Can the NSA see through SSL browsing?

They can see originating IP address I suppose but not the details of traffic.
How do they read emails if the pages are SSL'ed?

Are there any private 'Internet Exchange Points' that exist outside of the main ones?
I thought there was a project one in the works by a private company.

Also, what about a open source program on the PC that encrypts all in/out traffic and networks with other users of the same program to have a total
independent network? is that peer software? The media should recommend this tech as a way around...

 

Maybe they have needed certificates

Please explain.

Well, there are Freenet and I2P. Tor hidden services can work like that too. You can also establish P2P VPN connections (through Tor, if you like) and network them to create your own private darknet. And you can create bridges between all of those networks.

 

It's easy: they ask the server operator to hand them over the data. No need to sniff the traffic from you to the server.

 

What if the account data was opened from the TOR, etc.. ?

 

TOR has nothing to do with data storage on a server. TOR makes sure that the destination server doesn't know exactly who accessed it. But as soon as you store something there (an email for instance), it can be accessed by others (NSA, for instance).

So, to recapitulate:
1. TOR is for anonymity, so the server doesn't know who you are.
2. SSL is for secure transfer of data (the transit from you to the server).
3. Encrypting your data (i.e. mails) makes sure that only the recipient (or you) can read it.

 

While (hopefully) this may be improving, just because you have an SSL connection to your email provider, it doesn't mean server to server transportation is encrypted.

STARTTLS can *try* to deliver via encryption server to server, but if just one server says "nah man, send it plain text" you are no longer protected.

You also have no say in what servers do with each other.

And this disregards that PRISM may be in the companies themselves, before encryption.

PD

 

does TOR reveal your IP across all the TOR computer/servers?
how is it that one TOR can see the previous TOR's network?

 

So true.

 

I don't understand what you're asking. Please rephrase.

 

The answer to your question is yes. But it gets a little complicated.
Listen or view this: > http://twit.tv/show/security-now/409

 

SSL, is safe.

 

Is your statement unequivocal?
A man in the middle attack can not happen?
Getting possession of a companies security certificates is impossible?
I'm not so sure.

 

Its safe if everyone that used it was a computer that did not make mistakes. SSL is safe, people are retarded. *Clarification*.

 

According to Shields UP fingerprinting SSL,HTTPS,TLS can be overcome by using HTTPS Proxy Appliances.

"Any corporation, educational institution, or other Internet connectivity provider who wishes to monitor every Internet action of its employees, students or users—every private user ID & password of every social networking or banking site they visit, their medical records, all “secure” eMail . . . EVERYTHING—simply arranges to add one additional “Pseudo Certificate Authority” to their users' browsers or computers. It's that simple.

Because the impersonation is perfect, neither the browser nor the user can readily detect that they do not have a securely encrypted direct connection to the remote web site. Their browser shows every facet of a standard secured SSL connection—all the locks and pretty colors and everything we have been trained to look for and check for are present . . .

And it's all a lie.

Instead of connecting to the remote web server, the browser is “securely” connected only to the local Proxy Appliance which is decrypting, inspecting, and logging all of the material sent from the browser. It inspects all content to determine whether it abides by whatever arbitrary policies the local network is enforcing. It's users have NO privacy and NO security. Or perhaps it just silently logs & records everything for possible future need. Either way, it has obtained full access to everything the user enters into their web browser."

https://www.grc.com/fingerprints.htmhttps://www.grc.com/fingerprints.htm

A case in point: Blue Coat Systems, Inc.

 

Hence my comment, only people who know how to correctly use it will be safe to use it.

 

why isnt each TOR data protected from the next TOR?