Tor and HTTPS
Christopher Davis
loafier at gmail.com
Thu Jul 3 22:29:43 UTC 2008
On Thu, Jul 03, 2008 at 03:37:26PM -0400, Ringo Kamens wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> While it's true that privoxy can't filter things when you're using
> HTTPS, IMHO it's much better to use encrypted connections in general,
> especially when you trust the host. If you have scripts disabled on your
> browser then privoxy isn't really all that needed.
> Comrade Ringo Kamens
> nobledark at hushmail.com wrote:
> > Hi,
> >
> > Sorry if this sounds a bit stupid but looking for some
> > clarification. I've read that using HTTPS over Tor actually reduces
> > your security due to the bypass of your local proxy (Privoxy, etc) -
> > is this the case for all usage or does it justs affect hidden
> > services? For example, if I am accessing Hushmail via a Tor-enabled
> > Firefox browser, is that traffic not protected by the anonymized
> > circuit or otherwise less secure than a connection to a port 80 web
> > site?
> >
> > Thanks -nD
> >
I'd also suggest seeing if your browser has an option to disable
sending of the user agent header in HTTP requests. This is something
that privoxy can do, but may be difficult to tweak in some browsers.
--
Christopher Davis
More information about the tor-talk
mailing list