Using Gmail (with Tor) is a bad idea
Jason Holt
jason at lunkwill.org
Tue Sep 19 01:51:15 UTC 2006
On Mon, 18 Sep 2006, Tim McCormack wrote:
> The problem is that Google puts the auth tokens in an http:// GET
> request -- you can see for yourself. And then it switches to https://.
> The exit node could grab your auth tokens, I guess. Since you're
> effectively at the same IP as the Tor exit node, gmail wouldn't know the
> difference.
Where does that happen? When I go to gmail.com I get redirected to an https
login page.
-J
More information about the tor-talk
mailing list