|
|
07-11-2007, 11:57 PM
|
#1 |
|
Guest
Posts: n/a
|
Re: How safe is Tor for logging into http (nont https) web sites
On Fri, 26 Oct 2007 10:00:17 +0000 (UTC), Anonymous Sender wrote:
> Krazee Brenda wrote: > >> On Fri, 26 Oct 2007 05:00:48 GMT, Joan Battaglia wrote: >> >>> Thanks to you all, I was able to install Tor/Vidalia/Privoxy freeware for >>> anonymous web browsing. >>> >>> When I log into an https email web page, I assume my password is >> protected >>> from snoopers on the Tor network itself. That is, I assume the https >>> encryption prevents a rogue Tor server itself from seeing my password. >> >> Nopeware. > > You're wrong about that. As long as you haven't borked up your security > settings and told your browser to not warn you about bad/changed SSL > certificates you're fine. Tor is no different than any other encrypted > connection. SSL will encrypt your passwords and such end to end unless > you break it somehow. And it IS up to you to pay attention, whether or > not you're using Tor. As long as you haven't tried to cross an Interstate at rush hour, you'll be safe too. Illogicware -- "I drink lots of water, know how to make bee's wax candles, play with clay, eat mangoes nude, give great massages." |
|
|
07-11-2007, 11:57 PM
|
#2 |
|
Guest
Posts: n/a
|
Re: How safe is Tor for logging into http (nont https) web sites
Krazee Brenda wrote:
> On Fri, 26 Oct 2007 10:00:17 +0000 (UTC), Anonymous Sender wrote: > > > Krazee Brenda wrote: > > > >> On Fri, 26 Oct 2007 05:00:48 GMT, Joan Battaglia wrote: > >> > >>> Thanks to you all, I was able to install Tor/Vidalia/Privoxy freeware for > >>> anonymous web browsing. > >>> > >>> When I log into an https email web page, I assume my password is > >> protected > >>> from snoopers on the Tor network itself. That is, I assume the https > >>> encryption prevents a rogue Tor server itself from seeing my password. > >> > >> Nopeware. > > > > You're wrong about that. As long as you haven't borked up your security > > settings and told your browser to not warn you about bad/changed SSL > > certificates you're fine. Tor is no different than any other encrypted > > connection. SSL will encrypt your passwords and such end to end unless > > you break it somehow. And it IS up to you to pay attention, whether or > > not you're using Tor. > > As long as you haven't tried to cross an Interstate at rush hour, you'll > be safe too. A pretty good analogy. I'll put it into proper perspective for you... Crossing the freeway at rush hour demands willful action and abandonment of common sense. There's prescribed crossing points called traffic lights, and in most jurisdictions not using them is actually punishable by a fine. Likewise default browser settings, which all warn you about forged and broken SSL certificates. You have to purposefully do something like click past several dialogs warning you about your bad decisions, adopt a policy of not paying any attention to the warnings, or "wander aimlessly out into the busy street", if you wish. :-) IOW, in both scenarios the real danger is the person doing something wantonly stupid. That's why foot traffic is prohibited on major thruways in fact... to protect stupid people from themselves. I don't know if that philosophy scales to browser settings though. ;-) |
|
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
