|
Title: My passwords are stolen when using Tor non-HTTPs ? Post by: postcd on March 13, 2016, 01:52:29 PM Hello,
on http://en.bitcoinwiki.org/Tor i read: Quote (the exit node) can see everything you do on HTTP sites, and can steal your passwords is this statement still valid and when i submit login form on HTTP site, im actually sending my password to the Exit node owner? if that is so, is there any way to prevent exit node see my password when login form support only HTTP ? Or any plugin that notify me before submitting HTTP form password? Thank You Title: Re: My passwords are stolen when using Tor non-HTTPs ? Post by: bleachedno on March 13, 2016, 02:09:24 PM I did read many times that there are even infected tor exit nodes that could harm your computer not sure if thats true but i would stay away from it.
Title: Re: My passwords are stolen when using Tor non-HTTPs ? Post by: achow101 on March 13, 2016, 02:15:01 PM Hello, Yes that is true. It is true even when not using tor. If you are sending data over HTTP, it is unencrypted so anyone between you and the site (e.g. tor exit nodes, routers, switches, proxies, etc.) can intercept and read the data in clear text. This includes passwords and sensitive information. The solution is to use HTTPS. IIRC the tor browser comes with an extension called HTTPS Everywhere that forces sites to use HTTPS if it us available. If it isn't, I think the extension will warn you.on http://en.bitcoinwiki.org/Tor i read: Quote (the exit node) can see everything you do on HTTP sites, and can steal your passwords is this statement still valid and when i submit login form on HTTP site, im actually sending my password to the Exit node owner? if that is so, is there any way to prevent exit node see my password when login form support only HTTP ? Or any plugin that notify me before submitting HTTP form password? Thank You |