.onion URLs and HTTPS certificates

DuckDuckGo as an example: 3g2upl4pq6kufc4m.onion/

What is the impact of using TLS on an .onion URL like this? Is it redundant? And/or is it counterproductive?

Attached: 1541062538931.jpg (410x461, 28.13K)

Other urls found in this thread:

archive.fo/yLEap
security.stackexchange.com/questions/36571/why-can-a-tor-exit-node-decrypt-data-but-not-the-entry-node
gitweb.torproject.org/torspec.git/tree/rend-spec-v2.txt
3g2upl4pq6kufc4m.onion/?q=ip&ia=answer
duckduckgo.com/?q=ip&ia=answer
cockmailwwfvrtqj.onion/
xdkriz6cn2avvcr2vks5lvvtmfojz2ohjzj4fhyuka55mvljeso2ztqd.onion/
cock.li/
scotthelme.co.uk/are-ev-certificates-worth-the-paper-theyre-written-on/
kgg2m7yk5aybusll.onion/
twitter.com/NSFWRedditGif

Why would you use that?
No.
Hack, no.

It's not that encryption is counterproductive, but rather that Tor domains (.onion) are already encrypted by default within the Tor network itself. What is the benefit of HTTPS in this case? EV certificates are a sham so that can't be it.

There is no need to get TLS certificate when it comes to .onion addresses because Tor already encrypts your packet.

Because of how tor works, like an onion archive.fo/yLEap , the packets are in plaintext/however you sent them at the final exit node.
It goes
So by adding TLS to the mix your plaintext at node3 and between node3 and destination becomes encrypted. Otherwise a rouge exit node could collect all your information or modify it as it travels between you and your destination, using hidden services or non hidden services. So it is a ok way to insure that exit node 3 doesn't get at your plaintext. The only problem is using TLS/SSL is shit because you trust a third party to assure the encryption. Something like SSH would be better for encrypting the packets as then you get access to the whole standard openssl/libre/etc library for encryption and whatnot along with not having a third party that can decrypt the packets. The only person decrypting it is your destination and yourself idealy. There's a whole slew of other problems to account for but this is the gist of why to encrypt.

Its like a vpn, your traffic to the vpn is encrypted but when it arrives the vpn sends it to your destination and sees the packets, encrypted by you or not, then sending them to the destination. If you used http the distance between the vpn and the destination can see the http traffic including the vpn who decrypted it when you sent it using a vpn client. Just like with tor.

That archive.fo URL has a bad cert, but, even after accepting it, it returns HTTP status code 403.

Why can a Tor exit node decrypt data, but not the entry node?
2013-05-28

Me -> Node A -> Node B -> Node C -> destination

security.stackexchange.com/questions/36571/why-can-a-tor-exit-node-decrypt-data-but-not-the-entry-node

It does. Read more about how onion routing works.

maybe they dont trust the encryption. seems like only big companies like facebook can get valid certs tho

...