|
Posted by Nomen Nescio on October 27, 2007, 9:10 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Joan Battaglia wrote:
> On Sat, 27 Oct 2007 19:17:28 +0100, mark carter wrote:
> >>> I would strongly urge you never to use Tor for login to your Bank account.
> >>
> >> I'm asking about my email account.
> >> Given that using Tor to access http-based email accounts (eg
> >> http://mail.yahoo.com) is KNOWN to be passing your password to the Tor
> >> operator - the question was if using https-based email (eg
> >> https://mail.google.com) provided any protection of the password from the
> >> rogue Tor operator.
> >> Does https protect the password from Tor - or not?
>
> > I guess the next question, though, would be: could an exit node capture
> > traffic destined for certificate authorities, and substitute its own
> > fake certification?
No. Not unless some basic systems are completely broken.
>
> Oh my. I don't know what this means but I guess should stop using Tor to
> log into both my http://mail and my https://mail accounts. Thank you.
If you need to access those accounts anonymously you shouldn't. Your
mail provider will know your identity whether you use SSL or not.
>
> Is there _any_ way to log into web-based email securely without
> compromising your password?
Yes. SSL... with or without Tor. That's it's purpose.
| 
XML site map