion services using HTTPS should be preferred because the final
communication between the user and the tor network is unencrypted.
Connecting with an onion service without HTTPS will eventually allow
others to discover your usernames, passwords, and any other sensitive
information. It is common for attackers to operate exit nodes to learn
your personal information.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24922#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list