[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Google disable web-access to gmail for Tor-users?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Google disable web-access to gmail for Tor-users?
From: grarpamp <grarpamp@xxxxxxxxx>
Date: Thu, 7 Apr 2011 03:22:00 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 07 Apr 2011 03:22:16 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=9VL47Xs0boHwIUf4EyJsOtvRxk4low1dQsIOUAipeZU=; b=LbShiuRERnGJga75JD6Yvpkwv0pVm3veF2M7fw0A92YNhr1QLI38UJ+yra9CaPGtgv bGYFIrK+3t6JImkq40NvmmVoOus3CvPoJaijGKyIOqSNavxCY5GZbRCzAOMvkETZM2H3 MUn/+bN+zrU3boJhO5S4m1I1+Auc6ZTxhG68E=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=DdU5ni1agbTr3LrI9J91G577PJpIVjH9P+/mEj39wMWXVRutZvMShStYt48G7U4F0y Gv0VNfFO/uthnPCIaLB4tvw9v+7ECHe2Hm1CFf6j2i+IfYw8oBA8PEi0qT+dqDcDbHuL W/DZ50RPcYVuHvbZkqQ20ESxz95v4r63rc5b8=
In-reply-to: <BANLkTi=KEy5bZ6RGkBCm8ru0pyMnmMNhBg@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <BANLkTi=KEy5bZ6RGkBCm8ru0pyMnmMNhBg@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

> I used version 8.

sdk tools rev 10
sdk platform-tools rev 3
plat 3.0   api 11 rev 1 + google api 11 rev 1
plat 2.3.3 api 10 rev 1 + google api 10 rev 1
plat 2.2   api  8 rev 1 + google api  8 rev 2

These all work. I wanted to install the platform-tools, platforms
and add-ons individually via the command line but didn't have luck
with the filters.

3.0 has a nice big tablet interface, but no keypad/button panels
and it seems to wedge now and then.

> This should add the option to create a google account.

The above are working as expected now.

android list
android create avd -t <id> -n <name>

> when you create an avd you have the option of specifying a custom
> screen resolution

I didn't have much luck there. My physical crt is 21" at 1600x1200.
So I'd want the android glass to be maybe 800x600, excluding the
keypad/button panels off to the right. All within an X window of
maybe 1024x768.

Anyways: emulator -avb <name> -wipe-data -scale 0.76


Regarding identities and what is being sent...

# sdk installation
Though I haven't hashed the installation tree, I don't expeect
android/google is issuing unique software packages (with embedded
certs, etc).

# avb runtime
There are notes on the developer blog about various software generated
identities. So at minimum the avd's should be regenned per account.
You could diff the avb dirs. And further unpack/mount the images.

Also: adb bugreport

# host
Though less likely, there could also be access (via java, blobs)
of the host system UUID, MAC address, etc.

# wire
It's https, can't sniff it. I doubt google still has a fallback
http creation interface either.

My guess is that if you torify the entire box, regen the avb's and
maybe change your MAC... you should be safe across accounts. But
to be sure...


>> I don't have any idea how this works. If anyone is interested in
>> poking into this I suggest adding a self-signed root CA on a device or
>> emulator and use sslsniff + wireshark to see what is going on.
> I found a nice tutorial explaining how to install a root CA here:
> http://wiki.cacert.org/ImportRootCert
> Unfortunately this did not work and the certificate is still
> untrusted. I also tried installing the certificate from the SD card
> (through settings->location&security->install from sd card), but that
> doesn't affect the global certificate store.
> Attempts to create an account failed and sslsniff did not log anything.

There's probably some android debugger that would work to trace the
I/O of the android process that's talking through the stack to google.

Regardless of what's being sent, I'm pretty sure it's using a
lightweight android domain/proxy service cluster within google.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- Re: [tor-talk] Google disable web-access to gmail for Tor-users?
  - From: Aaron

Prev by Author: Re: [tor-talk] geocaching.com and okcupid.com doesn't allow access via TOR
Next by Author: Re: [tor-talk] Google disable web-access to gmail for Tor-users?
Previous by thread: Re: [tor-talk] Google disable web-access to gmail for Tor-users?
Next by thread: [tor-talk] Google Cert Observatory
Index(es):
- Author
- Thread