[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Defeat Exit Node Sniffing?



scar writes:

> sorry, but that's not entirely true.  if you watch your tor circuits,
> gmail will jump to one insecure connection on port 80 to do "something"
> during the login phase, and then go back https, even if you use
> https://mail.google.com/.  this has been discussed to death, please search
> the archives.

I just ran a test with a clean instance of Firefox (Tools -> Clear Private
Data) and a fresh instance of WebScarab in which I browsed to
https://mail.google.com/, logged in, and viewed my inbox. WebScarab shows
exclusively HTTPS connections (to several Google hostnames), no HTTP
connections at all.