On Sun, Mar 2, 2008 at 9:30 PM, defcon <[EMAIL PROTECTED]> wrote: > I have been using tor for a while now, and I absolutely love it, although > the only thing keeping me from using it, is the insecurities of the exit > nodes. I know to truly stay anonymous you should stay away from personal > accounts "but" how can I connect through tor to gmail or other ssl enabled > services without risking my password being sniffed or my dns request being > hijacked. Any advice would be greatly appreciated! > Thanks, > defcon >
To protect integrity and confidentiality you should use end-to-end encryption. This is not only particular to Tor but goes for most Internet communications. SSL/TLS (as used in https) provides end-to-end encryption and will prevent your communication from being sniffed. However, you should be careful to examine that the certificates of the remote server is signed and does not change. If they do change you might be attacked by a man-in-the-middle attack, where you indeed are talking securely, but directly to the attacker :-) -- Stian Øvrevåge
