TOR: Can exit nodes eavesdrop on communications?
Werner Schram
wrschram at gmail.com
Wed Dec 16 15:58:38 UTC 2009
Werner Schram wrote:
> arshad wrote:
>> thank you very much werne.
>> your reply is very clear,
>> you have any suggestion on what to use for encryption?
>>
> Unfortunately, it is up to websites to decide if they provide
> encryption. You can see if a site is encrypted by looking at the
> address bar. If the address starts with https:// your connection is
> encrypted. If the address starts with http:// your connection is not
> encrypted. Fortunately, most sites that require personal details from
> you, provide encryption. And if they don't, you shouldn't use them.
>
> To make it slightly more complicated (but also more complete), you
> should always make sure the certificates the site uses for encryption
> are in order. If you use a recent and updated browser, this is done
> for you. If something is wrong with the certificate, you will see a
> big warning. You should always read those warnings, and only add
> exceptions if your are really sure about what you are doing.
>
> I hope this information is clear, and I'm not scaring you of too much
> ;) To summarize: Always look for https in your address bar when giving
> out personal details, and never ignore the big certificate warnings
> your browser shows you!
>
For more information about certificates:
http://www.us-cert.gov/cas/tips/ST05-010.html
More information about the ubuntu-users
mailing list