[tor-dev] [Proposal] Obfuscating the Tor Browser Bundle initial download

William Waites wwaites at tardis.ed.ac.uk
Mon May 9 21:23:20 UTC 2016


Blake Hadley <moosehadley at gmail.com> writes:
>
> The environment requires an HTTPS proxy to reach the World Web Web.
>
> Do HTTP proxies inherently create a situation similar to MITM?

Yes, that is exactly what they do. If your web browser isn't nagging you
all the time with "hey this certificate is untrusted" then a signing
certificate will have had to be installed in your computer. This lets
your employer decrypt all of your HTTPS traffic, inspect it, and
reencrypt it. Unless you understand exactly what is happening and what
to do about it, best to avoid using the Internet from there altogether.

-w

-- 
------------------------------------------------+------------------------
William Waites        <wwaites at tardis.ed.ac.uk> : School of Informatics
Synthsys Centre for Mammalian Synthetic Biology : University of Edinburgh
------------------------------------------------+------------------------
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.


More information about the tor-dev mailing list