[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Encrypt for browsing

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Encrypt for browsing
From: Christian Fromme <kaner@xxxxxxxxxx>
Date: Thu, 8 Jul 2010 17:04:30 +0200
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Thu, 08 Jul 2010 11:04:38 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:content-type; bh=TuJ9STljQOOOc8xGuZ9XzWbvs/MytpcmE+DnQR1jeq8=; b=n+Ug+tY13tPzdq1EzXUdmpYYrEpFTg9GQyAN5PQkHSdG4Vik311RkQZY40ztyymKBm ErCtYJnkZmWNq8SdxUM6CNY5uex1CglUm8NCMddGyRGURKqUtn8JW5xSJ6ml1bYcgdMJ lcGKWNe20uFX+BlvmvvE7BRSWF9XleteljKJo=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; b=pASgRNXtLAosX4cT9Ibzc2iywHVHZPZ0hzNY7epY8EoI71qiwj6SxgIPYyTC3gAq4j mjG5O8HuTerfu+4TpgRXf/aOhCyrESnJSpgjYEQ3VoaGOjM7PZJDizSINz7TPtO0lrH0 Psa6VIekRiXz/UHD7LoLjiwmQcFP6PRQxy97Y=
In-reply-to: <8CCECACC3116EBB-12B8-FC69@xxxxxxxxxxxxxxxxxxxxxxxxxx>
References: <8CCECACC3116EBB-12B8-FC69@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

Hi,

On Thu, Jul 8, 2010 at 2:03 PM,  <zzzjethro666@xxxxxxxxxxxx> wrote:

> The first question I had that was answered was that I could simply look at
> the URL and add an "s" to http. Thanks to Runa. So, since I have to do a lot
> of assuming, this would be before clicking or hitting return for going
> there. Duh, right? But, then what happens if it is changed back to http
> without an "s"? Does this mean that particular site doesn't do httpS and my
> anonymity has been compromised?

You might want to take a look at: https://www.eff.org/https-everywhere

Also, HTTPS doesn't primarily take care of your anonymity. That's
Tor's job. HTTPS simply adds a layer of encryption to your traffic so
no one (for instance, the exit node administrator or ISP) can sniff
your traffic. Depending on the traffic that goes back and forth
between the Tor exit node you're using and the website you're visiting
HTTPS also protects your anonymity. For instance, if you surf your
Facebook profile via Tor, it would be fairly easy to look at the
traffic and sniff your name for the exit node admin or the ISP:

[you] -> [tor entry node] -> [tor middle node] -> [tor exit node] ->
[facebook.com]

The last hop between [tor exit node] and [facebook.com] would be
completely unencrypted and sniffable. You might want to avoid that.

Note that not all websites support HTTPS. Again, you might want to
take a look at https://www.eff.org/https-everywhere

HTH,
/C
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

References:
- Encrypt for browsing
  - From: zzzjethro666

Prev by Author: Re: why not TORVM for linux?
Next by Author: Re: why not TORVM for linux?
Previous by thread: Encrypt for browsing
Next by thread: Re: Encrypt for browsing
Index(es):
- Author
- Thread