[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Tor and HTTPS
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Tor and HTTPS
- From: Christopher Davis <loafier@xxxxxxxxx>
- Date: Thu, 3 Jul 2008 15:29:43 -0700
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Thu, 03 Jul 2008 18:30:25 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:references:mime-version:content-type:content-disposition :in-reply-to:user-agent; bh=bp8jTiiUPTtEP91AiuolGmrGgy5XrTNFee/doxyxuFs=; b=FZeKVBgRGT8BN2cb03J8S5SQo5aqPxSEaepwl9UWJp3NzwwgZIX6Zd2Sb5DY0l3qXV lKv+2b3Ez6rBrPN/sfVlRv7rZW8v2Z/CcMOPPSJB0YZIx13h7uLvqBhHD1i0PS+k5foz x76nMzCzvGv6GpJqfexpFMFBUPww8230yzTIo=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; b=MndRarybmvviCX2BWwHELF4+BY2Gowl+9RvOEPC4r8aqi8lhn+p1dld3HKdCDQaiiS fy3zjq67VuyIOBizqse7RmyEHPbN3z14/MrWxt2xnMDhX6sgTKRBozZ7xOJJ6wmKXKba 3owW7x/h+Gu6lk+Be03VgJH6urLteF4xt63YE=
- In-reply-to: <486D2A76.603@xxxxxxxxx>
- References: <20080703193312.246BA158041@xxxxxxxxxxxxxxxxxxxxxxxx> <486D2A76.603@xxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Mutt/1.4.2.3i
On Thu, Jul 03, 2008 at 03:37:26PM -0400, Ringo Kamens wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> While it's true that privoxy can't filter things when you're using
> HTTPS, IMHO it's much better to use encrypted connections in general,
> especially when you trust the host. If you have scripts disabled on your
> browser then privoxy isn't really all that needed.
> Comrade Ringo Kamens
> nobledark@xxxxxxxxxxxx wrote:
> > Hi,
> >
> > Sorry if this sounds a bit stupid but looking for some
> > clarification. I've read that using HTTPS over Tor actually reduces
> > your security due to the bypass of your local proxy (Privoxy, etc) -
> > is this the case for all usage or does it justs affect hidden
> > services? For example, if I am accessing Hushmail via a Tor-enabled
> > Firefox browser, is that traffic not protected by the anonymized
> > circuit or otherwise less secure than a connection to a port 80 web
> > site?
> >
> > Thanks -nD
> >
I'd also suggest seeing if your browser has an option to disable
sending of the user agent header in HTTP requests. This is something
that privoxy can do, but may be difficult to tweak in some browsers.
--
Christopher Davis