> [EMAIL PROTECTED]: > >> > Just in case you wondered whether Tor and Gmail are a good >> > combination: They are not. >> > >> > I did some testing with Privoxy's cvs version and this filter: > >> > Results: >> > http://www.fabiankeil.de/blog-surrogat/2006/09/18/screenshot-gmail-inbox-1024x768.png >> > http://www.fabiankeil.de/blog-surrogat/2006/09/18/screenshot-modifizierte-mail-1024x768.png >> > (My original mail's content is "Foo bar" of course.) >> > >> > More information (in German): >> > http://www.fabiankeil.de/blog-surrogat/2006/09/18/google-mail-fingerzeig.html > >> I'm not quite sure what you are saying? >> >> Are you saying that some info gets leaked if you use >> unencrypted http to transfer mail with gmail? > > Yes, and some info means everything but your password. > > And even if you enter through https://mail.google.com/, > a man in the middle can send your browser a redirect to > http://mail.google.com/, Google then sends your browser > another redirect to the encrypted login page on another > server and after the secured login you will get redirected > back to http://mail.google.com/.
OK, is this specific to Google? Or are there other free/nonfree email services that are immune to this behavior? If so, please suggest. What about ecommerce or other secured sites? --gene
