
Tor security advisory: exit relays running sslstrip in May and June 2020 - jerheinze
https://blog.torproject.org/bad-exit-relays-may-june-2020
======
tylerd22
I remember discovering Moxie Marlinspike talking about this issue 9 years ago
and he described this attack as "deadly".

And it really is. In essence, a man in the middle converts all https links to
http and proxies out the traffic. A victim would need to notice the missing
https in the the url to detect this.

HSTS and https-everywhere browser plugin partially solves the problem.

I think the only viable solution is for all http traffic to be encrypted and
to consider non-encrypted traffic suspect.

