[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Tor and Google error / CAPTCHAs.
On 9/27/2016 9:57 AM, blobby@xxxxxxxxxxxxxxx wrote:
I can't say about Gmail today (I hope you're not trying to use it w/
Tor, hoping for anonymity).
But w/ other login sites that balked at Tor, forcing a exit relay in
same country that you signed up from, sometimes fixed the messages like,
"We've detected unusual behavior... Give us your home phone & address &
we'll call you." :D Sometimes even Startpage, DDG, etc. will pop a
captcha. I wonder why, until I look at the exit country & it's China or
Uzbekistan or such. After I change that to a country less known for
cybercrime, no more capthcas on those sites.
This is exactly my issue. If I login to my Gmail or FB account then
invariably Gmail or FB thinks I am a suspicious person hence "Something
seems a bit different about the way you're trying to sign in. Complete
the step below to let us know it's you and not someone pretending to be
you" or worse "Google couldn't verify it's you, so you can't sign in to
this account right now." In the FB case, I am asked to identify my
"friends" half of whom have baby photos or the image is unclear..
Sometimes I get them wrong and am locked out for a few hours. And this
is when connecting via the FB .onion address.
IMO, and I am curious to know what Alec thinks, Google, FB, etc are
creating far too many false positives. Googling "Something seems a bit
different about the way you're trying to sign in" results in numerous
cases where innocent users have been locked out.
Is there a way that using an exit node for Gmail, FB, etc will not be
considered suspicious? Is that even possible?
Probably depends on the proxy. You could try, but I'm guessing that's
what a lot of spammers & scammers try. Gmail has pretty strict rules to
try & prevent fraud (keep a good reputation). They don't want to lose
many users, or they don't get to scan the email & scrape the private
data. Would be financial loss, so they don't want other ISPs or sites
Is it possible to use a different proxy way to access Gmail, FB, etc
without being seen as suspicious? For example, one could use proxychains
with Tor followed by a SOCKS proxy to login.
It's hard to sign up for gmail w/ Tor. They want SMS authentication,
which is usually going to blow most users' anonymity.
By contrast, if you create an acct w/ non-Tor browser, then access it w/
TBB, that accomplishes nothing - as for anonymity.
Only creating an acct w/ TBB & then *never* accessing it w/ anything
else (& not having addons or plugins that might leak IPa) will
accomplish anonymity. For Tor Browser email, it just seems a better
idea to start w/ a provider that's both Tor friendly AND privacy /
security conscious. That's not google.
Even then, I'm not sure. What if you get an email - via TBB, that
mentions your real name, or is from someone in your town - using their
real IPa - saying, "come on over tonight, to 123 Oak St.," or gives
their phone #, etc.? Then the mail provider effectively knows which
town you live in, at minimum. The right agencies can then cross
reference that person's contacts - if they want. And then probably the
national security agency know all that.
In both cases above (exit node and exit node plus SOCKS) we assume that
the IP address more or less matches the "normal" non-proxy login. I am
in Paris and use a Paris exit node and a Paris SOCKS proxy for example.
Finally, thanks for participating in this discussion. It is rare to have
people who work or used to work at the major webmail and social media
companies from a) getting involved and b) providing a nuanced (not
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to