On Wed, Oct 27, 2010 at 11:50 AM, Sebastian Hahn <[email protected]>wrote:
> > On Oct 27, 2010, at 8:19 PM, Matthew wrote: > > Hello, >> >> There is a “Hints and Tips for Whistleblowers Guide” available at >> http://ht4w.co.uk/. >> >> The section on proxies includes Tor-related information which I fail to >> understand: >> >> >> "You may actually get more anonymity when using the Tor cloud by not using >> the https:// version of a web page (if there is an alternative, >> unencrypted version available), since all the Tor traffic is encrypted >> anyway between your PC and the final exit node in the Tor cloud, which will >> probably not be physically in the United Kingdom." >> >> >> ---I have no idea what this means. I thought the whole point of using >> https:// was to prevent Tor exit nodes from snooping and / or potentially >> injecting content. >> >> >> "This applies especially to websites like the reasonably anonymous >> whistleblowing website wikileaks.org (based in Sweden) , which offer both >> http://, https:/and Tor Hidden Service methods of uploading whistleblower >> leak documents, but who tend to, mistakenly, insist on using >> https://encryption for when someone comments on their wiki discussion pages. >> When >> (not if) the wikileaks.org servers, or a blog or a discussion forum like >> the activist news site Indymedia UK are physically seized (this happened to >> IndyMedia UK at least 3 times now) , this may, in some circumstances, betray >> the real IP addresses of commentators with inside knowledge of a >> whistleblower leak i.e. suspects for a leak investigation." >> >> >> -----How on earth can it be “mistaken” to insist on using >> https://encryption? Why would using https://"betray the real IP addresses" >> >> > Hi, > > Wow. This is really dangerous misinformation, and I'm wondering what > kind of person would give such intentionally harmful advice, marketing > it at whistleblowers. Tor explicitly recommends using https wherever > possible, whether you are using Tor or not. You're right to be > suspicious of their advice. Attacking wikileaks for forcing the use of > https is also just ridiculous. > > > Sebastian*********************************************************************** > > To unsubscribe, send an e-mail to [email protected] with > unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ > The person(s) who wrote that article appear to not have a full understanding of Tor, or security for that matter. We all know that HTTPS is preferred to regular HTTP.
