Never seen this before. Tried to log into my safe-mail account for first time in a few days and got a warning page about an untrusted connection. Says someone is possibly trying to impersonate the site or the issuer has an invalid certificate, etc. Says not to continue. Obviously I'm abandoning ship, but what do guys make of this? Any of else running into this or is it just me?
Some exit nodes look for and attempt to hijack your https session by injecting a self signed certificate.
Https is an internet protocol that allows for encrypted end-to-end communication. If someone can inject their own certificate they can decrypt anything in the stream.
I think it's mostly semi-bad exits looking for low hanging fruit.
It's fine to cycle through some exit nodes until you don't see that message.
NEVER ACCEPT A CERTIFICATE WHILE USING TOR.
Any website that ends in .onion is encrypted end-to-end and you don't have to worry about https and certificates. Some websites offer both traditional websites and .onion sites. You should try to use the .onion ones when possible. Blockchain.info is an example of a website with both.
Also, if you're going to use safe-mail for anything make sure to PGP encrypt anything sensitive and ask the other person to do the same.
Safe-mail has been accused of selling out privacy and I believe it. If you're into that tinfoil stuff it's based in Israel and may be run by the Mossad.
In any case it's fine to use, just don't trust them with any sensitive info. PGP everything.