Help me understand tor with SSL?

Martin Fick mogulguy at yahoo.com
Sun Dec 2 03:42:34 UTC 2007


--- Kasimir Gabert <kasimir.g at gmail.com> wrote:

> On Dec 1, 2007 8:23 PM, Martin Fick
<mogulguy at yahoo.com> wrote:
> > Hi,
> >
> > After reading the docs I am very confused 
> > about how tor/privoxy deals with https(SSL)
> > connections.  It sounds like if I use SSL 
> > that I will be basically bypassing privoxy 
> > and therefor could leak personal info?  So 
> > what is the alternative if I want to access
> > a web site that requires https for logging in
> > anonymously?
> >
> > Also, what prevents tor users form being
> > susceptible to simple attacks where an 
> > html page embeds an image that has an 
> > https url as its source effectively
> > bypassing any privacy?
> >
> > -Martin
> 
> Hello Martin,
> 
> What Privoxy will be unable to do is modify the
> contents of HTTPS packets.  The packets will still 
> be sent anonymously, so HTTPS communications 
> can be anonymous (and are preferred because 
> exit nodes can not steal information), just the ads 
> and scripts will not be filtered from them through 
> Privoxy.  This filtering should still occur at some 
> level from your browse (Noscript, Ad blocking 
> extensions, etc).

So, why even bother suggesting privoxy use at all 
if it can easily be bypassed?  Is this not just
giving people a false sense of security?

Thanks,

-Martin



      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs



More information about the tor-talk mailing list