Silk Road forums
Discussion => Security => Topic started by: nardical on September 27, 2012, 05:35 am
-
I don't know if this has been posted before, but I reckon it deserves to be posted again.
It's a little outdated, but should boost your security a tad.
http://xfq5l5p4g3eyrct7.onion/view.php?image=5ff7276835e67642427260246f054967.jpg
-
why doesnt sr us HTTPS?
-
I don't recommend editing the firefox configuration or torc files because it can make your traffic stand out as unique in comparison to other users of your Tor software. Ideally everybody should be up to date and clone like. I'm not sure it will increase the speed of downloading from hidden services either, a lot of that information looks familiar but more applicable to the regular web.
On Tor, I think loading is sort of bunched together, you have have staggered loading times. Everything loads. Then nothing. Repeat. I'm not sure if this is connected to increasing anonymity, inefficient Tor programming/network utilization or something else, but in any case I think may will defeat any speed optimizations you may attempt, over and beyond the possibility of threatening your anonymity.
why doesnt sr us HTTPS?
Because SR is not on the web. It is on the Internet. But not the world wide web. And Verisign & Co are unlikely to give us a HTTPS certificate :)
We don't need one, because our traffic is encrypted already since it's inside the Tor network.
Side Note: The developers of firefox made an interesting announcement I didn't see before, it was May 9th of this year.
Now in Aurora: Secure Google Searches are default. In Aurora when you search using the location bar, search box, or the right-click menu, your search will be sent to Google through a secure (HTTPS) connection. You won’t notice a difference in how you search, but your Google search suggestions and search results will be presented through a secure web site.
*Enabling HTTPS for these searches shields our users from network infrastructure that may be gathering data about the users or modifying/censoring their search results.* Additionally, using HTTPS helps providers like Google remove information from the referrer string. While Google users may expect Google to know what they are searching for, Firefox users may not be aware these search terms are often transmitted to sites they visit when they click on items in the search results; enabling HTTPS search helps sites like Google strip this information from the HTTP referrer string, putting the user better in control of when and to whom their interests are shared.
That is interesting. Seems like the browser app/google people are worried about, not just privacy, which is a natural perpetual concern, but from the wording they're using they may know a lot more than they're letting on. Or maybe it's my imagination. But network infrastructure cannot mean criminals or hackers threatening privacy, who don't, you know, traditionally install fibre and routers. It has to be specifically ISPs or governments. I wonder if they're pre-empting the widespread use of deep packet inspection on everything or something along those lines.
-
If you have not already installed HTTPS Everywhere in your Clearnet Firefox browser, it would be wise to do so now. This little addon is already installed in the TOR Browser Bundle, you have to go to the website below if you want to add it to your clearnet firefox. The addon will find and use the https version of every site that has a secure version. It will do this automatically. You will be surprised at all the sites that you visit that you never knew had a secure option.
Here is the link: https://www.eff.org/https-everywhere
note: you cannot find this addon by searching the default firefox addons page.
-
why doesnt sr us HTTPS?
Everything Pine said is correct.
To put it really shortly: You only need https when your data traffic leaves the Tor network, to make sure that the traffic between the Tor exit node and the website server stays encrypted.
When you visit an .onion website, the data traffic does not leave the Tor network. It does not pass through an exit node, and therefore stays encrypted all the time.
Because of that, a .onion hidden service does not need the https protocol.