[tor-talk] Tor and HTTPS graphic
Mike Perry
mikeperry at torproject.org
Wed Mar 7 21:17:40 UTC 2012
Thus spake Seth David Schoen (schoen at eff.org):
> Eva Galperin and I worked on this graphic (drawn by Hugh D'Andrade)
> that tries to show the difference between the threats Tor addresses
> and the threats HTTPS addresses.
>
> https://www.eff.org/deeplinks/2012/03/https-and-tor-working-together-protect-your-privacy-and-security-online
>
> The complete interactive version is at
>
> https://www.eff.org/pages/tor-and-https
This is a really awesome graphic and instructional tool. I just wanted
to point out a couple things that may or may not actually matter:
1. Technically, the NSA, site.com, site.com's ISP, and the subpoena
trifecta all see that you're using Tor to connect to site.com. We don't
try to hide this fact, but new users are often surprised and frustrated
by it. Perhaps "Tor" should be added to their infoboxes?
2. In a slightly more detailed version of the graphic that we might want
to create for training purposes, we could also add a "Bridge" button and
an "Obfsproxy" button. The "Bridge" button would change "Tor" to "Tor?"
at the Hacker and user's ISP and maybe the NSA. The "Obfsproxy" button
would remove "Tor" from those points (due to protocol obfuscation).
3. I agree with the Raccoon that the NSA's data sharing link is most
accurately described as "Uncertain". Maybe the fact that there's two of
them with separate info already conveys that? Hard to say.
--
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20120307/f43f2bad/attachment.pgp>
More information about the tor-talk
mailing list