Silk Road forums

Discussion => Security => Topic started by: virmo_vendor on July 03, 2013, 10:50 am

Title: Tails+SR= unencrypted site readable ny 3th parties message
Post by: virmo_vendor on July 03, 2013, 10:50 am
Hi,

With older versions this message was not displayed.
Is .onion not always an encrypted connection like it is supposed to?
Or is this because of some settings?

Totally not cool if info gets in 3th parties hands..

Any help please?
Title: Re: Tails+SR= unencrypted site readable ny 3th parties message
Post by: m1ddle on July 03, 2013, 10:57 am
Iceweasel shows the prompt when you're not using SSL (https) to connect to a site.

They say Tor hidden services are inherently encrypted, as part of the network design. While the prompt is correct (you aren't using SSL), it's also misleading.
Title: Re: Tails+SR= unencrypted site readable ny 3th parties message
Post by: virmo_vendor on July 03, 2013, 02:19 pm
So basically it can be ignored? Onion sbould indeed not require ssl. Whick makes the new version strange. But liberte has not been updated for ages. Oh well..

Thx for the reply  8)
Title: Re: Tails+SR= unencrypted site readable ny 3th parties message
Post by: comsec on July 03, 2013, 05:26 pm
where exactly do you see that message... connecting to https://check.torproject.org?
because you shouldn't see any warnings going to a .onion site, Tor doesn't use SSL

you aren't accessing this through .onion.to clearnet 2 tor gateway are you? because if you google 'silk road forums' it's like one of the first options that comes up http://dkn255hz262ypmii.onion.to and if you signed in through it, you just lost your anonymity/loginpassword
Title: Re: Tails+SR= unencrypted site readable ny 3th parties message
Post by: Just Chipper on July 03, 2013, 07:09 pm
where exactly do you see that message... connecting to https://check.torproject.org?
because you shouldn't see any warnings going to a .onion site, Tor doesn't use SSL

you aren't accessing this through .onion.to clearnet 2 tor gateway are you? because if you google 'silk road forums' it's like one of the first options that comes up http://dkn255hz262ypmii.onion.to and if you signed in through it, you just lost your anonymity/loginpassword

No when moving from an SSL encrypted site to a non SSL encrypted site. (ie from https://tails.boum.org/news/ to dkn255hz262ypmii.onion).

No he's just using default Iceweasel install that is packaged inside Tails.

Good looking out on the clearnet 2 tor gateways, they are honestly a terrible invention. It completely undermimes the security Tor offers in the first place. I suppose low-hanging fruit will always hang low.
Title: Re: Tails+SR= unencrypted site readable ny 3th parties message
Post by: m1ddle on July 04, 2013, 12:09 pm
where exactly do you see that message... connecting to https://check.torproject.org?
because you shouldn't see any warnings going to a .onion site, Tor doesn't use SSL

you aren't accessing this through .onion.to clearnet 2 tor gateway are you? because if you google 'silk road forums' it's like one of the first options that comes up http://dkn255hz262ypmii.onion.to and if you signed in through it, you just lost your anonymity/loginpassword

I get the same warning message on Iceweasel, when moving from a clearnet SSL site to a darknet .onion site. This one is safe to ignore.
Title: Re: Tails+SR= unencrypted site readable ny 3th parties message
Post by: upthera on July 04, 2013, 01:37 pm
Hi,

With older versions this message was not displayed.
Is .onion not always an encrypted connection like it is supposed to?
Or is this because of some settings?

Totally not cool if info gets in 3th parties hands..

Any help please?

I started to get them when I went from tails .17 to tails .18  ?
I don't like seeing it either
Title: Re: Tails+SR= unencrypted site readable ny 3th parties message
Post by: GrimWaldo on July 04, 2013, 02:41 pm
Don't worry, nothing's changed. If you are browsing .onion sites you can ignore the 2 warnings that IceWeasel will give you about "Leaving an encrypted page" and "Sending unencrypted info". While browsing a hidden service (like SR) ALL data remains encrypted because there is no exit node... the data never leaves the Tor Network.

I turn the warnings off if I'm browsing inside Tor, and leave them on if I intend to browse ClearNet. Don't let the warnings spook you... TAILS is definately the way to go!
Title: Re: Tails+SR= unencrypted site readable ny 3th parties message
Post by: Trippinmonkey on July 04, 2013, 08:17 pm
Good point about the onion.to
Bad duckyducky go for listing that!

But  it's while visiting onion sites for everyone using the new tails. Older versions of tails were not annoying like that. Unchecking that warning is no use. It keeps showing that message.

Not sure if tails is the way to go. It has more features than Liberte and Liberte has not been updated since ages. It seems better encrypted but is even more annoying because switching identity does not work. Rebooting all the time is a lot worse than messages.

Strange thing is that tails is stepping away from truecrypt. So if somebody gets the device then it is obvious tails is on it.

Multiple bootable OS'es on external devices would be awesome. Especially if one OS could be booted from a hidden partition.