Hints and Tips for Whistleblowers - their comments on Tor and SSL - I don't understand.

Roger Dingledine arma at mit.edu
Wed Oct 27 21:05:45 UTC 2010


On Wed, Oct 27, 2010 at 07:19:02PM +0100, Matthew wrote:
> There is a "Hints and Tips for Whistleblowers Guide" available at  
> http://ht4w.co.uk/.
>
> The section on proxies includes Tor-related information which I fail to  
> understand:
>
> "You may actually get more anonymity when using the Tor cloud by *not*  
> using the https:// version of a web page (if there is an alternative,  
> unencrypted version available), since all the Tor traffic is encrypted  
> anyway between your PC and the final exit node in the Tor cloud, which 
> will probably not be physically in the United Kingdom."
>
> ---I have no idea what this means. I thought the whole point of using  
> https:// was to prevent Tor exit nodes from snooping and / or potentially 
> injecting content.

Once upon a time, Tor shipped with an http proxy named Privoxy, which
tried to remove identifying features from the web pages you get and
from your web requests you make. These were the days before Torbutton,
and back in that day Tor was entirely focused on location anonymity
(i.e. protecting the origin and destination of your traffic). Our approach
to application-level anonymity (making sure the website you're talking
to can't recognize you by cookies or history, can't give you malicious
flash applets, etc) was to wish you luck and remind you that it's a
hard problem.

Back in that day there were some people who noted that https traffic
couldn't be parsed by Privoxy, so Privoxy couldn't do its job. Fair
point. They then mistakenly recommended that letting Privoxy see the
traffic would overall be better for your privacy than the end-to-end
encryption that https offers. Bad advice, it turns out.

So I think the conclusion is a) that advice was bad at the time, and b)
it's really bad advice now that Torbutton exists.

> When (not if) the wikileaks.org servers, or a blog 
> or a discussion forum like the activist news site _Indymedia UK  
> <http://www.indymedia.org.uk/>_ are physically seized (this happened to  
> IndyMedia UK at least 3 times now) , this may, in some circumstances,  
> betray the real IP addresses of commentators with inside knowledge of a  
> whistleblower leak i.e. suspects for a leak investigation."
>
> -----How on earth can it be "mistaken" to insist on using https://  
> encryption?  Why would using https:// "betray the real IP addresses"?

Yeah, this sounds like garbage advice.

Perhaps they are thinking that if you don't use Privoxy, then your
actual user agent will show up in the apache logs of the webserver,
and this is risky? In any case, the application-level scrubbing needs
to happen inside the browser, not in a proxy, and one main reason is
so you can do https just as safely.

--Roger

***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list