Technology in Hostile States: Ten Principles for U...

[patcheudor]

We've known for years that HTTP (clear-text) traffic can be middled out of exit nodes. What FalseCONNECT showed was that HTTPS (encrypted) traffic via web proxies could be middled. We should all be very, very, very troubled by that.

In terms of the EFF article, it's just one of many which recommend the use of proxies and was just an example providing that this has been guidance that's been provided for quite awhile. There are even commercial web proxy providers like TorGuard which market web (HTTP) proxies:

https://torguard.net/anonymousbittorrentproxy.php

[Fnoord]

> In terms of the EFF article, it's just one of many which recommend the use of proxies and was just an example providing that this has been guidance that's been provided for quite awhile. There are even commercial web proxy providers like TorGuard which market web (HTTP) proxies:

Again, the article (which stems from 2006) recommends: 1) Tor. 2) Privoxy (which is not the same as 'recommending proxies' since you can run it on 127.0.0.1) 3) Tor + Privoxy (guess where Privoxy runs) 4) anonymizers.

The article should indeed not recommend #4 if protecting against a nation state. But that doesn't seem to be the goal of the article. The article is out of date, and its focus is on protecting the user's privacy from search engines and the like. It against profiling by ASPs.

A better question is "should out of date articles have warnings about them being inaccurate and/or dated?"

Finally, people who anonimize their BitTorrent usage via a proxy or VPN generally do this because of hiding copyright infringement or avoiding blockades. The intention is to hide their IP address against MPAA (and the like), not NSA (and the like). On top of that, "TorGuard" seems to have very little to do with "Tor"; that alone tells me to not trust such a service.