Hi Ajay, HTTPS is not end-to-end in this case, so a malicious Tor2web instance could possibly tamper with the content being transferred between the hidden service and the user agent (typically browser) without anyone noticing. Also, some environments (such as corporate networks) do large scale MITM (man in the middle) with a certificate pushed into the browser or OS store. In such a case there's now a second party that can both see the plaintext traffic and possibly tamper with it. None of these two applies when using Tor directly.
I hope it's clear now. Cheers, dnet On Wed, Aug 30, 2017 at 03:30:48PM +0000, Ajay Sharma wrote: > Hello, > I would like to know about Tor2web proxy. It is said that it is not secure > and doesn't provide anonymity. My question is, how it is not secure if it > uses HTTPS rather than HTTP? And the tor2web user cannot stay anonymous > unless and until the user is within the Anonymous network (Tor). > Appreciate some explainations. > BR, > Ajay _______________________________________________ Tor2web-talk mailing list [email protected] https://lists.ghserv.net/mailman/listinfo/tor2web-talk
