Most sites i see on tor are http://blahblahblah.onion even for sites that have logins such as dread or pitch. However, duckduckgo appears to have an https onion which i didnt think was possible. Now the question is if i submit my user/pass on an http onion is it actually safe and is my session with that site properly secure? I know in transport to me it is secure, but if the exit node knows i want the pitch onion is my account info safe from that node since pitch is http.

  • Tomkoid@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    It basically doesn’t matter. Your connection already goes through 3 nodes on the Tor network and that is plenty enough. There is no reason why you should prefer HTTPS sites over HTTP on the Tor network.

  • Orbituary@lemmy.world
    link
    fedilink
    arrow-up
    0
    arrow-down
    1
    ·
    1 year ago

    Certs encrypt traffic. It’s wrapping your onion traffic up. Your search results are arriving securely.