[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Vidalia error message with TorBirdy



Katya Titov:

> Karsten N.:
> 
>> HTTPSEverywhere can use the SSL Observatory of EFF.org to warn you,
>> if something goes wrong with the SSL certificate of a visited
>> webserver. But I am not sure, if it was now proxy safe. In
>> TorBrowser this option is disabled.
> 
> Thanks Karsten, I use HTTPSEverywhere but wasn't aware of this.
> 
> I've just enabled it in my non-Tor FF installs. I can't see the
> ability to do this in Chrome yet. I'll play around with the settings
> in TBB and see if I can detect any leaks.

OK, I've done some testing using both Firefox 22.0 and TBB 2.3.25-10 on
Debian 7.1. In both cases HTTPS Everywhere is configured to use the
Observatory, *even if Tor is not available*. This should hopefully check
that HTTPS Everywhere honours TBB's proxy settings.

Using:

    tcpdump -i eth0 "(port 443) and (net 64.147.188.0/24 or \
                                         173.236.32.0/24)"

I see regular traffic to hosts observatory*.eff.org when using Firefox.
I see *no* such traffic when using TBB, however I *do* see connections
to the same hosts via the Tor Network Map. I discovered the network
addresses for the EFF Observatory through some simple host lookups so
these are not definitive.

It appears as though the HTTPS Everywhere plugin honours the TBB proxy
settings. Can anyone from EFF comment? And if we can get an affirmative
then should I open a ticket to have TBB's default behaviour modified?
-- 
kat
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk