[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Using Gmail (with Tor) is a bad idea
After you login (which is on a https://www.google.com address), you are
redirected (with auth tokens) to a http://mail.google.com/ address.
There seem to be two issues:
1) Is Gmail secure with regard to the exit node, even when entering on
https://www.gmail.com/?
2) Is the Tor network leaking data with Gmail?
- Tim
Jason Holt wrote:
>
> On Mon, 18 Sep 2006, Tim McCormack wrote:
>
>> The problem is that Google puts the auth tokens in an http:// GET
>> request -- you can see for yourself. And then it switches to https://.
>> The exit node could grab your auth tokens, I guess. Since you're
>> effectively at the same IP as the Tor exit node, gmail wouldn't know the
>> difference.
>
> Where does that happen? When I go to gmail.com I get redirected to an
> https login page.
>
> -J
>