This could allow them to inject other content into the page including advertising or browser exploits. When you connect to a website over an unencrypted connection, it is possible for the exit node, the exit node's ISP, or some government agencies with the necessary access to modify the traffic in transit. There is one more point that needs to be addressed: HTTPS provides protection against malicious page modification. But, if you want to send information like usernames, passwords, or other identifying information, be sure to use HTTPS. So, if HTTPS is not available on some websites, the exposure is still limited. If you add in HTTPS, they can see the name of the news website you are visiting, but not the specific page you are visiting.
It depends on the data you are sending or accessing and who you want to prevent from seeing that data.įor example, if you are reading a news website without HTTPS, it becomes possible for the Tor exit node and their ISP to see that someone is reading a specific article on a specific news website. HTTPS provides additional protection for the data transferred between the exit node and the destination server.
The short answer is: no, but you should use it if possible. The diagram allows you to enable both Tor and HTTPS to see what information can be hidden from different adversaries. There is an excellent interactive diagram that summarizes the above. This is where HTTPS becomes important as it will prevent snooping on the data contained in your transaction (passwords, the specific pages you visit, etc.). The Exit Node: At this point, the traffic exits Tor it can be monitored by the Tor node itself or that node's ISP.The Tor Network: The traffic within the Tor network has multiple layers of encryption such that only the last node (the exit node) in your Tor circuit can see the traffic you send to the destination.Potential adversaries on your home network or at your ISP can see that you are using Tor, but they cannot see the websites you are visiting. Your Home Network and ISP: Tor provides strong encryption within the network.You will note that HTTPS only provides protection in the final step of the connection (between the exit node of the Tor circuit and the destination server): Here is a breakdown of some potential adversaries at the information available to them at each point. What protection does HTTPS provide with Tor?
Specifically, it depends on the type of data you are accessing and your threat model.
0 kommentar(er)
