Re: Help me understand tor with SSL?

[Roger Dingledine <arma@xxxxxxx>]

On Sat, Dec 01, 2007 at 07:42:34PM -0800, Martin Fick wrote:
> So, why even bother suggesting privoxy use at all 
> if it can easily be bypassed?  Is this not just
> giving people a false sense of security?

Privoxy doesn't do that much to protect you. Doing something in the
browser, for example the development version of Torbutton (as shipped
in the 0.2.0.x bundles), is a safer bet.

In the future I'm hoping to swap Privoxy out and put Polipo in its
place. One day I'll get around to organizing my list of reasons for that.

The reason for continuing to use an http proxy at all, rather than just
going directly from Firefox to Tor as a socks proxy? Firefox doesn't deal
well if the socks handshake takes more than a trivial amount of time. In
particular, all other network operations block until the handshake
finishes. See e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=280661
particularly comment #3.

Hope that helps,
--Roger