Hello,
There is a “Hints
and Tips for Whistleblowers Guide” available at http://ht4w.co.uk/.
The section on
proxies includes Tor-related information which I fail to
understand:
"You may actually
get more anonymity when using the Tor cloud by not
using the https:// version of a web page (if there is an
alternative,
unencrypted version available), since all the Tor traffic is
encrypted anyway between your PC and the final exit node in the
Tor
cloud, which will probably not be physically in the United
Kingdom."
---I have no idea
what this means. I thought the whole point of using https:// was
to
prevent Tor exit nodes from snooping and / or potentially
injecting
content.
"This applies
especially to websites like the reasonably anonymous
whistleblowing
website wikileaks.org
(based in Sweden) , which offer both http://, https:/and Tor
Hidden
Service methods of uploading whistleblower leak documents, but
who
tend to, mistakenly, insist on using https:// encryption for
when
someone comments on their wiki discussion pages. When (not if)
the
wikileaks.org servers, or a blog or a discussion forum like the
activist news site Indymedia
UK are
physically seized (this happened to IndyMedia UK at least 3
times
now) , this may, in some circumstances, betray the real IP
addresses
of commentators with inside knowledge of a whistleblower leak
i.e.
suspects for a leak investigation."
-----How on earth can it
be “mistaken” to insist on using https:// encryption? Why would
using https:// "betray the real IP addresses"?