Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Joan Battaglia
October 28, 2007, 2:06 pm
rate this thread
Re: How safe is Tor for logging into http (nont https) web sites
You're quite welcome. It's my pleasure to hear that something
There's a lot more to it than colored pipes of course. It is an analogy
after all. But it's an accurate portrayal of what information can be
gleaned at critical points along the differing types of connections.
There's three basic "elements" to every internet connection in context.
The source of the connection, or you. The destination, or the site
you're visiting. And the content, or all the information moving between
source and destination. HTML, email text, images, passwords, etc.
HTTP connections - Source, destination, and content available over the
HTTPS connections - Source and destination available over the entire
connection. Content obfuscated.
Tor connections: Source available prior to Tor entry node. Destination
and content unavailable. Destination and content available at exit node
and beyond, source is obfuscated (the definition of "anonymous").
HTTPS+Tor connections: Source available prior to Tor entry node.
Destination and content obfuscated. At Tor exit node and beyond source
is obfuscated by Tor, content is obfuscated by SSL, destination is
known (the definition of "anonymous and private").
Anonymity and privacy are often confused. Indeed, they can sometimes
overlap. An anonymity tool like tor can keep certain types of
information private in a number of ways. Your ISP doesn't know what web
sites you're visiting for instance. But still the two concepts are
Think of privacy as a doctor/patient relationship. You trust your
doctor not to blab about that embarrassing rash he's treating you for,
but obviously he knows who you are. You have privacy, but not anonymity.
Anonymity would be you posting to an on line self help group about
having the rash in such a way that nobody knows it's you. You've made
your condition public and voluntarily given up your privacy entirely,
but since nobody knows it's really you discussing it there's "no harm
Hope those analogies help crystallize things a bit further for you. :)
- » How to tell a fake SSL certificate from a real one
- — Previous thread in » General Computer Security