Re: Using Gmail (with Tor) is a bad idea

[Wesley Pegden <wes@xxxxxxxxxxxxxxx>]

I know this is taking this a bit off topic (since people are obviously 
raising some important issues here)... but it seems to me that, in most 
cases, using gmail with tor would be pretty silly anyways?

Most people's email accounts have personally identifying information, so 
you've already lost anonymity.  What's the point of tor then?  As some 
people were arguing before, you may well be opening yourself to MORE 
snooping, rather than less.  I try to avoid using tor when my browsing 
reveals my identity anyways.

I guess it can make sense to use tor in the case where you've set up a 
special "anonymous" account where no emails contain identifying info.

Am I way off base here?  (Again, I realize that the points that are 
being made, for example about firefox, are of course important in their 
own right...)

-Wes

Tim McCormack wrote:
> After you login (which is on a https://www.google.com address), you are
> redirected (with auth tokens) to a http://mail.google.com/ address.
>
> There seem to be two issues:
>  1) Is Gmail secure with regard to the exit node, even when entering on
> https://www.gmail.com/?
>  2) Is the Tor network leaking data with Gmail?
>
>   - Tim
>
> Jason Holt wrote:
>   
> > On Mon, 18 Sep 2006, Tim McCormack wrote:
> >
> >     
> > > The problem is that Google puts the auth tokens in an http:// GET
> > > request -- you can see for yourself.  And then it switches to https://.
> > > The exit node could grab your auth tokens, I guess. Since you're
> > > effectively at the same IP as the Tor exit node, gmail wouldn't know the
> > > difference.
> > >       
> > Where does that happen?  When I go to gmail.com I get redirected to an
> > https login page.
> >
> >                     -J
> >
> >     
>
>