After you login (which is on a https://www.google.com address), you are redirected (with auth tokens) to a http://mail.google.com/ address.
There seem to be two issues: 1) Is Gmail secure with regard to the exit node, even when entering on https://www.gmail.com/? 2) Is the Tor network leaking data with Gmail? - Tim Jason Holt wrote: > > On Mon, 18 Sep 2006, Tim McCormack wrote: > >> The problem is that Google puts the auth tokens in an http:// GET >> request -- you can see for yourself. And then it switches to https://. >> The exit node could grab your auth tokens, I guess. Since you're >> effectively at the same IP as the Tor exit node, gmail wouldn't know the >> difference. > > Where does that happen? When I go to gmail.com I get redirected to an > https login page. > > -J >
