[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Hints and Tips for Whistleblowers - their comments on Tor and SSL - I don't understand.

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Hints and Tips for Whistleblowers - their comments on Tor and SSL - I don't understand.
From: Sebastian Hahn <mail@xxxxxxxxxxxxxxxxx>
Date: Wed, 27 Oct 2010 20:50:53 +0200
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Wed, 27 Oct 2010 14:51:00 -0400
In-reply-to: <4CC86D16.2000509@xxxxxxxxx>
References: <4CC86D16.2000509@xxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx


On Oct 27, 2010, at 8:19 PM, Matthew wrote:

Hello,
There is a “Hints and Tips for Whistleblowers Guide” available at http://ht4w.co.uk/.
The section on proxies includes Tor-related information which I failto understand:
"You may actually get more anonymity when using the Tor cloud by notusing the https:// version of a web page (if there is analternative, unencrypted version available), since all the Tortraffic is encrypted anyway between your PC and the final exit nodein the Tor cloud, which will probably not be physically in theUnited Kingdom."
---I have no idea what this means. I thought the whole point ofusing https:// was to prevent Tor exit nodes from snooping and / orpotentially injecting content.
"This applies especially to websites like the reasonably anonymouswhistleblowing website wikileaks.org (based in Sweden) , which offerboth http://, https:/and Tor Hidden Service methods of uploadingwhistleblower leak documents, but who tend to, mistakenly, insist onusing https:// encryption for when someone comments on their wikidiscussion pages. When (not if) the wikileaks.org servers, or a blogor a discussion forum like the activist news site Indymedia UK arephysically seized (this happened to IndyMedia UK at least 3 timesnow) , this may, in some circumstances, betray the real IP addressesof commentators with inside knowledge of a whistleblower leak i.e.suspects for a leak investigation."
-----How on earth can it be “mistaken” to insist on using https://encryption? Why would using https:// "betray the real IP addresses"


Hi,

Wow. This is really dangerous misinformation, and I'm wondering what
kind of person would give such intentionally harmful advice, marketing
it at whistleblowers. Tor explicitly recommends using https wherever
possible, whether you are using Tor or not. You're right to be
suspicious of their advice. Attacking wikileaks for forcing the use of
https is also just ridiculous.

Sebastian***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Follow-Ups:
- Re: Hints and Tips for Whistleblowers - their comments on Tor and SSL - I don't understand.
  - From: krishna e bera
- Re: Hints and Tips for Whistleblowers - their comments on Tor and SSL - I don't understand.
  - From: Kyle Williams

References:
- Hints and Tips for Whistleblowers - their comments on Tor and SSL - I don't understand.
  - From: Matthew

Prev by Author: Re: StrictNodes
Next by Author: Re: Hints and Tips for Whistleblowers - their comments on Tor and SSL - I don't understand.
Previous by thread: Re: Hints and Tips for Whistleblowers - their comments on Tor and SSL - I don't understand.
Next by thread: Re: Hints and Tips for Whistleblowers - their comments on Tor and SSL - I don't understand.
Index(es):
- Author
- Thread