|
|
|
|
|
|
by kmeisthax
1458 days ago
|
|
|
Anonymity of the origin server is not at all a design goal of SSL/TLS: in fact, the whole point is to tie a web host to a particular identity. Originally it was supposed to be legal identity, but that is actually fairly useless, so now it's just a domain name. For end-users TLS and Tor both provide privacy; since you don't need to identify yourself in order to use https. In fact, with ESNI and DoH the only thing anyone snooping wire traffic can see is that you're connecting to whatever data center is owned by the company hosting the website. The sites in the original article are criminal enterprises, which means they have the unique problem of needing the origin server to remain anonymous so that their hosting provider can't find out what they are doing. This is the one thing Tor does that TLS doesn't; and they were deanonymized by them insisting on providing a self-signed cert anyway. However, this is a particularly unusual threat model that is far harder to maintain. Even the whole anticensorship thing is usually just hiding what sites you're visiting from, say, the Great Firewall - we don't care that China can also use Tor to learn where Google's servers are. |
|
|