Silk Road forums
Discussion => Newbie discussion => Topic started by: crouchingt1ger on March 22, 2013, 10:09 pm
-
Should we be using HTTPS before the url?
-
good question
i think there can only be one url for tor hidden services tho
would like to know what the difference would be if any at all tho because im new to sr and trying to set up security and anonymity
-
I'm obviously new too but from what i have read https headings provide you security from being phished and hacked. Apparently you could be followed as you go along. Idk if this is different with Tor. But apparently thats 1 way passwords can be stolen.
-
No, guys. You shouldn't and can't. Server doesn't support it. The reason is that anything that's in-Tor-network only is already encrypted. If you visit any clearnet (as in something that doesn't end in a .onion address), however, it is not encrypted AT ALL. But onion sites like SR and the forums here are already end-to-end encrypted.
-
thanks!
-
Tor browser uses the 'HTTPS Everywhere' browser add-on, which autoamtically and effectively treats most sites like an https site and does alot to encrypt traffic to clearnet sites. It doesnt work on some so be careful and make sure its all enabled and everything.
-
Tor browser uses the 'HTTPS Everywhere' browser add-on, which autoamtically and effectively treats most sites like an https site and does alot to encrypt traffic to clearnet sites. It doesnt work on some so be careful and make sure its all enabled and everything.
This is good to know, Thanks!!
-
No, guys. You shouldn't and can't. Server doesn't support it. The reason is that anything that's in-Tor-network only is already encrypted. If you visit any clearnet (as in something that doesn't end in a .onion address), however, it is not encrypted AT ALL. But onion sites like SR and the forums here are already end-to-end encrypted.
I would give you +1 Karma... but idk how that works... ive looked on profiles and shit for a button but cant find it.
-
TOR already encrypts your traffic, but to be extra secure you should use PGP when contacting a vendor or giving them your address. PGP uses a public/private key pair just like HTTPS. It performs the same role (ensuring that the only person who can read your message is the person who holds the private key. In HTTPS your bank's web server has a private key and a certificate authority gives you the bank's public key. You encrypt your bank details with the public key, and then ONLY the bank can decrypt it, so nobody else can read your bank details when you send them through the network. This is exactly what PGP does for any messages you encrypt using the vendor's public key. It means only he can read them.