On Thu, Feb 19, 2009 at 4:17 AM, Erilenz <[email protected]> wrote: > ... > Lots of people simply don't know how to use Tor safely.
agreed. i always recommend two things when using HTTPS over Tor: - install the petname toolbar. this will also notify you if some rogue CA is suddenly signing the google.com certs, for example, not just that encryption isn't used. - save bookmarks to sites that support HTTPS only (secure cookies) with the https:// secure URL. (no insecure transition). > I wonder if something could/should be built into TorButton to force a list of > commonly used services to go entirely over https? Eg any request for > ^http://mail\.google\.com/.*$ a plugin to enforce secure cookies and https only operation for some domains would be useful. i don't know of any that do this kind of thing yet... best regards,

