[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Using Gmail (with Tor) is a bad idea

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Using Gmail (with Tor) is a bad idea
From: "Anthony DiPierro" <or@xxxxxxxxx>
Date: Wed, 20 Sep 2006 17:00:10 -0400
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Wed, 20 Sep 2006 17:00:29 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=g9iQvNXx8/Rx+wzUI4O8ivLZeVeWkHCQbxfqQ6IgyMkOoio++ENZeLtn/CZxX46BuieJupxtdzYfWWzdvcE7l97d19uaXTzA/qC+s8I3Jml3aQdeqUTqH3T/Jh6/C1ZQlhLckWY6x0rOO6Cl2wv/ORntqdVRSLkGJu/+KBl2ndw=
In-reply-to: <450F4E14.6060308@brainonfire.net>
References: <20060919000911.70009ff8@localhost> <g82vhp1h5343$.vzx12c31q51w$.dlg@40tude.net> <450F3C75.9070108@brainonfire.net> <Pine.LNX.4.64.0609182050050.14135@pl2.zayda.com> <450F4E14.6060308@brainonfire.net>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On 9/18/06, Tim McCormack <basalganglia@xxxxxxxxxxxxxxx> wrote:

After you login (which is on a https://www.google.com address), you are
redirected (with auth tokens) to a http://mail.google.com/ address.

There seem to be two issues:
 1) Is Gmail secure with regard to the exit node, even when entering on
https://www.gmail.com/?
 2) Is the Tor network leaking data with Gmail?

- Tim


If you use https://mail.google.com/ to login, then you will remain
using https after you log in.  If you use https://www.gmail.com/ to
login, you won't.  This is covered in one of gmail's FAQs.
(Incidently, it also seems to work to go to https://www.gmail.com/ and
then change the "continue=http" to "continue=https" in the url).

Is this the solution, or is the issue something different?

Anthony

References:
- Using Gmail (with Tor) is a bad idea
  - From: Fabian Keil
- Re: Using Gmail (with Tor) is a bad idea
  - From: Claude LaFrenière
- Re: Using Gmail (with Tor) is a bad idea
  - From: Tim McCormack
- Re: Using Gmail (with Tor) is a bad idea
  - From: Jason Holt
- Re: Using Gmail (with Tor) is a bad idea
  - From: Tim McCormack

Prev by Author: Missing threads...been removed?
Next by Author: Re: Using Gmail (with Tor) is a bad idea
Previous by thread: Re: Using Gmail (with Tor) is a bad idea
Next by thread: Re: Using Gmail (with Tor) is a bad idea
Index(es):
- Author
- Thread