Gmail/SSL
M. Peterson
petersonmaxx at googlemail.com
Sun Aug 10 08:10:39 UTC 2008
Hello
that is nor relly an encryption news, as the problem is not the ISP reading
Gmail Emails, but Google reading Gmail Emails.
Is there any way to encrypt the Gmail accounts? Like with enigmail -> GENIG
MAIL?
So ok, both users need to install this plugin and it would be not able to be
uses in the webmail acoount I guess,
but for a normal Thunderbird users of Gmail it should be possible to use
enigmail or any tother PGP encryption? Maybe retroshare.sf.net or
http://retromessenger.sf.net over Gmail? Whatever. Mime/SSL encryption.
That would be a nice plugin for Gmail, to exclude Google from reading my
emails. maybe as flash integrated in the browser of the gmail web account.
Sorry, maybe offtopic, but I thinkt hat is even more needed that surfing
anonmous with tor.
The retention data od the IP is less interesting than the spy on CONTENT.
Emails and Websites of course.
Max
On 8/9/08, coderman <coderman at gmail.com> wrote:
>
> On Sun, Mar 9, 2008 at 5:23 PM, Jonathan Addington <madjon at gmail.com>
> wrote:
> > I've been following the conversation regarding Gmail and SSL bits in
> > other threads because, as you can tell, I use Gmail, and was under the
> > impression that https:// will keep everything over an SSL connection.
>
> an update of note: Gmail now supports an account option to enforce the
> secure only bit on session cookies and keeps your entire gmail session
> on SSL. this makes attacks like Mike Perry's active side jacking
> impossible, as the session cookie is no longer sent in the clear when
> http:// non-SSL links are injected into browser content.
>
> to enable this feature:
> - at top of page select "Settings"
> - scroll to bottom of section for "Browser connection:" preference
> - select "Always use https"
>
> this will pass the Secure / secureonly option when settings the GX=...
> session cookie used to identify your authenticated session. this
> cookie will then never be sent over plain-text connections, protecting
> you from passive / active side jacking attacks.
>
> be sure to use a somewhat modern browser that supports secure only
> cookies. you can also verify correct operation with the "Live HTTP
> Headers" plugin for Firefox.
>
> best regards,
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080810/886aef50/attachment.htm>
More information about the tor-talk
mailing list