[tor-relays] Onion address or clearnet address
Luther Blissett
lblissett at paranoici.org
Thu Feb 6 17:08:19 UTC 2014
On Wed, 2014-02-05 at 12:56 +0800, Hang wrote:
> Some sites such as RiseUp and DuckDuckGo could be accessed via onion
> addresses. I would like to know which address (onion address vs clearnet
> address) should I use when using TBB. I believe both ways are more or
> less the same in terms of identity protection and communication security
> (provided that the clearnet addresses are using HTTPS). Perhaps the main
> difference is using the clearnet addresses adds burden to the exit
> relays, while using onion addresses only consumes bandwidth of middle
> relays which is relatives more in supply.
>
> Am I right? Do I overlook anything? Or it doesn't matter at all for
> either way?
No you are not. Yes you are and it does matter.
There are two main differences:
1. When you access the clearnet you need dns name resolving which need
to be "proxyfied" to avoid dns leaks. This issue is supposed to be
solved on decent OSes and with TBB, but it is difficult to guarantee
that other software/OS won't try to bypass you proxy settings, so it's a
permanent worry. When you connect to hidden services, name resolving is
done inside tor, never leaving out.
2. when connecting to clearnet, tor will only guarantee geolocation
privacy (or actually your wan IP gets hidden from the servers you are
connecting to), but the contents of your connection would be exposed if
the underlying protocol is not safe. When you connect to hidden
services, you connection will never hit the "clear" and will be
encrypted end to end, even if the underlying protocol is not safe.
3. Also, hidden services provide anonymity to both ends, though it's
said that hidden services are in need of love;
--
010
001
111
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140206/311fc220/attachment.sig>
More information about the tor-relays
mailing list