My passwords are stolen when using Tor non-HTTPs ?

[postcd]

Hello,

on http://en.bitcoinwiki.org/Tor i read:

(the exit node) can see everything you do on HTTP sites, and can steal your passwords

is this statement still valid and when i submit login form on HTTP site, im actually sending my password to the Exit node owner?

if that is so, is there any way to prevent exit node see my password when login form support only HTTP ?

Or any plugin that notify me before submitting HTTP form password?

Thank You

[bleachedno]

I did read many times that there are even infected tor exit nodes that could harm your computer not sure if thats true but i would stay away from it.

[achow101]

Hello,

on http://en.bitcoinwiki.org/Tor i read:

(the exit node) can see everything you do on HTTP sites, and can steal your passwords

is this statement still valid and when i submit login form on HTTP site, im actually sending my password to the Exit node owner?

if that is so, is there any way to prevent exit node see my password when login form support only HTTP ?

Or any plugin that notify me before submitting HTTP form password?

Thank You

Yes that is true. It is true even when not using tor. If you are sending data over HTTP, it is unencrypted so anyone between you and the site (e.g. tor exit nodes, routers, switches, proxies, etc.) can intercept and read the data in clear text. This includes passwords and sensitive information. The solution is to use HTTPS. IIRC the tor browser comes with an extension called HTTPS Everywhere that forces sites to use HTTPS if it us available. If it isn't, I think the extension will warn you.