[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Using Gmail (with Tor) is a bad idea




On Mon, 18 Sep 2006, Tim McCormack wrote:

The problem is that Google puts the auth tokens in an http:// GET
request -- you can see for yourself.  And then it switches to https://.
The exit node could grab your auth tokens, I guess. Since you're
effectively at the same IP as the Tor exit node, gmail wouldn't know the
difference.

Where does that happen? When I go to gmail.com I get redirected to an https login page.


					-J