Hi, I don't understand, too and in my opinion, this is utter nonsense. I'm not aware of any negative impacts on privacy due to the usage of https://, but without, there is the danger of eavesdropping at the exit node.
best regards, Jan Am 27.10.2010 20:19, schrieb Matthew: > > > Hello, > > There is a "Hints and Tips for Whistleblowers Guide" available at > http://ht4w.co.uk/. > > The section on proxies includes Tor-related information which I fail to > understand: > > > "You may actually get more anonymity when using the Tor cloud by *not* > using the https:// version of a web page (if there is an alternative, > unencrypted version available), since all the Tor traffic is encrypted > anyway between your PC and the final exit node in the Tor cloud, which > will probably not be physically in the United Kingdom." > > > ---I have no idea what this means. I thought the whole point of using > https:// was to prevent Tor exit nodes from snooping and / or > potentially injecting content. > > > "This applies especially to websites like the reasonably anonymous > whistleblowing website _wikileaks.org <http://wikileaks.org/>_ (based in > Sweden) , which offer both http://, https:/and Tor Hidden Service > methods of uploading whistleblower leak documents, but who tend to, > mistakenly, insist on using https:// encryption for when someone > comments on their wiki discussion pages. When (not if) the wikileaks.org > servers, or a blog or a discussion forum like the activist news site > _Indymedia UK <http://www.indymedia.org.uk/>_ are physically seized > (this happened to IndyMedia UK at least 3 times now) , this may, in some > circumstances, betray the real IP addresses of commentators with inside > knowledge of a whistleblower leak i.e. suspects for a leak investigation." > > > -----How on earth can it be "mistaken" to insist on using https:// > encryption? Why would using https:// "betray the real IP addresses"? > > *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
