How Tor and HTTPS Work

The Electronic Frontier Foundation (EFF) has posted a nice diagram that explains how Tor and Hypertext Transfer Protocol Secure (HTTPS) work in regards to security and anonymity. If you click the HTTPS button the diagram explains how HTTPS protects your data, if you click the Tor button the diagram explains how Tor protects your anonymity, if you have both buttons clicked the diagram explains how Tor and HTTPS work together to protect your data and anonymity.

Neither Tor or HTTPS are perfect, especially when you’re accessing data outside of the Tor network (in other words, not accessing a hidden service). The anonymity that Tor provides cannot protect you if you chose to reveal personal information and HTTPS is only a secure as the trust chain created by issued certificates. The trust chain created by HTTPS has been compromised before when hackers were able to acquire the root signing certificates used by DigiNotar and it’s possible that many trusted certificate authorities are willing to issue fraudulent certificate to government entities. However both tools are relatively effective at what they do and when used in unison can do a great deal to protect your identify online.