Most sites i see on tor are http://blahblahblah.onion even for sites that have logins such as dread or pitch. However, duckduckgo appears to have an https onion which i didnt think was possible. Now the question is if i submit my user/pass on an http onion is it actually safe and is my session with that site properly secure? I know in transport to me it is secure, but if the exit node knows i want the pitch onion is my account info safe from that node since pitch is http.

  • Tomkoid@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    It basically doesn’t matter. Your connection already goes through 3 nodes on the Tor network and that is plenty enough. There is no reason why you should prefer HTTPS sites over HTTP on the Tor network.