Hints and Tips for Whistleblowers - their comments on Tor and SSL - I don't understand.
Jan Weiher
jan at buksy.de
Wed Oct 27 18:49:55 UTC 2010
Hi,
I don't understand, too and in my opinion, this is utter nonsense. I'm
not aware of any negative impacts on privacy due to the usage of
https://, but without, there is the danger of eavesdropping at the exit
node.
best regards,
Jan
Am 27.10.2010 20:19, schrieb Matthew:
>
>
> Hello,
>
> There is a "Hints and Tips for Whistleblowers Guide" available at
> http://ht4w.co.uk/.
>
> The section on proxies includes Tor-related information which I fail to
> understand:
>
>
> "You may actually get more anonymity when using the Tor cloud by *not*
> using the https:// version of a web page (if there is an alternative,
> unencrypted version available), since all the Tor traffic is encrypted
> anyway between your PC and the final exit node in the Tor cloud, which
> will probably not be physically in the United Kingdom."
>
>
> ---I have no idea what this means. I thought the whole point of using
> https:// was to prevent Tor exit nodes from snooping and / or
> potentially injecting content.
>
>
> "This applies especially to websites like the reasonably anonymous
> whistleblowing website _wikileaks.org <http://wikileaks.org/>_ (based in
> Sweden) , which offer both http://, https:/and Tor Hidden Service
> methods of uploading whistleblower leak documents, but who tend to,
> mistakenly, insist on using https:// encryption for when someone
> comments on their wiki discussion pages. When (not if) the wikileaks.org
> servers, or a blog or a discussion forum like the activist news site
> _Indymedia UK <http://www.indymedia.org.uk/>_ are physically seized
> (this happened to IndyMedia UK at least 3 times now) , this may, in some
> circumstances, betray the real IP addresses of commentators with inside
> knowledge of a whistleblower leak i.e. suspects for a leak investigation."
>
>
> -----How on earth can it be "mistaken" to insist on using https://
> encryption? Why would using https:// "betray the real IP addresses"?
>
>
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list