[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Moxie Marlinspike


There's nothing in there that we didn't already know was possible, and I realise
it's not a Tor specific flaw. I just read this paragraph and thought I'd pass it
on here:

"Marlinspike also claimed that in a limited 24 hour test case running on the
anonymous TOR network (and without actually keeping any personally identifiable
information) he intercepted 114 yahoo logins â 50 gmail logins, 9 paypal, 9 
inkedin and 3 facebook. So apparently the tool works - and works well."

Lots of people simply don't know how to use Tor safely.

I wonder if something could/should be built into TorButton to force a list of
commonly used services to go entirely over https? Eg any request for

Also, how feasible would it be to add a popup which says something along the
lines of:

"You are about to post unencrypted data over the Tor network. Are you sure you
wish to proceed?"