[tor-talk] Google disable web-access to gmail for Tor-users?

katmagic the.magical.kat at gmail.com
Sat Apr 2 19:33:24 UTC 2011 

On Sat, 02 Apr 2011 14:17:48 -0500
Joe Btfsplk <joebtfsplk at gmx.com> wrote:

> 
> 
> On 4/2/2011 12:16 PM, Matthew wrote:
> >
> >>>
> >>
> >> This problem has been discussed before, but I don't know the real 
> >> solution, if there is one. Because the Tor exit node (in my case) 
> >> appears to be in a diff country than one given to Gmail when opened 
> >> the acct (or the assumed country from my orig IP address), Google 
> >> thinks it may be someone trying to hack the acct. There may be 
> >> settings users can change in their acct to have Google (or other 
> >> providers) to contact in a case like this, other than sending your 
> >> phone #, to verify your identity. Don't think I'll be sending them my 
> >> phone #. I've never seen this or heard of them (or any site) asking 
> >> users to send their phone #. Yes, I'm sure I was on the real Gmail 
> >> login page - https://www.google.com/accounts/ServiceLoginAuth
> >>
> >> When I set up my acct, I chose "security questions" for verification 
> >> (or at least if forget my password), but in this case, seems Google 
> >> isn't using that to verify I'm the real acct owner.
> >>
> >> It might be possible to limit relays Tor uses to your country, but 
> >> never dealt w/ that. Others will know more than me.
> >> _______________________________________________
> >>
> >
> > Using StrictExitNodes 1 limits the nodes to whatever you have set for 
> > ExitNodes. For example:
> >
> > StrictExitNodes 1
> >
> > #ExitNodes blutmagie
> > #ExitNodes blutmagie2
> > #ExitNodes cassiope
> > ExitNodes DynoTor
> >
> > Would set the exitnode to DynoTor (in the UK). You can have multiple 
> > uncommented ExitNodes. You can also select by country, for example:
> >
> > ExitNodes {au} # Australia
> >
> > Question: when you got this error were you playing around with 
> > temporary cookies? Why not let TorButton handle your cookies or allow 
> > cookies then securely delete cookies.sqlite afterwards? Then see if 
> > you have the same problem.
> > _______________________________________________
> > tor-talk mailing list
> > tor-talk at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> >
> After the OP's question about Gmail & cookies, I tried logging w/ Tor.  
> At 1st, I got "cookies disabled" msg.  Then, I used the addon "Cookie 
> Monster" to allow a temporary cookie.
> NOTE:  Whether using a cookie mgr addon or Firefox's cookie mgr, I 
> disallow all cookies globally, then allow sites as needed.  Don't know 
> how, if this affects Torbutton's function (assume it shouldn't - but 
> Torbutton obviously wasn't letting Google set a cookie).  Maybe a cookie 
> exception for a site already has to be in firefox permissions file for 
> Torbutton to allow site to set cookies?
> 
> I am using Torbutton 1.3.2a.  AFAIK, when active, Torbutton is handling 
> my cookies  (obviously not, or not to Google's liking).  I'm using 
> default settings in Torbutton >Cookies tab.  Is there a specific non 
> default option that needs to be checked?
> 
> My about:config entry for extensions.torbutton.xfer_google_cookies is 
> set to true.
> 
> I'll show my ignorance - where would the entries for Strict Exit Nodes 
> be entered / stored?
> 
> Google has really changed it's login / security login / PW recovery 
> policies & acct settings.  Good, I guess.  But the last issue I 
> encountered appeared specifically related to Tor using a non US exit 
> node (I'm guessing).  May be (new) settings in a Gmail acct that would 
> allow verifying acct (if get the kind of error I did w/ Tor), other than 
> giving them your phone # or resetting PW.
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Google requires you to be able to receive a text message or phone call to
use a GMail account over Tor. This is unrelated to Torbutton's cookie handling
(which was broken but has since been fixed). Personally, I got a friend on IRC
to let me use his phone for it.

-- 
Please use encryption. My PGP key ID is E51DFE2C.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110402/5c621896/attachment-0001.pgp>

More information about the tor-talk mailing list