Gmail SSL – Log into Gmail Without SSL [Duplicate]

First of all:

• If the filtering is really only based on port numbers, then things are quite easily, and securely solved by using the official HTTPS URL via Tor, or via a proxy server (in another country) that supports "CONNECT" for SSL requests. For such proxies the SSL data is transferred over the port the proxy operates on (like often 81, 3128, 8080, 8181, 9090), not on the default HTTPS port 443.

  (For whoever wants to set up a proxy to help fight censorship: see for example Create anonymous Squid proxy for Iranian election protestors. The good thing about that article is that apparently, in June, communications through proxies were indeed not blocked? Or is nobody using HTTPS through those proxies?)

• Unfortunately, filtering is probably based on protocol, not on port numbers. Tools like Wireshark show how easily SSL traffic is detected, even when running through non-default ports. (Use display filter "ssl", and see what port is used in the TCP data. Or, when using a proxy, use display filter "tcp.port eq 443" and see nothing is found.)

• Some web based anonymising proxies support HTTPS over HTTP. For example: Hide My Ass Gmail proxy uses only HTTP. Of course, both a censor and the folks operating the proxy can peek into the communications.

• Some project called Haystack was introduced (and withdrawn) in 2010:

  Haystack is a new program to provide unfiltered internet access to the people of Iran. A software package for Windows, Mac and Unix systems, called Haystack, specifically targets the Iranian government’s web filtering mechanisms.

  Similar to Freegate, the program directed against China’s “great firewall,” once installed Haystack will provide completely uncensored access to the internet in Iran while simultaneously protecting the user’s identity. No more Facebook blocks, no more government warning pages when you try to load Twitter, just unfiltered Internet.

  Which compared itself to Tor:

  Tor focuses on using onion routing to ensure that a user's communications cannot be traced back to him or her, and only focuses on evading filters as a secondary goal. Because Tor uses standard SSL protocols, it is relatively easily to detect and block, especially during periods when the authorities are willing to intercept all encrypted traffic.

  On the other hand, Haystack focuses on being unblockable and innocuous while simultaneously protecting the privacy of our users. We do not employ onion routing, though our proxy system does provide a limited form of the same benefit.

  Bad security holes though:

  Then in Sept. 2010, security experts discovered a problem: Iranian authorities, the very ones Haystack was supposed to circumvent and shield against, were exploiting massive holes in the encryption scheme to snoop on dissidents.

When all does get filtered or is otherwise unavailable, then maybe your only hopes are someone outside the country who can run a HTTP-to-HTTPS gateway, using for example DeleGate. Again, the censoring government (and whoever is running that DeleGate server) can then monitor all your traffic. (Google might be smart enough to hash your password, even when Google thinks you're using HTTPS. Still, even if the password is secure, then all other text can still be read, and cookies can probably be stolen.)

NOTE: the following does not work (yet?). I can show the Gmail login page, but after logging in, the many redirects (from gmail.com to www.google.com/accounts, to mail.google.com) confuse DeleGate. Maybe some smart MOUNT or some entries in hosts are required after all. Maybe it can put someone on the right track tough (if no easier solutions are found, like: ensure that does not work!).

See Force web address to go through https for a full explanation on mapping http://twitter.com to https://twitter.com. For a generic HTTP to HTTPS gateway, the command would not include the Twitter-specific MOUNT parameter, so:

sudo ./macosxi-dg -v -P80,443 SERVER=http RESOLV=cache,dns \
  STLS=-fcl,fsv:https ADMIN=a@b.c

No need for adjustments in hosts either; instead you can then use URLs like:

http://127.0.0.1/-_-https://www.google.com

(Where 127.0.0.1 needs to be replaced with the IP address of the DeleGate server.)

(Hmmm, if no easier solutions are posted then I might see if I can set up something like the above.)