17 comments

[ 3.1 ms ] story [ 51.8 ms ] thread
Is anyone else getting a message that says: Your connection is not private

Attackers might be trying to steal your information from blog.torproject.org (for example, passwords, messages, or credit cards).

ReloadHide advanced blog.torproject.org normally uses encryption to protect your information. When Chrome tried to connect to blog.torproject.org this time, the website sent back unusual and incorrect credentials. Either an attacker is trying to pretend to be blog.torproject.org, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.

You cannot visit blog.torproject.org right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.

NET::ERR_CERT_COMMON_NAME_INVALID

I don't get this warning. Is your ISP/company/hotel/OEM/... MITMing your connections?

I get a certificate with SHA1 fingerprint DE 20 3D 46 FD C3 68 EB BA 40 56 39 F5 FA FD F5 4E 3A 1F 83

Safari, Chrome, Firefox works fine. Can you share the certificate this site serves to you?
Completely valid question but OP should know this may expose where they work and/or their location. That said I would be interested in seeing the cert.
For the record, I'm getting the same error. I'm on a company network, so I can only assume it's being blocked by whatever blocks (or doesn't block) porn.
Can you post info about the cert you're getting? On Chrome, this is done by clicking the lock icon by the https, selecting the "Connection" tab, then clicking the "Certificate Information" link. As was pointed out elsewhere, be aware that this may expose information about your network.
Firefox on Windows. No issues.
They have switched to Disconnect.me as the default search engine. It's hosted by Amazon, in the US. Why did they decide to use it?

Also, the image searches link to Google ("https://www.google.com/url?q=...") whilst saying it's protected. With that said, I prefer the design in comparison to Startpage. But privacy should take priority. Honestly, Startpage could dramatically improve their design just by removing that background image.

Interesting point about image search. In fact, when I perform a Google image search through disconnect and click on an image I see a record of it on google.com/history (while the search itself is not present).

I suppose its only to be expected once one thinks about your observation that the links are pointing at google.

from comments below the blog post: "Startpage was not happy with our traffic and showed sometimes CAPTCHAs. Disconnect on the other hand approached us with respect to search engine traffic and donated some money."
We should all help promote the use for Tor!
Does anybody know why neither Chrome nor Firefox have TOR routing built-in? It would be so awesome to open .onion links without having to jump through hoops.
There are extensions to do this, but it compromises security.