On 6/18/2010 3:06 AM, Matthew wrote:
Apologies in advance for the basic-ness of this question. I cannot
find the answer with Google or in the Tor documentation.
I believe the answer you're looking for is #4 here:
https://www.torproject.org/download.html.en#Warning
In these cases, how is the file downloaded? Does the download happen
through HTTP/S? If I am using Polipo and Tor then I assume the file is
downloaded as HTTP/S and goes through the Tor nodes like any "normal"
HTTP/S traffic.
This depends on where you're downloading from. Tor encrypts everything
between you, the clients in your circuit, and the exit node. However,
when traffic enters or leaves the exit node, it is *exactly* as if the
exit node were visiting that website for itself. So, if you are
downloading over standard HTTP, *nothing between the website and the
exit node will be encrypted*. This usually isn't a terrible problem
with downloads that don't contain any personal information that leads
back to you, as it would be extremely difficult to follow the
encrypted data over several hops through the network.
*However*, as the documentation says repeatedly, use HTTPS wherever
possible, *especially* when communicating sensitive information that
could lead back to you. This way, the traffic between the exit node
and website is encrypted, and doubly so between you and the exit node.
Much less will be gained by examining the traffic coming to/from the
exit. Hope that answers your questions.
(Side Note: the above does not pertain to .onion websites or other
hidden services, which are contained completely within the network.)
~Justin Aplin
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/