Author

Topic: My passwords are stolen when using Tor non-HTTPs ? (Read 379 times)

staff
Activity: 3458
Merit: 6793
Just writing some code
Hello,

on http://en.bitcoinwiki.org/Tor i read:

Quote
(the exit node) can see everything you do on HTTP sites, and can steal your passwords

is this statement still valid and when i submit login form on HTTP site, im actually sending my password to the Exit node owner?

if that is so, is there any way to prevent exit node see my password when login form support only HTTP ?

Or any plugin that notify me before submitting HTTP form password?

Thank You
Yes that is true. It is true even when not using tor. If you are sending data over HTTP, it is unencrypted so anyone between you and the site (e.g. tor exit nodes, routers, switches, proxies, etc.) can intercept and read the data in clear text. This includes passwords and sensitive information. The solution is to use HTTPS. IIRC the tor browser comes with an extension called HTTPS Everywhere that forces sites to use HTTPS if it us available. If it isn't, I think the extension will warn you.
member
Activity: 112
Merit: 10
★YoBit.Net★ 350+ Coins Exchange & Dice
I did read many times that there are even infected tor exit nodes that could harm your computer not sure if thats true but i would stay away from it.
full member
Activity: 184
Merit: 103
Hello,

on http://en.bitcoinwiki.org/Tor i read:

Quote
(the exit node) can see everything you do on HTTP sites, and can steal your passwords

is this statement still valid and when i submit login form on HTTP site, im actually sending my password to the Exit node owner?

if that is so, is there any way to prevent exit node see my password when login form support only HTTP ?

Or any plugin that notify me before submitting HTTP form password?

Thank You
Jump to: