"A. L." <alobiuc@xxxxxxxxx> wrote [quoting adjusted]: > That's a spot on fix for 3.0.6. The missing parameters > seem not to affect normal behaviour. I wasn't worried about missing parameters, but there was a small chance that every part of the redirection chain was required a do a proper log out. With the fix I posted, us.ard.yahoo.com is never contacted by the browser and if this step was necessary, the user would think she is logged out while in reality she isn't. Anyway, if you can confirm that the log out really happens, the redirect can stay (it's already in cvs). >> Also note, and this is Tor related again, that every time >> you run into a Privoxy fast-redirect problem it means that >> your request was unencrypted and could be sniffed or altered >> by the Tor exit node or systems between the exit node and >> the destination. >> You may want to investigate whether or not Yahoo allows >> you to accidentally send your Email unencrypted (like Google does) >> and if the session cookies are transferred encrypted. > I assume that means sniffing on my network. I guess I might look into it > in the near future, when I get a little more spare time. If you ment > something else, please post some hints. Yes, sniffing would be one way to detect whether or not the mails are passed encrypted. You just have to make sure that you sniff the data before it's passed into Tor. Another option would be to increase Privoxy's debug level and check the log file for traces of data that shouldn't be visible to Privoxy. Fabian
Attachment:
signature.asc
Description: PGP signature