[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Quick question about TOR and use of SSL



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

1.) No, using SSL over Tor doesn't "short circuit" its anonymization.
The result is end-to-end security AND anonymity.

2.) While some folks complain that SSL screws up filtering proxies (like
Privoxy) and may cause extra info to be leaked, I believe that all of
that should be taken care of in the browser - and on my setup, indeed it is.

Therefore in such a scenario, SSL is the best thing to use if you can
get it, since it prevents the exit node from sniffing your traffic - the
one big privacy hole left in Tor.

(That's also a common misconception - Tor doesn't magically provide
end-to-end encryption for the whole Net. Traffic can still be sniffed at
the exit and after the exit, unless SSL is being used.)

- --
F. Fox
AAS, CompTIA A+/Network+/Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSC4JC+j8TXmm2ggwAQjjJg//er0LTukGFwS1H5EpvBqUTNPYvqtfApa2
4oZgi7HPn9nNHEMXV6nT0MTXnAjH1AQQdxlQwC7cpcYrtSxEwCjGn90pG8wNQB4P
wKt0tE6rCOuTKoacuJiJoc7WCfb76L0U06dP1MLH9KDwFE5UFVuB0I1/hPX66tqR
WQPG35BpaWFdua4pKTSwdkPBY9kdsrXA0KP4Z9UQQZVYsoiTem6ev184oqtaJaXi
feKEtLuKp46zNlgMumikI/EZDTnfLStWXsP/fgnfKR3fx3bhfhnCHtMWvWWCp7+x
bvTT+xJHXii6vcnSR+U8duMY92q+jb/C1tAJqUxCcontEoHzN6i7Mo+zn9j5slb9
5/2OgrrJygBUsXjevPTd9frIdz18u8rQWSg2Vi0m09bstaDt3SsM/32xU+KFbIJx
myUAKmiBCA+Q0lMlCJAYV3Q6X8FNvs/RwogwhQolCtyzrxE3ZeMBTuJCAwXHc4py
5ko2LSZwk/E5wHwf0u7XZoo0kRC1ghe3QhY6YHBMBCL7sa+PR6VUSE28Dq/+3Q2a
chR5RO23PKQ9FZZH5BoO8NmllQg2Vk+Z9pWbLfD3MpMy8L8yDnlt744qNOKL8NGi
pa9k8JVrHji2z6BpEDEOR9j2jr6XHhR0iIZM6dbb35DX6HjQ//cROugzB/XPzJaM
OCQ7bd80cwQ=
=9a3P
-----END PGP SIGNATURE-----