[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] How secure is check.torproject.org?
Moritz Bartl:
> On 11/22/2013 05:49 PM, Ed Fletcher wrote:
>> This is something that I have also wondered about. Why go outside
>> of the Tor network to check that you're using Tor?
>
> A hidden service adds extra hops to hide the (location of the)
> service. There's some movement towards allowing services within the
> Tor network to be just that, not hidden, removing the additional
> hops. I don't use hidden services much, but they definitely are less
> reliable than "regular" Tor use, and using hidden services adds
> extra/unnecessary load to the network.
The advantage that I see is that is there is no way to directly access
a .onion site without using Tor, so it is a clear indicator that Tor is
in use, visible to the user.
> If I remember correctly the certificate for check.torproject.org is
> pinned in TBB, so using a hidden service instead does not add any
> security benefits.
If you have more information about this then I would love to see it. I
didn't realise pinning was implemented in FF, other than by removing all
CA certificates and adding server certificates individually.
--
kat
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk