[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor and HTTPS



On Thu, Jul 03, 2008 at 03:37:26PM -0400, Ringo Kamens wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> While it's true that privoxy can't filter things when you're using
> HTTPS, IMHO it's much better to use encrypted connections in general,
> especially when you trust the host. If you have scripts disabled on your
> browser then privoxy isn't really all that needed.
> Comrade Ringo Kamens
> nobledark@xxxxxxxxxxxx wrote:
> > Hi,
> > 
> > Sorry if this sounds a bit stupid but looking for some 
> > clarification. I've read that using HTTPS over Tor actually reduces 
> > your security due to the bypass of your local proxy (Privoxy, etc) -
> >  is this the case for all usage or does it justs affect hidden 
> > services? For example, if I am accessing Hushmail via a Tor-enabled 
> > Firefox browser, is that traffic not protected by the anonymized 
> > circuit or otherwise less secure than a connection to a port 80 web 
> > site?
> > 
> > Thanks -nD
> > 

I'd also suggest seeing if your browser has an option to disable 
sending of the user agent header in HTTP requests. This is something
that privoxy can do, but may be difficult to tweak in some browsers.

-- 
Christopher Davis