Privoxy setting blocking Yahoo mail logout

Fabian Keil freebsd-listen at fabiankeil.de
Sun Jan 21 15:21:02 UTC 2007


"A. L." <alobiuc at yahoo.com> wrote [quoting adjusted]:

> That's a spot on fix for 3.0.6. The missing parameters
> seem not to affect normal behaviour.

I wasn't worried about missing parameters,
but there was a small chance that every part
of the redirection chain was required a do
a proper log out.

With the fix I posted, us.ard.yahoo.com
is never contacted by the browser and if
this step was necessary, the user would
think she is logged out while in reality
she isn't.

Anyway, if you can confirm that the log
out really happens, the redirect can stay
(it's already in cvs).

>> Also note, and this is Tor related again, that every time
>> you run into a Privoxy fast-redirect problem it means that
>> your request was unencrypted and could be sniffed or altered
>> by the Tor exit node or systems between the exit node and
>> the destination.

>> You may want to investigate whether or not Yahoo allows
>> you to accidentally send your Email unencrypted (like Google does)
>> and if the session cookies are transferred encrypted.

> I assume that means sniffing on my network. I guess I might look into it
> in the near future, when I get a little more spare time. If you ment
> something else, please post some hints.

Yes, sniffing would be one way to detect whether or not
the mails are passed encrypted. You just have to make
sure that you sniff the data before it's passed into Tor.

Another option would be to increase Privoxy's
debug level and check the log file for traces of
data that shouldn't be visible to Privoxy.

Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20070121/a51f7267/attachment.pgp>


More information about the tor-talk mailing list