Using Gmail (with Tor) is a bad idea
Wesley Pegden
wes at cs.uchicago.edu
Tue Sep 19 02:09:04 UTC 2006
I know this is taking this a bit off topic (since people are obviously
raising some important issues here)... but it seems to me that, in most
cases, using gmail with tor would be pretty silly anyways?
Most people's email accounts have personally identifying information, so
you've already lost anonymity. What's the point of tor then? As some
people were arguing before, you may well be opening yourself to MORE
snooping, rather than less. I try to avoid using tor when my browsing
reveals my identity anyways.
I guess it can make sense to use tor in the case where you've set up a
special "anonymous" account where no emails contain identifying info.
Am I way off base here? (Again, I realize that the points that are
being made, for example about firefox, are of course important in their
own right...)
-Wes
Tim McCormack wrote:
> After you login (which is on a https://www.google.com address), you are
> redirected (with auth tokens) to a http://mail.google.com/ address.
>
> There seem to be two issues:
> 1) Is Gmail secure with regard to the exit node, even when entering on
> https://www.gmail.com/?
> 2) Is the Tor network leaking data with Gmail?
>
> - Tim
>
> Jason Holt wrote:
>
>> On Mon, 18 Sep 2006, Tim McCormack wrote:
>>
>>
>>> The problem is that Google puts the auth tokens in an http:// GET
>>> request -- you can see for yourself. And then it switches to https://.
>>> The exit node could grab your auth tokens, I guess. Since you're
>>> effectively at the same IP as the Tor exit node, gmail wouldn't know the
>>> difference.
>>>
>> Where does that happen? When I go to gmail.com I get redirected to an
>> https login page.
>>
>> -J
>>
>>
>
>
More information about the tor-talk
mailing list