TOR and HTTPS (SSL)

Hi,

I was reading up on Tor and understand that it's no fool proof or magic answer to certain anonymity. My main concern is the fact that Tor has no authority or control over the peripheral nodes, i.e. the first node and last node and so third parties can sniff traffic leaving or entering them.

If someone were to thus use an encryption protocol after the traffic has left the last node, would there be any benefit?

Here's a quick diagram of my idea and interpretation of how the traffic flows:

 

Well from my understanding you would really need that last node to have been running with an ssl cert in place. And it sounds as tho that isn't the case.

and from what i gather, it is inherently an insecure connection whether you are using https or not, once it hits that last node and connects to that end website, all security is stripped. So there would still be no anonymity. However, If you use a VPN, then they can just trace it back to the VPN and not you unless they were to hack the server running the VPN.

If that doesnt make sense i can try to reword it lol

Hope it helps. :/

 

By manually verifying your self signed SSL certificate on "User's Server" everytime you create a new HTTPS connection through it, you can at least prevent the feds from sniffing your traffic directly at the tor exit node. If you don't do that, they could possibly mount a man in the middle attack and you would be talking to a fake HTTPS server on the tor exit node which talks to your server without you even noticing. Of course, as ilovefireflies mentioned, connecting to the end node is still insecure either way.

 

This is very nice to describe to how to work SSL certificates. For any person easily to know to working of the SSL certificates and its feature.