Hacker News new | past | comments | ask | show | jobs | submit login

Which the browser can't validate if it just talks HTTP to a proxy that connects to Tor (or a malicious proxy instead), as the parent post described. Doesn't apply to all Tor setups, but it's a risk.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact