On 2007.09.20 20:15:12 -0400, Ben McIlwain <cydeweys(a)gmail.com> scribbled 39 lines:
...
And by the way, remember that all unencrypted web
traffic ends up
unencrypted at the Tor exit node, and can be (and sometimes is) sniffed
by unscrupulous folks. If you are using Tor you *must* make sure to use
only the secure Wikimedia https proxy. Even that is difficult though,
because you'll end up clicking a link that takes you to unsecure http
pages (such as a diff links), and before you can blink, your admin
cookie has gone across the web unencrypted.
...
Is this actually true, though? As I've said before, I edit through
secure.wikimedia.org, and I've done so for the past few months. In that time, I've
clicked on external links to
en.wikipedia.org/wiki/whatever - not internal links to
https://secure.wikimedia.org/wikipedia/en/wiki/whatever - and not once have I found myself
to be logged in on En.
--
gwern
veggie GEODSS NOCS JRA Marxist 2010 SP4 JICA 5707 Yobie