[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

TorFaq on https for hidden services ( was: Hints and Tips for Whistleblowers )


im starting this as  a new thread, as my question is only inspired by
the discussion above.

in the TorFaq
( https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ ) 
it says:

  "Why is it better to provide a hidden service Web site with HTTP
  rather than HTTPS access? 

  Put simply, HTTPS access puts the connecting client at higher risk,
  because it bypasses any first-stage filtering proxy.. "

the answer in the FAQ refers to privoxy. so i wonder now: is this
answer obsolete meanwhile? or is it still the general recommodation to
run hidden services without https? is the server (hidden service)
privacy threatened by using https too in any way?

the FAQ also says:

  "These objections all apply to HTTPS, TLS, SSH, and generally all
  cryptography over Tor, regardless of whether or not the destination
  is a hidden service"

which i think is causing some confusion.


To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/