-
Notifications
You must be signed in to change notification settings - Fork 23
/
Copy pathsecurity.html
31 lines (21 loc) · 1.73 KB
/
security.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
<html>
<head>
<title>tor2web: security considerations</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body><div class="header">
<h1><a href="/">tor2web</a>: security considerations</h1>
</div><div class="body">
<h2>Install Tor</h2>
<p>For maximum security, install your own copy of <a href="https://www.torproject.org/">Tor</a> and use that to visit the <code>.onion</code> URLs. Tor will encrypt and anonymize your requests and use digital signatures to verify you're talking to the actual server.</p>
<p>If you don't want to access all your pages through Tor, but just <code>.onion</code> URLs, set your browser's PAC file to:</p>
<pre>http://tor2web.org/conf/proxy.pac</pre>
<p>On Mac OS X, you can do this by clicking the Apple Menu, choosing "System Preferences...", clicking the button "Network", clicking the green dot on the left, clicking the button "Advanced...", choosing the tab "Proxies", checking "Automatic Proxy Configuration" on the left and clicking it, then putting this in the "URL:" box, clicking "OK", then clicking "Apply".</p>
<h2>Hide domain names</h2>
<p>tor2web uses SSL so that others can't eavesdrop on your requests, but this doesn't protect you from people looking at your own browser history or if someone compromises the tor2web server itself. In addition, in its default usage people will be able to tell which Tor site you're visiting. To prevent this, you can use <code>x.tor2web.org</code> as follows:</p>
<pre><a href="https://x.tor2web.org/duskgytldkxiuqc6/">https://x.tor2web.org/duskgytldkxiuqc6/</a></pre>
<p>This isn't turned on by default since it breaks most internal site links.</p>
</div>
<address><a href="mailto:[email protected]">[email protected]</a></address>
</body>
</html>