TOR: Can exit nodes eavesdrop on communications?
Werner Schram
wrschram at gmail.com
Wed Dec 16 15:52:59 UTC 2009
arshad wrote:
> thank you very much werne.
> your reply is very clear,
> you have any suggestion on what to use for encryption?
>
Unfortunately, it is up to websites to decide if they provide
encryption. You can see if a site is encrypted by looking at the address
bar. If the address starts with https:// your connection is encrypted.
If the address starts with http:// your connection is not encrypted.
Fortunately, most sites that require personal details from you, provide
encryption. And if they don't, you shouldn't use them.
To make it slightly more complicated (but also more complete), you
should always make sure the certificates the site uses for encryption
are in order. If you use a recent and updated browser, this is done for
you. If something is wrong with the certificate, you will see a big
warning. You should always read those warnings, and only add exceptions
if your are really sure about what you are doing.
I hope this information is clear, and I'm not scaring you of too much ;)
To summarize: Always look for https in your address bar when giving out
personal details, and never ignore the big certificate warnings your
browser shows you!
Regards,
Werner
More information about the ubuntu-users
mailing list