(answered) why can't I use tor and bl?

Roger&Me said:
those of you signing into bl on tor, i hope you realize that anyone running an exit node can sniff your username and password to this site and take over your account - this goes for any site that requires signing into (outside of hidden services, in which case your traffic doesn't need to be dumped out to the regular internet via an exit node).
Click to expand...

But this is true only because you can't log into bluelight over https. It would also be true to say that if you use bluelight over a public WiFi network, anyone on that network who is sniffing traffic could find out your username/password. Of if you're at work and using bluelight, a network admin sniffing traffic could find that data out. And, though this scenario is less likely, if you're on your home network, someone (maybe a bitter employee of an ISP?) with control of one of the internet hops between your computer and the bluelight server could be packet sniffing and also get the plain text login credentials.

So the really important question here is .... why can't you log into bluelight over a secure connection??? I mean, come on, SoundCloud is over https now, for crying out loud. ;)

Also, for people saying that you can register over the clear net and then log in over Tor, you have to realize that this defeats the whole purpose of using Tor, unless the registration comes from an IP that somehow isn't associated with you.
 
we're considering the https issue. thanks.

alasdair
 
mickeyforest said:
But this is true only because you can't log into bluelight over https. It would also be true to say that if you use bluelight over a public WiFi network, anyone on that network who is sniffing traffic could find out your username/password. Of if you're at work and using bluelight, a network admin sniffing traffic could find that data out. And, though this scenario is less likely, if you're on your home network, someone (maybe a bitter employee of an ISP?) with control of one of the internet hops between your computer and the bluelight server could be packet sniffing and also get the plain text login credentials.

So the really important question here is .... why can't you log into bluelight over a secure connection??? I mean, come on, SoundCloud is over https now, for crying out loud. ;)

Also, for people saying that you can register over the clear net and then log in over Tor, you have to realize that this defeats the whole purpose of using Tor, unless the registration comes from an IP that somehow isn't associated with you.
Click to expand...

Ewwwww I don't like the sound of this. I wouldn't want someone to get my username n password. I thought it was secure here n that this couldn't happen? Is that why other sites begin https not http, to make more secure?

Evey
 
Eveyvibe said:
I wouldn't want someone to get my username n password.
Click to expand...
the chances of that happening are, well, you'll have to decide for yourself what the chances are.

i believe it's a remote chance but others would say it's not.
Eveyvibe said:
I thought it was secure here n that this couldn't happen?
Click to expand...
couldn't happen? that's incorrect. how likely is it? i refer you to my previous answer :)
Eveyvibe said:
Is that why other sites begin https not http, to make more secure?
Click to expand...
pretty much.

alasdair
 
You must log in or register to reply here.
Top