Silk Road forums
Discussion => Security => Topic started by: windmillz on May 19, 2013, 12:19 am
-
Today I upgraded my usb stick to the current version Tails .18 After my install/update Iceweasel started giving me this message about being in an unencryped area/site. I am connected to Tor so I am not sure what this means. If anyone can enlighten me I would greatly appreciate it. It happens when I try to connect to SR onion and forums.
This is one message:
The information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.
Are you sure you want to continue sending this information?
-windmillz
-
Run a packet sniffer (i.e. wireshark) between the computer and router and check to see if it is unencrypted.
-
I found out that the wireless router was on a WEP 128bit encryption, I reset it and configured a WPA 2 Personal, major change... I still get the message that I am unencrytped pages and third party somethings could potentialy see etc.
Also is there a way to install wireshark onto Linux, or a different way to find this information out, besides a sniffer? or is that the most accurate?
Thanks for all the help just want to be secure!!
-
Is this the message:
You are about to leave an encrypted page. Information you send or receive from now on could easily be read by a third party.
[Check Box] Alert me whenever I leave an encrypted page for one that isn't encrypted.
Yeah, don't worry about that. Just uncheck the box to get rid of the warning. It's just reminding dumb people not to enter username/password over an HTTP connection. You should only do that over an HTTPS (encrypted) connection, except that's irrelevant on hidden services, because the connection is fully encrypt from the Tor client on your computer to the Tor client on the hidden service server.
You *should* use only HTTPS to enter sensitive info on clearnet sites though.
-
So 110% don't worry about it especially if im on a service through tor like the SR??
This is the message I get when I try to log into the forums:
The information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.
Are you sure you want to continue sending this information?
with the text box saying to remind me or not....
If you say its to be ignored Ill trust ya
-
Your WiFi encryption has nothing to do with that; I'm not familiar with Tails, but if astor's right (which he very nearly always is), then yes. Totally ignore it AS LONG AS you are on a .onion site.
You MUST NOT ignore it if you aren't though. If you're on a non-".onion" site, the warning fully applies. That's very important, hence the caps, heh :) I take it you only get that message when you try to log in? Because otherwise something is very fishy, as you aren't actually transmitting anything except the request for a page when you just surf to the forums. I mean you shouldn't be, anyway, which is why it'd be fishy...
-
Yeah, I booted the latest tails in a VM. When TorBrowser / Iceweasel starts, it takes you to https://tails.boum.org, some page on that site., which is using SSL. Immediately I entered my favorite web IP checking site, wtfismyip.com, and got that pop up message. It's just warning you you're going from an encrypted to an unencrypted connection.
The part that Firefox / Iceweasel / TorBrowser / the Tails devs haven't fixed is if you enter an onion address, it IS encrypted the whole way. It's equivalent to an https connection, even though it says http. That's why I said don't worry about it, just disable it and keep in mind that when visiting clearnet sites, the exit node can potentially read anything you send over http, so don't send username/password.
-
Thanks for the clearification there!! I just am very paraniod in general I just don't want to get caught for something silly that I could have prevented. So Im safe on ONION sites, even login pages but not through clearnet (I rarley uses it ever anyways, only for joining/connecting (accepting the agreement for connection) a network like at barns and noble for the free WIFI)
Yes, SelfSovereignty It happens every time I log on and its tripping me out man!!! haha
Thanks astor for the advice! As well as every one else feel alot better about the situation!
-windmillz
-
Yep, for onion sites, http is safe.
For clearnet sites, you must use https for entering sensitive info.
Now that you know that, disable the warning and don't worry about it. It's a dumb a warning that doesn't understand the complexities of Tor.
-
Today I upgraded my usb stick to the current version Tails .18 After my install/update Iceweasel started giving me this message about being in an unencryped area/site. I am connected to Tor so I am not sure what this means. If anyone can enlighten me I would greatly appreciate it. It happens when I try to connect to SR onion and forums.
This is one message:
The information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.
Are you sure you want to continue sending this information?
-windmillz
Windmillz, I get the same thing after upgrading to 0.18
Unchecking the message doesn't seem to matter as the Iceweasel preferences are not persistent.....so it will happen every time you fire the browser.
If you make /home/amnesia/.mozilla persistent, it should go away permanently :)