Defeat Exit Node Sniffing?
Chris Palmer
chris at noncombatant.org
Mon Mar 3 05:39:12 UTC 2008
scar writes:
> sorry, but that's not entirely true. if you watch your tor circuits,
> gmail will jump to one insecure connection on port 80 to do "something"
> during the login phase, and then go back https, even if you use
> https://mail.google.com/. this has been discussed to death, please search
> the archives.
I just ran a test with a clean instance of Firefox (Tools -> Clear Private
Data) and a fresh instance of WebScarab in which I browsed to
https://mail.google.com/, logged in, and viewed my inbox. WebScarab shows
exclusively HTTPS connections (to several Google hostnames), no HTTP
connections at all.
More information about the tor-talk
mailing list