My passwords are stolen when using Tor non-HTTPs ?

achow101

staff

Activity: 3458

Merit: 6793

Just writing some code

Quote from: postcd on March 13, 2016, 09:52:29 AM

Hello,

on http://en.bitcoinwiki.org/Tor i read:

Quote

(the exit node) can see everything you do on HTTP sites, and can steal your passwords

is this statement still valid and when i submit login form on HTTP site, im actually sending my password to the Exit node owner?

if that is so, is there any way to prevent exit node see my password when login form support only HTTP ?

Or any plugin that notify me before submitting HTTP form password?

Thank You

Yes that is true. It is true even when not using tor. If you are sending data over HTTP, it is unencrypted so anyone between you and the site (e.g. tor exit nodes, routers, switches, proxies, etc.) can intercept and read the data in clear text. This includes passwords and sensitive information. The solution is to use HTTPS. IIRC the tor browser comes with an extension called HTTPS Everywhere that forces sites to use HTTPS if it us available. If it isn't, I think the extension will warn you.

bleachedno

member

Activity: 112

Merit: 10

★YoBit.Net★ 350+ Coins Exchange & Dice

I did read many times that there are even infected tor exit nodes that could harm your computer not sure if thats true but i would stay away from it.

postcd

full member

Activity: 184

Merit: 103

Hello,

on http://en.bitcoinwiki.org/Tor i read:

Quote

(the exit node) can see everything you do on HTTP sites, and can steal your passwords

is this statement still valid and when i submit login form on HTTP site, im actually sending my password to the Exit node owner?

if that is so, is there any way to prevent exit node see my password when login form support only HTTP ?

Or any plugin that notify me before submitting HTTP form password?

Thank You

Topic: My passwords are stolen when using Tor non-HTTPs ? (Read 377 times)