TorFaq on https for hidden services ( was: Hints and Tips for Whistleblowers )

startx startx at plentyfact.org
Thu Oct 28 09:10:52 UTC 2010


hello.

im starting this as  a new thread, as my question is only inspired by
the discussion above.

in the TorFaq
( https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ ) 
it says:

  "Why is it better to provide a hidden service Web site with HTTP
  rather than HTTPS access? 

  Put simply, HTTPS access puts the connecting client at higher risk,
  because it bypasses any first-stage filtering proxy.. "


the answer in the FAQ refers to privoxy. so i wonder now: is this
answer obsolete meanwhile? or is it still the general recommodation to
run hidden services without https? is the server (hidden service)
privacy threatened by using https too in any way?

the FAQ also says:

  "These objections all apply to HTTPS, TLS, SSH, and generally all
  cryptography over Tor, regardless of whether or not the destination
  is a hidden service"

which i think is causing some confusion.

startx

 
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list