Re: [tor-talk] Google disable web-access to gmail for Tor-users?

[Aaron <aagbsn@xxxxxxxx>]

On Wed, Apr 6, 2011 at 11:25 AM, Aaron <aagbsn@xxxxxxxx> wrote:
> On Tue, Apr 5, 2011 at 8:38 PM, grarpamp <grarpamp@xxxxxxxxx> wrote:
>>> If you must have GMail, I've noticed that accounts created on android
>>> devices are not subject to these checks. And yes, even when using Tor
>>> via Orbot.
>>
>> Since using your android is, afaik, the same as giving them your
>> phone (SMS), or alternate identity, it would seem obvious that this
>> would work. And thus a non-solution in general.
>>
> Actually, Android is an open source project:
> http://source.android.com/
>
> And also other derivatives:
> http://www.cyanogenmod.com/
>
> You can run Android on a phone without google proprietary code, though
> most phones sold are google branded and bundled with proprietary apps.
>
>>> You don't have an android phone?
>>
>> Many good folks that would make good use of a gmail account
>> do not have such things. Similarly, many good folks that do
>> have such things would surely not wish to associate the identity
>> of such a thing (IMEI/SIM/account/location/life/etc) with any
>> gmail account just in order to get gmail. So for many, this is out
>> based on access and/or principle alone.
>
> I do think it's ridiculous to need a cellphone to get a webmail
> account. That said, there are a lot of competing providers. What I
> don't understand is hating on Google but still wanting to use their
> webmail service.
>>
>>> 1. Install the android sdk/emulator and create an avd. I tested with
>>> API 8 (android 2.2) + google apis
>>> 2. launch the emulator: emulator -http-proxy http://127.0.0.1:8118
>>> @your_adb_name_here (the proxy settings in the gui did *not* work for
>>> me)
>>> 4. navigate through settings->accounts&sync->add account->google->create
>>
>> Interesting...
>> - Are you suggesting that this simulator runs on a PC using unix or windows?
>> - What is an "adb_name"?
>
> The android emulator can be found here:
> http://developer.android.com/sdk/index.html
> It does run on the 3 major platforms.
>
> adb_name is a typo, I meant to say avd_name -- for 'android virtual device'.
>
>> - And it seems like a heavyweight solution in general. Do you have any
>> insight into why it works? Such as its use of a certain browser string,
>> preloaded cookie strings, or other http parameters? It would certainly
>> be easier for many people to simply mimic those in say firefox than
>> to setup an entire development and emulation environment.
>
> I don't have any idea how this works. If anyone is interested in
> poking into this I suggest adding a self-signed root CA on a device or
> emulator and use sslsniff + wireshark to see what is going on.

Just thought I'd update this here in case anyone else is trying this.

I found a nice tutorial explaining how to install a root CA here:
http://wiki.cacert.org/ImportRootCert

Unfortunately this did not work and the certificate is still
untrusted. I also tried installing the certificate from the SD card
(through settings->location&security->install from sd card), but that
doesn't affect the global certificate store.

Attempts to create an account failed and sslsniff did not log anything.

--Aaron

>> _______________________________________________
>> tor-talk mailing list
>> tor-talk@xxxxxxxxxxxxxxxxxxxx
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
>
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk