Delivery-Date: Mon, 16 Mar 2015 07:32:17 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY,
	URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id E18CC1E068B
	for <archiver@seul.org>; Mon, 16 Mar 2015 07:32:14 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 2AFAC33E46;
	Mon, 16 Mar 2015 11:32:12 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id BEDF933E01
 for <tor-talk@lists.torproject.org>; Mon, 16 Mar 2015 11:32:08 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id kXVFFfRCErJs for <tor-talk@lists.torproject.org>;
 Mon, 16 Mar 2015 11:32:08 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 9C26233B85
 for <tor-talk@lists.torproject.org>; Mon, 16 Mar 2015 11:32:08 +0000 (UTC)
Received: from berryeater.riseup.net (berryeater-pn.riseup.net [10.0.1.120])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id 0AF4541A7A
 for <tor-talk@lists.torproject.org>; Mon, 16 Mar 2015 11:32:06 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1426505526; bh=D47wdeDa52S5hX8A6gO95GTQDqhaZ9wp1O6l2YFq9p0=;
 h=Date:From:To:Subject:References:In-Reply-To:From;
 b=sF8RWfnEohAZ3CyvA2Peyy9IOM58hInaMsmJzsGxdHsLCAs2soX+eHpD4/PSaBAxP
 BEawoRb57JEHX4ztLH7KpxUiJrc9GZY3SwlLogRS4CkFWcZk9suHZmDNGTovXpXM5n
 4Qt8aPggsKjIC1RbFgQ6zkjKq60iqRPIhneESMR4=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: azadi) with ESMTPSA id 301C041DA9
Date: Mon, 16 Mar 2015 17:03:15 +0530
From: Sukhbir Singh <azadi@riseup.net>
To: tor-talk@lists.torproject.org
Message-ID: <20150316113315.GD2077@riseup.net>
Mail-Followup-To: tor-talk@lists.torproject.org
References: <b6cb75245c0c0ec46b713575b96647e1@openmailbox.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <b6cb75245c0c0ec46b713575b96647e1@openmailbox.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Virus-Scanned: clamav-milter 0.98.6 at mx1
X-Virus-Status: Clean
Subject: Re: [tor-talk] Are webmail providers biased against Tor?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

> I have noticed that when I try to login to my Gmail or Hotmail accounts with
> Tor, I invariably get asked to validate myself (e.g. receive an SMS). This
> is understandably due my IP being in a different country from the "usual"
> IPs that I use to sign in.
> 
> However, I have experimented with StrictExitNodes. I am in New York and have
> used a number of New York exit nodes. I still get asked to verify.
> 
> I am wondering if Tor developers or experienced users know (for a fact)
> whether or not this is "normal" or whether using an exit node automatically
> makes Gmail and Hotmail think that a "hacker" is attempting to access the
> accounts.
> 
> This is not a case of a website e.g. Craigslist blocking Tor. It is whether
> the use of an exit node IP automatically engenders scrutiny from whatever
> security algorithms certain webmail providers use.

Mike Hearn from Google addressed this issue on the tor-talk mailing list
in October 2012, where he said this:

"Access to Google accounts via Tor (or any anonymizing proxy service) is
not allowed unless you have established a track record of using those
services beforehand."

(https://lists.torproject.org/pipermail/tor-talk/2012-October/025923.html)

This was in response to several TorBirdy users complaining that they
couldn't access their Gmail accounts over Tor. As someone who used to
have a Gmail account and used TorBirdy over it, there were occasional
periods where I couldn't access my account over IMAP and had to log in
through the web interface and unlock it by entering a CAPTCHA. 

This was still better than what some other users who used Tor over Gmail
reported -- in some cases, Gmail would force them to provide a phone
number where Google would call or send a SMS before you could use your
account. The surprising part here was that Gmail wanted _any_ phone
number in _any_ country and not a number previously associated with your
account.  I am unsure how this helps them and what is the purpose behind
asking users to register with a phone. If one were to assume that they
wanted to know the location of the user, then why would they allow the
user to enter the number of any country?  (A friend confirmed this
recently and had to enter a phone number to unlock the account. Gmail
refused to allow access until a phone number was entered, where they
could call or send a text.)

So yes, it seems like Gmail doesn't favour users using Tor.

-- 
Sukhbir
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

