Delivery-Date: Mon, 16 Mar 2015 17:50:18 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL,
	DKIM_SIGNED,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD,URIBL_BLOCKED
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id B0EDA1E0CE4
	for <archiver@seul.org>; Mon, 16 Mar 2015 17:50:16 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 6146834403;
	Mon, 16 Mar 2015 21:50:12 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id BEAA0343EC
 for <tor-talk@lists.torproject.org>; Mon, 16 Mar 2015 21:50:08 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id FPGgfqWsFbRI for <tor-talk@lists.torproject.org>;
 Mon, 16 Mar 2015 21:50:08 +0000 (UTC)
Received: from mail2.openmailbox.org (mail2.openmailbox.org [62.4.1.33])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 75C2F342B3
 for <tor-talk@lists.torproject.org>; Mon, 16 Mar 2015 21:50:08 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by mail2.openmailbox.org (Postfix) with ESMTP id C23AD20332A
 for <tor-talk@lists.torproject.org>; Mon, 16 Mar 2015 22:50:04 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=openmailbox.org;
 h=user-agent:message-id:references:in-reply-to:subject:subject
 :from:from:date:date:content-transfer-encoding:content-type
 :content-type:mime-version:received:received; s=openmailbox; t=
 1426542600; bh=O8hipBYo27Sq3q1cJ8vZRqyUZ/rc3jUHpuq60VWRslM=; b=N
 WEdnin767YyrQbqzgh98FCo1Gz3VjhVbRPVPEQyKsNstp2SXsOqEAPCynT3mC0T8
 0EtUQcv5t6uo5o0gJ0RGcLp/cEOkeeTtLqBgdbr+t9xu5xteJhfBdvEO0ovTKv2A
 7QUMGNMua32OUfmJLs8ajhIoDywb2GFOb4GqFiprCI=
X-Virus-Scanned: amavisd-new at openmailbox.org
Received: from mail2.openmailbox.org ([62.4.1.33])
 by localhost (mail.openmailbox.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id EIjvtw9m9dt2 for <tor-talk@lists.torproject.org>;
 Mon, 16 Mar 2015 22:50:00 +0100 (CET)
Received: from www.openmailbox.org (localhost [127.0.0.1])
 by mail2.openmailbox.org (Postfix) with ESMTP id 915FE202B99
 for <tor-talk@lists.torproject.org>; Mon, 16 Mar 2015 22:50:00 +0100 (CET)
MIME-Version: 1.0
Date: Mon, 16 Mar 2015 21:50:00 +0000
From: blobby@openmailbox.org
To: tor-talk@lists.torproject.org
In-Reply-To: <20150316113315.GD2077@riseup.net>
References: <b6cb75245c0c0ec46b713575b96647e1@openmailbox.org>
 <20150316113315.GD2077@riseup.net>
Message-ID: <5613afa1a339f26dbaaec7bac784f781@openmailbox.org>
X-Sender: blobby@openmailbox.org
User-Agent: Roundcube Webmail/1.0.5
Subject: Re: [tor-talk]
 =?utf-8?q?Are_webmail_providers_biased_against_Tor=3F?=
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 2015-03-16 11:33, Sukhbir Singh wrote:
>> I have noticed that when I try to login to my Gmail or Hotmail 
>> accounts with
>> Tor, I invariably get asked to validate myself (e.g. receive an SMS). 
>> This
>> is understandably due my IP being in a different country from the 
>> "usual"
>> IPs that I use to sign in.
>> 
>> However, I have experimented with StrictExitNodes. I am in New York 
>> and have
>> used a number of New York exit nodes. I still get asked to verify.
>> 
>> I am wondering if Tor developers or experienced users know (for a 
>> fact)
>> whether or not this is "normal" or whether using an exit node 
>> automatically
>> makes Gmail and Hotmail think that a "hacker" is attempting to access 
>> the
>> accounts.
>> 
>> This is not a case of a website e.g. Craigslist blocking Tor. It is 
>> whether
>> the use of an exit node IP automatically engenders scrutiny from 
>> whatever
>> security algorithms certain webmail providers use.
> 
> Mike Hearn from Google addressed this issue on the tor-talk mailing 
> list
> in October 2012, where he said this:
> 
> "Access to Google accounts via Tor (or any anonymizing proxy service) 
> is
> not allowed unless you have established a track record of using those
> services beforehand."
> 
> (https://lists.torproject.org/pipermail/tor-talk/2012-October/025923.html)
> 
> This was in response to several TorBirdy users complaining that they
> couldn't access their Gmail accounts over Tor. As someone who used to
> have a Gmail account and used TorBirdy over it, there were occasional
> periods where I couldn't access my account over IMAP and had to log in
> through the web interface and unlock it by entering a CAPTCHA.
> 
> This was still better than what some other users who used Tor over 
> Gmail
> reported -- in some cases, Gmail would force them to provide a phone
> number where Google would call or send a SMS before you could use your
> account. The surprising part here was that Gmail wanted _any_ phone
> number in _any_ country and not a number previously associated with 
> your
> account.  I am unsure how this helps them and what is the purpose 
> behind
> asking users to register with a phone. If one were to assume that they
> wanted to know the location of the user, then why would they allow the
> user to enter the number of any country?  (A friend confirmed this
> recently and had to enter a phone number to unlock the account. Gmail
> refused to allow access until a phone number was entered, where they
> could call or send a text.)
> 
> So yes, it seems like Gmail doesn't favour users using Tor.
> 
> --
> 

I see. Thanks for that helpful link.

Of course, if you are in NY and you go on holiday to Nepal and login, 
then Gmail will ask for validation since you have a totally different 
IP.

The question I was wondering about was whether a Tor exit node is 
considered suspicious even if in the same city as the user (in other 
words the user hasn't gone on holiday as in the example above).

The impression seems to be that Tor is ipso facto suspicious to Gmail 
irrespective of the exit node's location, whereas "abnormal" IPs (e.g. 
those from Nepal) are only suspicious if they originate from outside the 
usual geographical location of the user.


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

