Most sites i see on tor are http://blahblahblah.onion even for sites that have logins such as dread or pitch. However, duckduckgo appears to have an https onion which i didnt think was possible. Now the question is if i submit my user/pass on an http onion is it actually safe and is my session with that site properly secure? I know in transport to me it is secure, but if the exit node knows i want the pitch onion is my account info safe from that node since pitch is http.

  • Orbituary@lemmy.world
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    1 year ago

    Certs encrypt traffic. It’s wrapping your onion traffic up. Your search results are arriving securely.