Date: Fri, 08 Dec 2017 21:29:25 +1100 From: Michelle Sullivan <michelle@sorbs.net> To: Yuri <yuri@rawbw.com>, Jason Hellenthal <jhellenthal@dataix.net>, Poul-Henning Kamp <phk@phk.freebsd.dk> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: http subversion URLs should be discontinued in favor of https URLs Message-ID: <5A2A6985.3070202@sorbs.net> In-Reply-To: <83e44188-6e0d-13cc-4b80-d191ac010427@rawbw.com> References: <97f76231-dace-10c4-cab2-08e5e0d792b5@rawbw.com> <2a6d123c-8ee5-8e1e-d99b-4bce02345308@rawbw.com> <1217.1512685566@critter.freebsd.dk> <A9370975-7077-432C-985A-56657CF0CC98@dataix.net> <83e44188-6e0d-13cc-4b80-d191ac010427@rawbw.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Yuri wrote: > On 12/07/17 15:16, Jason Hellenthal wrote: >> The truly paranoid types that don’t want anyone to know they are >> using FreeBSD apparently. >> >> Honestly if they are that worried about http then get a private vpn >> tunnel and run through that instead ! > > > Some people aren't aware that they use http, and enable Tor because > they think that it improves privacy. It's very easy to use such setup > inadvertently. Ding! Ding! Ding! we have a winner! This is about privacy and anonymity rather than security then... Sorry you want to ensure a secure (trusted) connection you do it yourself. You go through other nodes (switches and routers of the normal internet) you make a choice... do I trust them to deliver my packets untampered with or not? I know there are nodes out there that are doing monitoring and filtering and even returning bad data (accessing a certain 58 servers/IPs in Australia will have all HTTP spoofed to return a static message that has nothing to do with those 58 servers... I now run a proxy on a network I trust and a VPN to that network (all of which are in Australia) and don't have my packets intercepted.) If you're running your connection over Tor, you're running over a second layer with people out there that are not even necessarily trustworthy, many are people that they themselves use Tor for legally questionable actions, many for perfectly valid (though legally questionable) reasons.. (think: penetration testers - even commissioned ones).. but by using Tor you are accepting the risks in the knowledge that your data is traversing a network where people with questionable legal motives/positions... So basically you want everyone to double their resources so that you can risk using an inherently untrustable network in the name of privacy... which in many cases you won't have anyway (because if the person doesn't know they are using http, then there is a pretty good chance they haven't secured their browser so it's spewing tracking cookies and other privacy defeating headers anyhow!) Enough please! Michelle
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5A2A6985.3070202>