[Tor2web-talk] Tor2web proxy
Veres-Szentkiralyi Andras
vsza at vsza.hu
Mon Sep 11 16:21:18 CEST 2017
Hi Ajay,
HTTPS is not end-to-end in this case, so a malicious Tor2web instance
could possibly tamper with the content being transferred between the
hidden service and the user agent (typically browser) without anyone
noticing. Also, some environments (such as corporate networks) do large
scale MITM (man in the middle) with a certificate pushed into the
browser or OS store. In such a case there's now a second party that can
both see the plaintext traffic and possibly tamper with it. None of
these two applies when using Tor directly.
I hope it's clear now.
Cheers,
dnet
On Wed, Aug 30, 2017 at 03:30:48PM +0000, Ajay Sharma wrote:
> Hello,
> I would like to know about Tor2web proxy. It is said that it is not secure and doesn't provide anonymity. My question is, how it is not secure if it uses HTTPS rather than HTTP? And the tor2web user cannot stay anonymous unless and until the user is within the Anonymous network (Tor).
> Appreciate some explainations.
> BR,
> Ajay
More information about the Tor2web-talk
mailing list