[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Defeat Exit Node Sniffing?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Defeat Exit Node Sniffing?
From: Chris Palmer <chris@xxxxxxxxxxxxxxxx>
Date: Sun, 2 Mar 2008 21:39:12 -0800
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Mon, 03 Mar 2008 00:39:19 -0500
In-reply-to: <47CB3B40.3050408@xxxxxxxxxx>
References: <a45400c30803021230x47297f81t1901918c4910e48c@xxxxxxxxxxxxxx> <20080302211557.GL10785@xxxxxxxxxxxxxxxx> <47CB3B40.3050408@xxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.4.2.3i

scar writes:

> sorry, but that's not entirely true.  if you watch your tor circuits,
> gmail will jump to one insecure connection on port 80 to do "something"
> during the login phase, and then go back https, even if you use
> https://mail.google.com/.  this has been discussed to death, please search
> the archives.

I just ran a test with a clean instance of Firefox (Tools -> Clear Private
Data) and a fresh instance of WebScarab in which I browsed to
https://mail.google.com/, logged in, and viewed my inbox. WebScarab shows
exclusively HTTPS connections (to several Google hostnames), no HTTP
connections at all.

Follow-Ups:
- Re: Defeat Exit Node Sniffing?
  - From: Marco Bonetti

References:
- Defeat Exit Node Sniffing?
  - From: defcon
- Re: Defeat Exit Node Sniffing?
  - From: Chris Palmer
- Re: Defeat Exit Node Sniffing?
  - From: scar

Prev by Author: Re: Defeat Exit Node Sniffing?
Next by Author: Re: Defeat Exit Node Sniffing?
Previous by thread: Re: Defeat Exit Node Sniffing?
Next by thread: Re: Defeat Exit Node Sniffing?
Index(es):
- Author
- Thread