[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] [Proposal] Obfuscating the Tor Browser Bundle initial download

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] [Proposal] Obfuscating the Tor Browser Bundle initial download
From: William Waites <wwaites@xxxxxxxxxxxxxxx>
Date: Mon, 09 May 2016 21:23:20 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 09 May 2016 17:49:35 -0400
In-reply-to: <865edd97-1e1f-49f5-b921-5de30439dfc4@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <865edd97-1e1f-49f5-b921-5de30439dfc4@xxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: mu4e 0.9.16; emacs 24.5.1

Blake Hadley <moosehadley@xxxxxxxxx> writes:
>
> The environment requires an HTTPS proxy to reach the World Web Web.
>
> Do HTTP proxies inherently create a situation similar to MITM?

Yes, that is exactly what they do. If your web browser isn't nagging you
all the time with "hey this certificate is untrusted" then a signing
certificate will have had to be installed in your computer. This lets
your employer decrypt all of your HTTPS traffic, inspect it, and
reencrypt it. Unless you understand exactly what is happening and what
to do about it, best to avoid using the Internet from there altogether.

-w

-- 
------------------------------------------------+------------------------
William Waites        <wwaites@xxxxxxxxxxxxxxx> : School of Informatics
Synthsys Centre for Mammalian Synthetic Biology : University of Edinburgh
------------------------------------------------+------------------------
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] [Proposal] Obfuscating the Tor Browser Bundle initial download
  - From: David Fifield

References:
- Re: [tor-dev] [Proposal] Obfuscating the Tor Browser Bundle initial download
  - From: Blake Hadley

Prev by Author: Re: [tor-dev] [proposal] Post-Quantum Secure Hybrid Handshake Based on NewHope
Next by Author: Re: [tor-dev] [proposal] Post-Quantum Secure Hybrid Handshake Based on NewHope
Previous by thread: Re: [tor-dev] [Proposal] Obfuscating the Tor Browser Bundle initial download
Next by thread: Re: [tor-dev] [Proposal] Obfuscating the Tor Browser Bundle initial download
Index(es):
- Author
- Thread