Without having a trustable certificate, the connection can be MITM'ed anyways. Anyone can produce a self-signed cert on demand.
Without having a trustable certificate, the connection can be MITM'ed anyways. Anyone can produce a self-signed cert on demand.
Onion addresses are unforgeable and traffic is encrypted. http over .onion is comparable to http over tls.