On 4/2/2011 8:04 AM, James Brown wrote:
Google / Gmail requires cookies to login. I use a cookie manager addon in Firefox 4. I allowed Google to set temporary cookies, & didn't get "cookies are disabled" message. But, when open the Gmail page in Tor mode, try to login - it gives me the following message (which seems like an idiotic privacy invasion & bad security idea - from user's stand point):I run Icedove 3.5.16 on Debian Squeeze (under a transparently-torified linux user), Tor v0.2.1.30, TB 1.2.5. When I try to log into my gmail accounts I have the next message:We've detected a problem with your cookie settings. Enable cookies Make sure your cookies are enabled. To enable cookies, follow these browser-specific instructions. Clear cache and cookies If you have cookies enabled but are still having trouble, clear your browser's cache and cookies. Adjust your privacy settings If clearing your cache and cookies doesn't resolve the problem, try adjusting your browser's privacy settings. If your settings are on high, manually add www.google.com to your list of allowed sites. Learn moreI have enabled cookies, because it I try to clear my browser's cache and cookies but I have the same result. The next, I go to the page "Changing privacy settings" and I read the bellow: I.e. they reguire to connect their site avoiding the tor-net!!!
Verify your accountWe've detected unusual activity on your account. To immediately restore access to your account, type your phone number below.*Verification Options * *Text Message*Google will send a text message containing a verification code to your mobile phone.*Voice Call*Google will make an automated voice call to your phone with a verification code.*Country * *Mobile phone number *
If click on link "learn more about your support options," get this screen:
Accounts <https://www.google.com/accounts/> › Help articles <http://www.google.com/support/accounts/> › Suspicious activity detected on your accountGoogle Accounts: Suspicious activity detected on your account Share PrintBecause we detected unusual activity on your account, we've disabled all access for your protection. We do this to protect your privacy and make sure that only you have access to your account.*For immediate access, follow these steps:* 1. Sign in to your account at http://www.google.com/accounts 2. You’ll be prompted to enter your phone number to verify your account. Enter your phone number and choose how you want to receive a verification code (SMS or voice call) 3. Click *Send verification code to my phone* 4. You may need to wait up to 10 minutes to receive our SMS or voice call. Please do not request another code if the first one has not arrived. Only the most recent code requested will be accepted.If the above process does not work, you can <https://www.google.com/support/accounts/bin/request.py?ara=1&hl=en&contact_type=ara&ctx=ara>fill out this form, (gives a link) which asks you to provide details about your account. Make sure to take your time and answer as many questions as possible. If we are able to verify that you own the account, you’ll be able to reset your password.Read this article <https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=46526> for more information on keeping your account secure.
This problem has been discussed before, but I don't know the real solution, if there is one. Because the Tor exit node (in my case) appears to be in a diff country than one given to Gmail when opened the acct (or the assumed country from my orig IP address), Google thinks it may be someone trying to hack the acct. There may be settings users can change in their acct to have Google (or other providers) to contact in a case like this, other than sending your phone #, to verify your identity. Don't think I'll be sending them my phone #. I've never seen this or heard of them (or any site) asking users to send their phone #. Yes, I'm sure I was on the real Gmail login page - https://www.google.com/accounts/ServiceLoginAuth
When I set up my acct, I chose "security questions" for verification (or at least if forget my password), but in this case, seems Google isn't using that to verify I'm the real acct owner.
It might be possible to limit relays Tor uses to your country, but never dealt w/ that. Others will know more than me.
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk