[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Help me understand tor with SSL?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Help me understand tor with SSL?
From: Martin Fick <mogulguy@xxxxxxxxx>
Date: Sat, 1 Dec 2007 19:42:34 -0800 (PST)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sat, 01 Dec 2007 22:42:42 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=LpOaNGNS5dUBTnrfqByqjb3jOokLlk+EwN8o4eVhmYRhVsmy+2DYLCppQfa9ss0V4K72b6B8GwvhHP8ebSboNXq74oARB3zNEvZzvT67C/cDIuI8I9iU6t32PQyLXK4se3EMdGH8HFT6CJ7jdyMPoTwRysnIMg0Gjk10ufbZx04=;
In-reply-to: <52836a540712011932h1a285d44i8accb545dda0dd37@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

--- Kasimir Gabert <kasimir.g@xxxxxxxxx> wrote:

> On Dec 1, 2007 8:23 PM, Martin Fick
<mogulguy@xxxxxxxxx> wrote:
> > Hi,
> >
> > After reading the docs I am very confused 
> > about how tor/privoxy deals with https(SSL)
> > connections.  It sounds like if I use SSL 
> > that I will be basically bypassing privoxy 
> > and therefor could leak personal info?  So 
> > what is the alternative if I want to access
> > a web site that requires https for logging in
> > anonymously?
> >
> > Also, what prevents tor users form being
> > susceptible to simple attacks where an 
> > html page embeds an image that has an 
> > https url as its source effectively
> > bypassing any privacy?
> >
> > -Martin
> 
> Hello Martin,
> 
> What Privoxy will be unable to do is modify the
> contents of HTTPS packets.  The packets will still 
> be sent anonymously, so HTTPS communications 
> can be anonymous (and are preferred because 
> exit nodes can not steal information), just the ads 
> and scripts will not be filtered from them through 
> Privoxy.  This filtering should still occur at some 
> level from your browse (Noscript, Ad blocking 
> extensions, etc).

So, why even bother suggesting privoxy use at all 
if it can easily be bypassed?  Is this not just
giving people a false sense of security?

Thanks,

-Martin



      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

Follow-Ups:
- Re: Help me understand tor with SSL?
  - From: Roger Dingledine

References:
- Re: Help me understand tor with SSL?
  - From: Kasimir Gabert

Prev by Author: Help me understand tor with SSL?
Next by Author: Re: Help me understand tor with SSL?
Previous by thread: Re: Help me understand tor with SSL?
Next by thread: Re: Help me understand tor with SSL?
Index(es):
- Author
- Thread