PasswordMaker Forums

Firefox/SeaMonkey/Mozilla/Netscape/Flock Browser Extension => Feature Requests / Enhancements => Topic started by: kimo on June 09, 2005, 06:03:27 AM

Title: anonymizer
Post by: kimo on June 09, 2005, 06:03:27 AM
how does this work with something like Anonymizer.com surfing or privoxy ?  I was never able to anonymously surf and use roboform at the same time maybe you can help out here?

Also - note the roboform form -filling algorithms are very sophisticated - rather than try to duplicate them - i'd suggest trying to work with them to replace their inhouse password generator feature.
Title: anonymizer
Post by: Eric H. Jung on June 09, 2005, 02:03:10 PM
Hi Kimo,

PasswordMaker works with Anonymizer and Privoxy.

Let's take Yahoo! mail as an example. Assuming you want the same password for yahoo.com and http://anon.free.anonymizer.com/http://mail.yahoo.com/?.intl=us (the URL used when you go to Yahoo! Mail through Anonymizer), here's what you should do:

1. Go to the Advanced Options dialog
2. Create a new account
3. In the When URL Contains field, type yahoo.com.
4. In the Use This URL field, type yahoo.com.

That's it! Now whenever you navigate to any url with yahoo.com (e.g., http://mail.yahoo.com or http://anon.free.anonymizer.com/http://mail.yahoo.com/?.intl=us), the same password is generated for both.

Hope that helps,
-Eric
Title: anonymizer
Post by: glowworm on July 08, 2005, 04:18:44 AM
I'm using Privoxy and TOR along with PM (no special configuration) without a problem. It even works on FreeNet's hidden onion servers if you don't mind S-L-O-W browsing ;)

Anonymizer would require the domain fix mentioned above.
Title: anonymizer
Post by: Juandon on July 27, 2005, 08:53:09 PM
Would this feature allow phishers to create a fake site that somehow contains the phrase yahoo.com thus tricking the software into realeasing your password?

I'm not entirely sure if it is possible to do this, or if your software falls for this, I was just wondering.  

Also I don't know why someone would want to go into important password protected sites through a proxy, but you never know.
Title: anonymizer
Post by: Eric H. Jung on July 27, 2005, 09:49:11 PM
Hi Juandon,

Quote
Would this feature allow phishers to create a fake site that somehow contains the phrase yahoo.com thus tricking the software into realeasing your password?
Yes, but the user must still click "Submit" after the password field is populated. It goes without saying that you should examine the URL before submitting any data over the internet.

Regards,
Eric
Title: anonymizer
Post by: Eric H. Jung on July 28, 2005, 02:39:09 AM
By the way, if you're using any modern browser, you're safe from IDN (international domain name) URL spoofing (a.k.a. homograph attacks (http://en.wikipedia.org/wiki/IDN_homograph_attack)). Specifically, Firefox deals with this by displaying those URLs as PunyCode (http://en.wikipedia.org/wiki/Punycode) (read this (http://en.wikipedia.org/wiki/International_Domain_Names) for more info). You can try this out by going to http://www.pаypal.com/ (http://www.pаypal.com) and looking at the address bar.