Thus spake Joe Btfsplk (joebtfsplk@xxxxxxx): > On 4/2/2011 2:33 PM, katmagic wrote: > >Google requires you to be able to receive a text message or phone call to > >use a GMail account over Tor. This is unrelated to Torbutton's cookie > >handling > >(which was broken but has since been fixed). Personally, I got a friend on > >IRC > >to let me use his phone for it. > 1st I've heard they REQUIRE a phone # to use Gmail over Tor. Anyone > else aware this is the only way? > I'd bet, from the Google message about "unusual activity," it was > because the exit node wasn't in the same country I used when created acct. This is possible. The "unusual activity" message is unrelated to cookie issues, and appears to have something to do with the exit node chosen to connect to gmail. You can be asked for an SMS confirmation from one exit, and then hit "New Identity" and then not be asked on the next. It must have something to do with either geolocation, or the types of activity their systems see from particular exits that make them think bots are involved. In once case, it happened while I was using a pseudonym to contibute to another open source project and ask questions on a mailinglist. I was unable to get the message to go away with "New Identity" (possibly because sending mail to a milinglist smells extra-spammy?), so I clicked through the help links and filled out some form explaining my desire for strong pseudonymity, and they lifted the block without a cell #. > Can you expand a little of Torbutton's cookie handling being fixed? > Again, I'm using TB 1.3.2a. > What are the criteria for TB to allow a site to set cookies? TB is not actually blocking any cookies here. At least not on purpose. The TB feature that is causing this issue is one that is designed to minimize the number of Google captchas Tor users must solve to use Google Search. We attempt to transfer the captcha-relaed cookies from all international domains, but we ended up mangling some login cookies after a change to how Google auth works. The issue is fixed in the 1.3.x series, but not in 1.2. The plan is to release 1.4.0 as the new stable ASAP, rather than backport these fixes to 1.2.x. Otherwise, Torbutton's default cookie policy is to allow cookies to persist in memory until either the Torbutton is toggled, or the browser exits. We plan to eventually extend this functionality to provide a "New Identity" button in the browser, to synchronize the clearing of all Firefox identifiers with the "New Identity" functionality of Vidalia/Tor, but this requires some additional integration work... -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpc3vBWwc2QG.pgp
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk