On Thu, Jul 29, 2010 at 2:16 PM, punkle jones <punkle.jo...@gmail.com> wrote: > ... > It's time, finally, for every website to start supporting SSL. What reasons > are there not to support it nowadays?
money/time, lack of hardware acceleration, certificate management, cross-browser or historical client compatibility, nullification of in-line/transparent caching infrastructure, probably lots more reasons... i agree with your sentiment for the most part. > Unless there are bad folks out there actively matching entries to exits and > making the info available to your ISP/the guys in suits (there's no reason > to entirely doubt this possibility - why not be paranoid?), there won't be a > whole heck of a lot of info if you're using TOR. The standard warnings > still apply: https://www.torproject.org/download.html.en#Warning traffic confirmation is pretty easy. as for active attacks both near and far end via this route, that's a different question. it does happen, but if you're in that kind of spotlight Tor use is the least of your worries :P > This is a very deep topic that IMO goes far beyond simply using TOR and > stopping conspicuous behaviors to stymie tracking. I'm no expert on > breaking anonymity, so hopefully some of those will chime in. Kyle > Williams, or coderman maybe? hah; sadly i lack the discipline to be "expert" in this subject. you've seen the anobib, right? in general i agree that at the level of scrutiny being discussed here you're either off the radar in the Tor crowd or screwed totally and entirely via all of the other weaker links in your protections. and that's generously assuming your threat model is sufficient and prudent. they don't give out NSL's for just any whim or fancy after all... *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/