Is it safe to login to clearnet sites using TOR?

I've heard of hackers stealing accounts (mainly Blockchain.info wallet credentials before they had a .onion) and was wondering if that concern could be applied to to other clearnet sites like Reddit?

If someone could explain why fake SSL certificates / other techniques hackers use to steal login info over TOR isn't something we need to worry i would be very grateful because i'm very nervous about signing into clearnet over TOR.


Comments


[13 Points] whatisopsec:

It is absolutely unsafe to log into any HTTP site through TOR. The exit node can view all of your traffic in plaintext and can capture or modify it. Many exit nodes have been found to be malicious.

I am not sure about the viability of using a fake SSL certificate in a MITM attack on an HTTPS page. It is certainly within the grasp of nation state adversaries but not your average hacker.


[1 Points] penguinmixer:

If you are trying to connect over tor to an HTTPS site and you're going through a malicious exit node, two possible bad things can happen:

  1. If you type the url without the https:// part, then the exit node can redirect you to a similarly-named domain, such as www.l0calbitcoins.com instead of www.localbitcoins.com. How to avoid this: a) always type the full URL of the site, INCLUDING the https:// part. b) use HTTPS-everywhere...it automatically adds the https:// part to the URL for sites it knows use https.

  2. The exit node can present a version of the site to you that's encrypted with its own self-signed certificate. This would allow it to intercept / modify traffic between you and the site. This will raise a big error in your browser that is very hard to click through. So if you heed your browser warnings, this is avoidable.

Beyond these attacks, it is conceivable that a nation-state could hack / coop a certificate authority in order to perform a seamless MITM attack. If you are concerned about someone doing this just to steal from your localbitcoins.com account then don't worry too much. This kind of attack would likely be part of a massive sigint or espionage operation.