Encrypt for browsing

Christian Fromme kaner at strace.org
Thu Jul 8 15:04:30 UTC 2010


Hi,

On Thu, Jul 8, 2010 at 2:03 PM,  <zzzjethro666 at email2me.net> wrote:

> The first question I had that was answered was that I could simply look at
> the URL and add an "s" to http. Thanks to Runa. So, since I have to do a lot
> of assuming, this would be before clicking or hitting return for going
> there. Duh, right? But, then what happens if it is changed back to http
> without an "s"? Does this mean that particular site doesn't do httpS and my
> anonymity has been compromised?

You might want to take a look at: https://www.eff.org/https-everywhere

Also, HTTPS doesn't primarily take care of your anonymity. That's
Tor's job. HTTPS simply adds a layer of encryption to your traffic so
no one (for instance, the exit node administrator or ISP) can sniff
your traffic. Depending on the traffic that goes back and forth
between the Tor exit node you're using and the website you're visiting
HTTPS also protects your anonymity. For instance, if you surf your
Facebook profile via Tor, it would be fairly easy to look at the
traffic and sniff your name for the exit node admin or the ISP:

[you] -> [tor entry node] -> [tor middle node] -> [tor exit node] ->
[facebook.com]

The last hop between [tor exit node] and [facebook.com] would be
completely unencrypted and sniffable. You might want to avoid that.

Note that not all websites support HTTPS. Again, you might want to
take a look at https://www.eff.org/https-everywhere

HTH,
/C
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list