or at inbox.org
Sun May 21 23:29:54 UTC 2006
On 5/21/06, Fabian Keil <freebsd-listen at fabiankeil.de> wrote:
> Anothony Georgeo <anogeorgeo at yahoo.com> wrote:
> > I think it is wise to note that Privoxy can not filter
> > HTTPS. Most non-tech end-users do not know this. I
> > do not block HTTPS connections as I think it is
> > easiser to simply not visit an HTTPS url.
> How do you convince your browser not to fetch
> additional images and style sheet through HTTPS?
> Not actively visiting untrusted HTTPS sites doesn't
> stop anyone from spicing up his pages with HTTPS
> content to get more information about his visitors.
I thought a browser was supposed to warn you of this "mixed content"
situation (an http site with https images, for instance), but checking
Firefox apparently it doesn't!
Anyway, it seems like the only proper solution here is to not use
privoxy at all, this way https and http both present exactly the same
header information. But this of course means taking all the
identifying information out of your browser - easier said than done.
More information about the tor-talk