Using Gmail (with Tor) is a bad idea
Anthony DiPierro
or at inbox.org
Wed Sep 20 21:00:10 UTC 2006
On 9/18/06, Tim McCormack <basalganglia at brainonfire.net> wrote:
> After you login (which is on a https://www.google.com address), you are
> redirected (with auth tokens) to a http://mail.google.com/ address.
>
> There seem to be two issues:
> 1) Is Gmail secure with regard to the exit node, even when entering on
> https://www.gmail.com/?
> 2) Is the Tor network leaking data with Gmail?
>
> - Tim
If you use https://mail.google.com/ to login, then you will remain
using https after you log in. If you use https://www.gmail.com/ to
login, you won't. This is covered in one of gmail's FAQs.
(Incidently, it also seems to work to go to https://www.gmail.com/ and
then change the "continue=http" to "continue=https" in the url).
Is this the solution, or is the issue something different?
Anthony
More information about the tor-talk
mailing list