you can't know their names in advance anyway. If you open up a Google Chromebook and discover new sites by going to the default page which is a search engine also owned by Google, who a) because of the sorry state of CAs has implemented its own open source tool to watch the set of known certificates for any funny business that would signal a break somewhere in all that overly-complicated brittle technology, and b) is Google's bread and butter such that if they started mapping site titles/descriptions (which you've probably heard of out of band) to different URLs would lose their stranglehold on the industry, not to mention such an attempt would be reported widely in the news media. That's all technically true, but I doubt even HN readers really understand what that means. "Random" example: if you are using a search engine to discover new hidden services, you can't know their names in advance anyway… > Depending on your threat model it could be totally okay not to know who you are visiting. Especially since you didn't seem to bother verifying if the GA scripts were actually set up by the search engine (which they aren't). Now you are accusing this service of trying to MITM its users based on nothing. > Probably this is the real purpose of the advertised search engine. It doesn't really work like that (and it's written "Tor" not "TOR" btw).
> The TLS connection you have with the TOR service Depending on your threat model it could be totally okay not to know who you are visiting.
There is also encryption and hidden IP address for example. Well, no, that's not the only security you get. > The only security you get from visiting a TOR hidden service is from knowing exactly what is its URL. The gateway actually includes GA scripts, and if people want real privacy they don't use a gateway they can't trust (or they would be accessing it over Tor anyway, thus hiding who they really are for the gateway and for GA). The author of the comment you are referring to thought that the GA scripts were set up by the search engine, which is not the case. I think you are assuming a lot about what people here thinks. I think most people here fail to realize how correct your comment is.
0 kommentar(er)
