Hints and Tips for Whistleblowers - their comments on Tor and SSL - I don't understand.

Matthew pumpkin at cotse.net
Wed Oct 27 18:19:02 UTC 2010



Hello,

There is a "Hints and Tips for Whistleblowers Guide" available at 
http://ht4w.co.uk/.

The section on proxies includes Tor-related information which I fail to 
understand:


"You may actually get more anonymity when using the Tor cloud by *not* 
using the https:// version of a web page (if there is an alternative, 
unencrypted version available), since all the Tor traffic is encrypted 
anyway between your PC and the final exit node in the Tor cloud, which will 
probably not be physically in the United Kingdom."


---I have no idea what this means. I thought the whole point of using 
https:// was to prevent Tor exit nodes from snooping and / or potentially 
injecting content.


"This applies especially to websites like the reasonably anonymous 
whistleblowing website _wikileaks.org <http://wikileaks.org/>_ (based in 
Sweden) , which offer both http://, https:/and Tor Hidden Service methods 
of uploading whistleblower leak documents, but who tend to, mistakenly, 
insist on using https:// encryption for when someone comments on their wiki 
discussion pages. When (not if) the wikileaks.org servers, or a blog or a 
discussion forum like the activist news site _Indymedia UK 
<http://www.indymedia.org.uk/>_ are physically seized (this happened to 
IndyMedia UK at least 3 times now) , this may, in some circumstances, 
betray the real IP addresses of commentators with inside knowledge of a 
whistleblower leak i.e. suspects for a leak investigation."


-----How on earth can it be "mistaken" to insist on using https:// 
encryption?  Why would using https:// "betray the real IP addresses"?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20101027/0503d5d4/attachment.htm>


More information about the tor-talk mailing list