Help me understand tor with SSL?
Martin Fick
mogulguy at yahoo.com
Sun Dec 2 03:42:34 UTC 2007
--- Kasimir Gabert <kasimir.g at gmail.com> wrote:
> On Dec 1, 2007 8:23 PM, Martin Fick
<mogulguy at yahoo.com> wrote:
> > Hi,
> >
> > After reading the docs I am very confused
> > about how tor/privoxy deals with https(SSL)
> > connections. It sounds like if I use SSL
> > that I will be basically bypassing privoxy
> > and therefor could leak personal info? So
> > what is the alternative if I want to access
> > a web site that requires https for logging in
> > anonymously?
> >
> > Also, what prevents tor users form being
> > susceptible to simple attacks where an
> > html page embeds an image that has an
> > https url as its source effectively
> > bypassing any privacy?
> >
> > -Martin
>
> Hello Martin,
>
> What Privoxy will be unable to do is modify the
> contents of HTTPS packets. The packets will still
> be sent anonymously, so HTTPS communications
> can be anonymous (and are preferred because
> exit nodes can not steal information), just the ads
> and scripts will not be filtered from them through
> Privoxy. This filtering should still occur at some
> level from your browse (Noscript, Ad blocking
> extensions, etc).
So, why even bother suggesting privoxy use at all
if it can easily be bypassed? Is this not just
giving people a false sense of security?
Thanks,
-Martin
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
More information about the tor-talk
mailing list