Hello,
on
http://en.bitcoinwiki.org/Tor i read:
(the exit node) can see everything you do on HTTP sites, and can steal your passwords
is this statement still valid and when i submit login form on HTTP site, im actually sending my password to the Exit node owner?
if that is so, is there any way to prevent exit node see my password when login form support only HTTP ?
Or any plugin that notify me before submitting HTTP form password?
Thank You
Yes that is true. It is true even when not using tor. If you are sending data over HTTP, it is unencrypted so anyone between you and the site (e.g. tor exit nodes, routers, switches, proxies, etc.) can intercept and read the data in clear text. This includes passwords and sensitive information. The solution is to use HTTPS. IIRC the tor browser comes with an extension called HTTPS Everywhere that forces sites to use HTTPS if it us available. If it isn't, I think the extension will warn you.