If personal information such as a login password travels unencrypted over the Internet, it can very easily be intercepted by an eavesdropper. If you are logging into any website, you should make sure that the site offers HTTPS encryption, which protects against this kind of eavesdropping. You can verify this in the URL bar: if your connection is encrypted, the address will begin with "https://", rather than "http://".
HTTPS-Only Mode in Tor Browser
HTTPS-Only mode forces all connections to websites to use a secure encrypted connection called HTTPS.
Most websites already support HTTPS; some support both HTTP and HTTPS.
Enabling this mode guarantees that all of your connections to websites are upgraded to use HTTPS and hence secure.
Some websites only support HTTP and the connection cannot be upgraded. If a HTTPS version of a site is not available, you will see a "Secure Connection Not Available" page:
If you click 'Continue to HTTP Site' you accept the risk and then will visit a HTTP version of the site. HTTPS-Only Mode will be turned off temporarily for that site.
Click the 'Go Back' button if you want to avoid any unencrypted connections.
The following visualization shows what information is visible to eavesdroppers with and without Tor Browser and HTTPS encryption:
- Click the “Tor” button to see what data is visible to observers when you're using Tor. The button will turn green to indicate that Tor is on.
- Click the “HTTPS” button to see what data is visible to observers when you're using HTTPS. The button will turn green to indicate that HTTPS is on.
- When both buttons are green, you see the data that is visible to observers when you are using both tools.
- When both buttons are grey, you see the data that is visible to observers when you don't use either tool.
POTENTIALLY VISIBLE DATA
The site being visited.
user / pw
Username and password used for authentication.
Data being transmitted.
Network location of the computer used to visit the website (the public IP address).
Whether or not Tor is being used.