Official Tor Hidden Service for the Kiwi Farms -

glow · May 23, 2021

I am interested in Tor for my haramposting but concerned that the .onion URL is plain HTTP, whereas other .onion sites are HTTPS.

I can't find a good answer about this but I'm guessing that because the connection is terminated at the KF server, the final hop is still encrypted? I know that if you go to a regular HTTP site the exit node can see everything.

Null · May 23, 2021

glow said:
I am interested in Tor for my haramposting but concerned that the .onion URL is plain HTTP, whereas other .onion sites are HTTPS.

I can't find a good answer about this but I'm guessing that because the connection is terminated at the KF server, the final hop is still encrypted? I know that if you go to a regular HTTP site the exit node can see everything.

Read how the onion router works. Https over Tor does nothing and can even weaken security.

Kosher Salt · May 24, 2021

glow said:
I am interested in Tor for my haramposting but concerned that the .onion URL is plain HTTP, whereas other .onion sites are HTTPS.

I can't find a good answer about this but I'm guessing that because the connection is terminated at the KF server, the final hop is still encrypted? I know that if you go to a regular HTTP site the exit node can see everything.

You never go through an exit node for an onion URL. It's strictly within the Tor network, it never exits.

hundredpercent · May 28, 2021

Null said:
Read how the onion router works. Https over Tor does nothing and can even weaken security.

How does HTTPS weaken security?

Except for some weird setups, it won't do much, but how can HTTPS over Tor be harmful?

Null · May 28, 2021

hundredpercent said:
How does HTTPS weaken security?

Except for some weird setups, it won't do much, but how can HTTPS over Tor be harmful?

Because it accomplishes nothing and trains users to accept invalid certificates. Google it dude.

hundredpercent · May 28, 2021

Null said:
Because it accomplishes nothing and trains users to accept invalid certificates. Google it dude.

I mean, you can get valid certs for onions these days, but it'll cost you $50 or something. Price is going down rapidly so shouldn't be far off until it's free.

Null · May 28, 2021

hundredpercent said:
I mean, you can get valid certs for onions these days, but it'll cost you $50 or something. Price is going down rapidly so shouldn't be far off until it's free.

The hidden service is end-to-end encrypted already dude. For fuck's sake.

TheSkoomer · May 30, 2021

glow said:
I am interested in Tor for my haramposting but concerned that the .onion URL is plain HTTP, whereas other .onion sites are HTTPS.

I can't find a good answer about this but I'm guessing that because the connection is terminated at the KF server, the final hop is still encrypted? I know that if you go to a regular HTTP site the exit node can see everything.

HTTPS over Tor gives no added benefit, and has a negative effect of querying CRLs from certificate authority servers whenever you visit an HTTPS .onion URL, thus revealing to a third party that an .onion URL has been visited.

hundredpercent · Jun 8, 2021

TheSkoomer said:
HTTPS over Tor gives no added benefit, and has a negative effect of querying CRLs from certificate authority servers whenever you visit an HTTPS .onion URL, thus revealing to a third party that an .onion URL has been visited.

This doesn't happen with OCSP stapling, but you're right in that the benefit is very minimal regardless.

Official Tor Hidden Service for the Kiwi Farms -

glow

Softly glowing in the dark

Null

Ooperator

Kosher Salt

(((NaCl)))

hundredpercent

Null

Ooperator

hundredpercent

Null

Ooperator

TheSkoomer

Ahahahahahhahahahahahahahahahahahahahahhahahahahah

hundredpercent

Similar threads

How to Support the Forum This website was made possible by contributions from viewers like you. Thank you.