[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Using Gmail (with Tor) is a bad idea

> yancm@xxxxxxxxxxxxxxxx:
>> > Just in case you wondered whether Tor and Gmail are a good
>> > combination: They are not.
>> >
>> > I did some testing with Privoxy's cvs version and this filter:
>> > Results:
>> > http://www.fabiankeil.de/blog-surrogat/2006/09/18/screenshot-gmail-inbox-1024x768.png
>> > http://www.fabiankeil.de/blog-surrogat/2006/09/18/screenshot-modifizierte-mail-1024x768.png
>> > (My original mail's content is "Foo bar" of course.)
>> >
>> > More information (in German):
>> > http://www.fabiankeil.de/blog-surrogat/2006/09/18/google-mail-fingerzeig.html
>> I'm not quite sure what you are saying?
>> Are you saying that some info gets leaked if you use
>> unencrypted http to transfer mail with gmail?
> Yes, and some info means everything but your password.
> And even if you enter through https://mail.google.com/,
> a man in the middle can send your browser a redirect to
> http://mail.google.com/, Google then sends your browser
> another redirect to the encrypted login page on another
> server and after the secured login you will get redirected
> back to http://mail.google.com/.

OK, is this specific to Google? Or are there other free/nonfree
email services that are immune to this behavior? If so, please

What about ecommerce or other secured sites?