[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Google disable web-access to gmail for Tor-users?

Google / Gmail requires cookies to login. I use a cookie manager addon in Firefox 4. I allowed Google to set temporary cookies, & didn't get "cookies are disabled" message. But, when open the Gmail page in Tor mode, try to login - it gives me the following message (which seems like an idiotic privacy invasion & bad security idea - from user's stand point):
Verify your account
We've detected unusual activity on your account. To immediately restore access to your account, type your phone number below.
*Verification Options *
*Text Message*

Google will send a text message containing a verification code to your mobile phone.
*Voice Call*

Google will make an automated voice call to your phone with a verification code.

*Country *
*Mobile phone number *
If click on link "learn more about your support options," get this screen:

Accounts <https://www.google.com/accounts/> › Help articles <http://www.google.com/support/accounts/> › Suspicious activity detected on your account

Google Accounts: Suspicious activity detected on your account
Share Print

Because we detected unusual activity on your account, we've disabled all access for your protection. We do this to protect your privacy and make sure that only you have access to your account.

*For immediate access, follow these steps:*

1. Sign in to your account at http://www.google.com/accounts
2. You’ll be prompted to enter your phone number to verify your
account. Enter your phone number and choose how you want to
receive a verification code (SMS or voice call)
3. Click *Send verification code to my phone*
4. You may need to wait up to 10 minutes to receive our SMS or
voice call. Please do not request another code if the first one
has not arrived. Only the most recent code requested will be

If the above process does not work, you can <https://www.google.com/support/accounts/bin/request.py?ara=1&hl=en&contact_type=ara&ctx=ara>fill out this form, (gives a link) which asks you to provide details about your account. Make sure to take your time and answer as many questions as possible. If we are able to verify that you own the account, you’ll be able to reset your password.

Read this article <https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=46526> for more information on keeping your account secure.

This problem has been discussed before, but I don't know the real solution, if there is one. Because the Tor exit node (in my case) appears to be in a diff country than one given to Gmail when opened the acct (or the assumed country from my orig IP address), Google thinks it may be someone trying to hack the acct. There may be settings users can change in their acct to have Google (or other providers) to contact in a case like this, other than sending your phone #, to verify your identity. Don't think I'll be sending them my phone #. I've never seen this or heard of them (or any site) asking users to send their phone #. Yes, I'm sure I was on the real Gmail login page - https://www.google.com/accounts/ServiceLoginAuth

When I set up my acct, I chose "security questions" for verification (or at least if forget my password), but in this case, seems Google isn't using that to verify I'm the real acct owner.

It might be possible to limit relays Tor uses to your country, but never dealt w/ that. Others will know more than me.

Using StrictExitNodes 1 limits the nodes to whatever you have set for ExitNodes. For example:

StrictExitNodes 1

#ExitNodes blutmagie
#ExitNodes blutmagie2
#ExitNodes cassiope
ExitNodes DynoTor

Would set the exitnode to DynoTor (in the UK). You can have multiple uncommented ExitNodes. You can also select by country, for example:

ExitNodes {au} # Australia

Question: when you got this error were you playing around with temporary cookies? Why not let TorButton handle your cookies or allow cookies then securely delete cookies.sqlite afterwards? Then see if you have the same problem.
tor-talk mailing list