[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Gmail and Tor

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Gmail and Tor
From: grarpamp <grarpamp@xxxxxxxxx>
Date: Fri, 21 Dec 2012 03:15:01 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 21 Dec 2012 03:15:13 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=lSXmFIX4zWgMkmFllr57aQzRGzg+x3ScR41ztmA2OeU=; b=WEoN+wyfudLJ8s5JV7N9BCIYHLooQLae9ABYCcWfyJVGKcWr4OxnEUAir3WEouZfPc CwLlfoEC1ibjF73EwbtsqzPOixO+ifVmjOP79WunudDQxqSoSBsraWJ0i26+PRQBIWJY 5nYTBuQBltI0svTzNHGcT+aN8XE7FMSV8c5XlTejNv6bh8DFmztodCZsIinDc9vQm+Nm nNcwbLpvAO6oji2HQlVqYdMUw435ThkVowhjCwVH0+uhKr1pOf0tPJ17AWfLtbijpF5a EQLzmLsy9zz7IiS9eTd9p5sirFPuc3AWAKcgOUeRh9DYAICCUDwNhpI+aQxPPFRJbTql QLWg==
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

Sometime within the last few weeks I witnessed a user's
gmail account becoming locked due to use of Tor via their
'strange location' 'hijack detection' mechanism. After going
through the 'reset' process as directed by gmail, they were
unable to reset and instructed [1] to wait about a weeks
timeout before trying again. Gmail's knowledge base on
the matter made specific reference to 'Tor' and anonymizing
proxies.

So just take note that if using Gmail and Tor, you may
encounter this situation. I have not yet. Nor have I heard
that user's subsequent timeout outcome.

[1] Perhaps, and likely, entirely due to said user's refusal to
supply any secondary / out of band authentication forms such
as: secondary email address, OpenID, or their phone number.
Their username and password were still intact and known,
and they always use https.

Personally I think Gmail needs to bury a "leave us anons and
corporate VPN'ers alone with this business about 'protecting us'"
option somewhere in their config, or just notice Tor/VPN/Proxy
and do it by default.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Gmail and Tor
  - From: Maxim Kammerer
- Re: [tor-talk] Gmail and Tor
  - From: Mike Hearn

Prev by Author: Re: [tor-talk] 'You are not using Tor'
Next by Author: Re: [tor-talk] tor versus freenet
Previous by thread: Re: [tor-talk] Wordpress blocking Tor?
Next by thread: Re: [tor-talk] Gmail and Tor
Index(es):
- Author
- Thread