On Mon, 18 Sep 2006, Tim McCormack wrote:
The problem is that Google puts the auth tokens in an http:// GET request -- you can see for yourself. And then it switches to https://. The exit node could grab your auth tokens, I guess. Since you're effectively at the same IP as the Tor exit node, gmail wouldn't know the difference.
Where does that happen? When I go to gmail.com I get redirected to an https login page.
-J
