[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Using Gmail (with Tor) is a bad idea

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Using Gmail (with Tor) is a bad idea
From: Jason Holt <jason@xxxxxxxxxxxx>
Date: Mon, 18 Sep 2006 20:51:15 -0500 (CDT)
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Mon, 18 Sep 2006 21:51:27 -0400
In-reply-to: <450F3C75.9070108@brainonfire.net>
References: <20060919000911.70009ff8@localhost> <g82vhp1h5343$.vzx12c31q51w$.dlg@40tude.net> <450F3C75.9070108@brainonfire.net>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx


On Mon, 18 Sep 2006, Tim McCormack wrote:

The problem is that Google puts the auth tokens in an http:// GET
request -- you can see for yourself.  And then it switches to https://.
The exit node could grab your auth tokens, I guess. Since you're
effectively at the same IP as the Tor exit node, gmail wouldn't know the
difference.

Where does that happen? When I go to gmail.com I get redirected to an https login page.

-J

Follow-Ups:
- Re: Using Gmail (with Tor) is a bad idea
  - From: Tim McCormack

References:
- Using Gmail (with Tor) is a bad idea
  - From: Fabian Keil
- Re: Using Gmail (with Tor) is a bad idea
  - From: Claude LaFrenière
- Re: Using Gmail (with Tor) is a bad idea
  - From: Tim McCormack

Prev by Author: Re: Better key negotiations
Next by Author: Earthlink's broken DNS affecting Tor nodes?
Previous by thread: Re: Using Gmail (with Tor) is a bad idea
Next by thread: Re: Using Gmail (with Tor) is a bad idea
Index(es):
- Author
- Thread