On 11/22/2013 10:35 PM, Katya Titov wrote: > The advantage that I see is that is there is no way to directly access > a .onion site without using Tor, so it is a clear indicator that Tor is > in use, visible to the user.
TBB 3.0 works under the assumption that it can either access websites and is thus properly using Tor, or Tor is not working and access to any website fails. I am not totally sure, but I bet the TBB team has added patches that make this this a valid assumption. >> If I remember correctly the certificate for check.torproject.org is >> pinned in TBB, so using a hidden service instead does not add any >> security benefits. > If you have more information about this then I would love to see it. I > didn't realise pinning was implemented in FF, other than by removing all > CA certificates and adding server certificates individually. This is the case for stock Firefox -- and I still don't understand why it is not an enough high priority. I don't know for sure, but I just assume Mike has added a patch that pins at least the check.tpo cert. I may be wrong. -- Moritz Bartl https://www.torservers.net/ -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
