http subversion URLs should be discontinued in favor of https URLs
Michelle Sullivan
michelle at sorbs.net
Fri Dec 8 10:31:36 UTC 2017
Yuri wrote:
> On 12/07/17 15:16, Jason Hellenthal wrote:
>> The truly paranoid types that don’t want anyone to know they are
>> using FreeBSD apparently.
>>
>> Honestly if they are that worried about http then get a private vpn
>> tunnel and run through that instead !
>
>
> Some people aren't aware that they use http, and enable Tor because
> they think that it improves privacy. It's very easy to use such setup
> inadvertently.
Ding! Ding! Ding! we have a winner!
This is about privacy and anonymity rather than security then...
Sorry you want to ensure a secure (trusted) connection you do it
yourself. You go through other nodes (switches and routers of the
normal internet) you make a choice... do I trust them to deliver my
packets untampered with or not? I know there are nodes out there that
are doing monitoring and filtering and even returning bad data
(accessing a certain 58 servers/IPs in Australia will have all HTTP
spoofed to return a static message that has nothing to do with those 58
servers... I now run a proxy on a network I trust and a VPN to that
network (all of which are in Australia) and don't have my packets
intercepted.)
If you're running your connection over Tor, you're running over a second
layer with people out there that are not even necessarily trustworthy,
many are people that they themselves use Tor for legally questionable
actions, many for perfectly valid (though legally questionable)
reasons.. (think: penetration testers - even commissioned ones).. but by
using Tor you are accepting the risks in the knowledge that your data is
traversing a network where people with questionable legal
motives/positions...
So basically you want everyone to double their resources so that you can
risk using an inherently untrustable network in the name of privacy...
which in many cases you won't have anyway (because if the person doesn't
know they are using http, then there is a pretty good chance they
haven't secured their browser so it's spewing tracking cookies and other
privacy defeating headers anyhow!)
Enough please!
Michelle
More information about the freebsd-security
mailing list