Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 06.04.2011 07:35, Orionjur Tor-admin wrote: On 05.04.2011 08:21, Aaron wrote: If you must have GMail, I've noticed that accounts created on android devices are not subject to these checks. And yes, even when using Tor via Orbot. You don't have an android phone? The following works too: 1. Install the android sdk/emulator and create an avd. I tested with API 8 (android 2.2) + google apis Where can I get the android sdk/emulator ? It would be nice to know how exactly the AVD is transmitted. I guess you could then easily fake the value without having to install the SDK. -- Moritz Bartl https://www.torservers.net/ ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 06.04.2011 10:12, grarpamp wrote: It would be nice to know how exactly the AVD is transmitted. I guess you could then easily fake the value without having to install the SDK. AVD (android virtual device)... sounds like a virtualbox instance. I don't believer it's 'transmitted' anywhere. ADB (Android Debug Bridge)... sounds like a hardware interface to a real phone (meaning identity disclosure, thus useless?). adb devices command... is supposed to list serial number. If you can use the emulator without an actual device to register a gmail account it should as well work without the emulator. The information has to be transmitted to Gmail in some way in all cases. -- Moritz Bartl https://www.torservers.net/ ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 06.04.2011 08:40, Moritz Bartl wrote: On 06.04.2011 10:12, grarpamp wrote: It would be nice to know how exactly the AVD is transmitted. I guess you could then easily fake the value without having to install the SDK. AVD (android virtual device)... sounds like a virtualbox instance. I don't believer it's 'transmitted' anywhere. ADB (Android Debug Bridge)... sounds like a hardware interface to a real phone (meaning identity disclosure, thus useless?). adb devices command... is supposed to list serial number. If you can use the emulator without an actual device to register a gmail account it should as well work without the emulator. The information has to be transmitted to Gmail in some way in all cases. What is ncessity to inform the Gmail team about existing methods of registering accoutns without sms? For helping 'em in their evil policy? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Tor and VOIP ( related to excito's b3)
To me, it looks like that the slower network rate of Tor will cause problems for SIP and VOIP applications. Will it be possible to specify a set of port ranges so traffic on those ports will not be routed to the Tor network ? A example : Telios VOIP solution uses ports 5060 to 5061(TLS) (udp/tcp) as a trigger port, and UDP ports 16300 to 16700 for traffic. Does anyone have any info on this ? -- GnuPG KEY ID 0x2CE74BF7B3F54A16 Håken Hveem Norway ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
Could you elaborate a bit on this? After this discussion I went ahead and tried to create another anonymous gmail account and ran into the requires SMS hitch as discussed (and there is no option that I can see to bypass this via other means as others have described) I have no idea what @your_adb_name_here refers to. What is an ADB name? Do you just make something up from thin air? How about an example? On Tuesday, April 05, 2011 04:21:32 am Aaron wrote: If you must have GMail, I've noticed that accounts created on android devices are not subject to these checks. And yes, even when using Tor via Orbot. You don't have an android phone? The following works too: 1. Install the android sdk/emulator and create an avd. I tested with API 8 (android 2.2) + google apis 2. launch the emulator: emulator -http-proxy http://127.0.0.1:8118 @your_adb_name_here (the proxy settings in the gui did *not* work for me) 3. verify tor is working via http://check.torproject.org 4. navigate through settings-accountssync-add account-google-create 5. solve captcha 6. profit --Aaron On Mon, Apr 4, 2011 at 10:52 PM, grarpamp grarp...@gmail.com wrote: Google requires you to be able to receive a text message or phone call to use a GMail account over Tor. 1st I've heard they REQUIRE a phone # to use Gmail over Tor. Anyone else aware this is the only way? First I've heard that they require SMS to *USE* gmail. However, SMS has been required for quite some time now to *CREATE* a new gmail account. There was a thread a few months back regarding creation. And to date, I've not been able to create a new gmail account without SMS from any exit anywhere on the planet. Nor from any residential DHCP pool I have access to. I'd bet, from the Google message about unusual activity, it was because the exit node wasn't in the same country I used when created Yeah, they like to pop up red warning banners for avid travelers. I just hit dismiss, no SMS junk required. In once case, it happened while I was using a pseudonym to contibute to another open source project and ask questions on a mailinglist. I've never had any problems sending any message anywhere, at all. Only with new account creation. And the occaisional dismissed nag notice. clicked through the help links and filled out some form explaining my desire for strong pseudonymity, and they lifted the block without a cell #. When I try creating a new account, without providing an SMS or other number, there is a form to fill out. I pick don't have phone or don't want to give number and explain the same. They ignore it. And if I recall, the account is left in a locked state. And since, rightly, no secondary address was provided, they can't reach me anyways. And any cool account name you came up with dies locked with it too. No offense to the list, but fuck google. With all their supposed brain power you'd think they could come up with something a little less brutal than a sledgehammer. Then again, I don't blame them... the GECOS, user, pass, contact, recovery, and mail content is certainly worth many millions more when combined with a phone number. Pigs. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Economics is not practised as a science. Rather, it is a pretentious way to covertly promote political prejudices. - Fred Harrison ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
Just a quick note...a nice, safe, easily anonymized email account can be had at safe-mail.net. No hoops to jump through, tor friendly. On Tuesday, April 05, 2011 01:52:31 am grarpamp wrote: Google requires you to be able to receive a text message or phone call to use a GMail account over Tor. 1st I've heard they REQUIRE a phone # to use Gmail over Tor. Anyone else aware this is the only way? First I've heard that they require SMS to *USE* gmail. However, SMS has been required for quite some time now to *CREATE* a new gmail account. There was a thread a few months back regarding creation. And to date, I've not been able to create a new gmail account without SMS from any exit anywhere on the planet. Nor from any residential DHCP pool I have access to. I'd bet, from the Google message about unusual activity, it was because the exit node wasn't in the same country I used when created Yeah, they like to pop up red warning banners for avid travelers. I just hit dismiss, no SMS junk required. In once case, it happened while I was using a pseudonym to contibute to another open source project and ask questions on a mailinglist. I've never had any problems sending any message anywhere, at all. Only with new account creation. And the occaisional dismissed nag notice. clicked through the help links and filled out some form explaining my desire for strong pseudonymity, and they lifted the block without a cell #. When I try creating a new account, without providing an SMS or other number, there is a form to fill out. I pick don't have phone or don't want to give number and explain the same. They ignore it. And if I recall, the account is left in a locked state. And since, rightly, no secondary address was provided, they can't reach me anyways. And any cool account name you came up with dies locked with it too. No offense to the list, but fuck google. With all their supposed brain power you'd think they could come up with something a little less brutal than a sledgehammer. Then again, I don't blame them... the GECOS, user, pass, contact, recovery, and mail content is certainly worth many millions more when combined with a phone number. Pigs. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Economics is not practised as a science. Rather, it is a pretentious way to covertly promote political prejudices. - Fred Harrison ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 4/5/2011 11:10 PM, grarpamp wrote: What if you don't have a phone # to give them (or don't want to) - they just don't let you create an acct? In my tests to date (limited by free time), yes, that's what I said. FYI - I tried GMX w/ Tor couple days ago - worked just fine. Yes, free alternates that work fine are always welcome suggestions :) I usually require https (creation and management), imaps (retrieval), smtps/submission (sending), no automatic addition of addresses to 'contact' lists when sent via web or smtp, and an outright account deletion function. There's a comparison of different webmail providers: http://en.wikipedia.org/wiki/Comparison_of_webmail_providers I'm sure there are others. Many have all the features you mention. When I started looking for alternatives, was quite surprised how many are avail besides big 3. I do use alternates. It's just that gmail... like yahoo and hotmail... has a certain credibility about it that the moronic public 'trusts'. ... That's why it would be useful to the anonymity/privacy community to figure this one out. Whether by testing, or perhaps even via formal contact with gmail, followed up with education and a plea for sanity if needed. The domain shown for my gmx acct is just gmx.com. I think even in full header, shows a US origin. I don't know if there's any stopping an 800 pound gorilla like Gmail / Google. My guess is Tor users are a tiny % of accts. Vast majority of most of internet users are clueless about dangers privacy invasion / data collection - not just w/ Gmail. Even w/ ongoing publicity of google's privacy violations (some they had to back down on), people still use it. That's not gonna change. I'm the world's worst must beat them (any entity) at their own game type person. But Tor users are usually more enlightened compared to gen. pop. Don't understand clinging to Gmail for dear life. Point taken about recipients being familiar w/ gmail, yahoo other familiar names. If more started using others - even on trial basis - they'd become more familiar names. I get a red one line warning bar near the top once in a while that says something like we noticed you coming from a strange place. set alert preference, or dismiss/ignore it. I also commonly get blue/red ones that say we don't have your recovery info: supply SMS -and/or- supply secondary email address both of which i hit dismiss/ignore on. None of these three nanny nag notices lock me out, require me to supply the requested info, require me to submit requests to let me live without suppling the info, or hinder my use in any way other than swatting down the nags once in a while. Looks like diff users get diff screens, at times, about the SMS verification and ability to bypass notices. I / others could try it diff times / ways, but just seems like (for Tor use) might be easier to use another provider. I'm tempted to try their form for new account creation (Mike's blurb). Yet I don't quite know how I would explain my request (refusal to supply). Even though it's none of their business (there aren't laws requiring them to gather very personal data), for a reason why I was asking to remove my house from street view, just stated I was law enforcement was worried about privacy / security of my family. I need to check if it's still removed. And creating another unlinked account elsewhere just for that takes time... and what happens if I deassociate it (in gmail) or delete it (on the provider) and miss or hit some sort of gmail reauthenticate wall months later. I'm not pushing any mail provider, but I found creating / deleting accts on GMX very quick. If using Tor w/ email is a goal, massive storage space w/ a provider probably isn't a concern. Neither is social networking features, etc. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] A question about TOR behavior
I decided to check if the StrictEntryNodes and EntryNodes functions worked, so I started to log my TOR connections. They did work, and TOR connects to the entry nodes specified, but TOR also connects to other nodes now and then while running. If you specify your own entry nodes, shouldn't TOR only use those? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and VOIP ( related to excito's b3)
On 06.04.2011 12:00, Håken Hveem wrote: To me, it looks like that the slower network rate of Tor will cause problems for SIP and VOIP applications. Will it be possible to specify a set of port ranges so traffic on those ports will not be routed to the Tor network ? A example : Telios VOIP solution uses ports 5060 to 5061(TLS) (udp/tcp) as a trigger port, and UDP ports 16300 to 16700 for traffic. Does anyone have any info on this ? I tried to use the skype under transparently-torified unix-user. But I cannot recognize what tell me my correspondent and he cannot recognize what tell I. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 06.04.2011 13:28, Praedor Atrebates wrote: Could you elaborate a bit on this? After this discussion I went ahead and tried to create another anonymous gmail account and ran into the requires SMS hitch as discussed (and there is no option that I can see to bypass this via other means as others have described) You did it with the above-mentioned emulator? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 06.04.2011 13:37, Praedor Atrebates wrote: Just a quick note...a nice, safe, easily anonymized email account can be had at safe-mail.net. No hoops to jump through, tor friendly. I know and sometimes use it for some purposes. But they give their users only 3 Mb and they let use their resourse only through web. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On Wed, Apr 6, 2011 at 3:23 AM, Orionjur Tor-admin tor-ad...@orionjurinform.com wrote: On 06.04.2011 08:40, Moritz Bartl wrote: On 06.04.2011 10:12, grarpamp wrote: It would be nice to know how exactly the AVD is transmitted. I guess you could then easily fake the value without having to install the SDK. AVD (android virtual device)... sounds like a virtualbox instance. I don't believer it's 'transmitted' anywhere. ADB (Android Debug Bridge)... sounds like a hardware interface to a real phone (meaning identity disclosure, thus useless?). adb devices command... is supposed to list serial number. If you can use the emulator without an actual device to register a gmail account it should as well work without the emulator. The information has to be transmitted to Gmail in some way in all cases. What is ncessity to inform the Gmail team about existing methods of registering accoutns without sms? For helping 'em in their evil policy? Depends how many devices in the field they want to break :-) ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and VOIP ( related to excito's b3)
Håken Hveem wrote (06 Apr 2011 12:00:57 GMT) : To me, it looks like that the slower network rate of Tor will cause problems for SIP and VOIP applications. Doable, see this thread in the list archive: http://archives.seul.org/or/talk/Dec-2010/msg00147.html Bye, -- intrigeri intrig...@boum.org | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc | Then we'll come from the shadows. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On Tue, Apr 5, 2011 at 8:38 PM, grarpamp grarp...@gmail.com wrote: If you must have GMail, I've noticed that accounts created on android devices are not subject to these checks. And yes, even when using Tor via Orbot. Since using your android is, afaik, the same as giving them your phone (SMS), or alternate identity, it would seem obvious that this would work. And thus a non-solution in general. Actually, Android is an open source project: http://source.android.com/ And also other derivatives: http://www.cyanogenmod.com/ You can run Android on a phone without google proprietary code, though most phones sold are google branded and bundled with proprietary apps. You don't have an android phone? Many good folks that would make good use of a gmail account do not have such things. Similarly, many good folks that do have such things would surely not wish to associate the identity of such a thing (IMEI/SIM/account/location/life/etc) with any gmail account just in order to get gmail. So for many, this is out based on access and/or principle alone. I do think it's ridiculous to need a cellphone to get a webmail account. That said, there are a lot of competing providers. What I don't understand is hating on Google but still wanting to use their webmail service. 1. Install the android sdk/emulator and create an avd. I tested with API 8 (android 2.2) + google apis 2. launch the emulator: emulator -http-proxy http://127.0.0.1:8118 @your_adb_name_here (the proxy settings in the gui did *not* work for me) 4. navigate through settings-accountssync-add account-google-create Interesting... - Are you suggesting that this simulator runs on a PC using unix or windows? - What is an adb_name? The android emulator can be found here: http://developer.android.com/sdk/index.html It does run on the 3 major platforms. adb_name is a typo, I meant to say avd_name -- for 'android virtual device'. - And it seems like a heavyweight solution in general. Do you have any insight into why it works? Such as its use of a certain browser string, preloaded cookie strings, or other http parameters? It would certainly be easier for many people to simply mimic those in say firefox than to setup an entire development and emulation environment. I don't have any idea how this works. If anyone is interested in poking into this I suggest adding a self-signed root CA on a device or emulator and use sslsniff + wireshark to see what is going on. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
I have the SDK installed and have run an emulator...not sure what to do with it though. I cannot transmit messages (or anything) and cannot receive anything (to what number would it go to in any case?). praedor On Wednesday, April 06, 2011 01:00:42 pm Orionjur Tor-admin wrote: On 06.04.2011 13:28, Praedor Atrebates wrote: Could you elaborate a bit on this? After this discussion I went ahead and tried to create another anonymous gmail account and ran into the requires SMS hitch as discussed (and there is no option that I can see to bypass this via other means as others have described) You did it with the above-mentioned emulator? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Economics is not practised as a science. Rather, it is a pretentious way to covertly promote political prejudices. - Fred Harrison ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
The workaround is for creating new accounts; not for receiving SMS verification of existing accounts (unfortunately). If you need a throwaway number for SMS there are a number of VOIP services that might be useful and could probably be purchased using a prepay card if you want to do it anonymously. --Aaron On Wed, Apr 6, 2011 at 1:47 PM, Praedor Atrebates prae...@yahoo.com wrote: I have the SDK installed and have run an emulator...not sure what to do with it though. I cannot transmit messages (or anything) and cannot receive anything (to what number would it go to in any case?). praedor On Wednesday, April 06, 2011 01:00:42 pm Orionjur Tor-admin wrote: On 06.04.2011 13:28, Praedor Atrebates wrote: Could you elaborate a bit on this? After this discussion I went ahead and tried to create another anonymous gmail account and ran into the requires SMS hitch as discussed (and there is no option that I can see to bypass this via other means as others have described) You did it with the above-mentioned emulator? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Economics is not practised as a science. Rather, it is a pretentious way to covertly promote political prejudices. - Fred Harrison ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
One thing you could test is adding your existing google account (one pending SMS verification) to the android emulator and see if that has any effect. It's pretty much the same process I outlined before, except hit the 'add existing' option rather than 'create new' --Aaron On Wed, Apr 6, 2011 at 1:54 PM, Aaron aag...@extc.org wrote: The workaround is for creating new accounts; not for receiving SMS verification of existing accounts (unfortunately). If you need a throwaway number for SMS there are a number of VOIP services that might be useful and could probably be purchased using a prepay card if you want to do it anonymously. --Aaron On Wed, Apr 6, 2011 at 1:47 PM, Praedor Atrebates prae...@yahoo.com wrote: I have the SDK installed and have run an emulator...not sure what to do with it though. I cannot transmit messages (or anything) and cannot receive anything (to what number would it go to in any case?). praedor On Wednesday, April 06, 2011 01:00:42 pm Orionjur Tor-admin wrote: On 06.04.2011 13:28, Praedor Atrebates wrote: Could you elaborate a bit on this? After this discussion I went ahead and tried to create another anonymous gmail account and ran into the requires SMS hitch as discussed (and there is no option that I can see to bypass this via other means as others have described) You did it with the above-mentioned emulator? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Economics is not practised as a science. Rather, it is a pretentious way to covertly promote political prejudices. - Fred Harrison ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 06.04.2011 22:54, Aaron wrote: If you need a throwaway number for SMS there are a number of VOIP services that might be useful and could probably be purchased using a prepay card if you want to do it anonymously. OT: I have recently registered a VOIP number and mistakenly entered the wrong postal address details. They wanted me to submit either a scan of a government ID or a recent phone bill. I used a free PDF editor and changed my address in the PDF to match the wrong address. A day later, the account was confirmed. -- Moritz Bartl https://www.torservers.net/ ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Realtime tor tools. ARM, etc.
If you'd like to dig in further then I'd suggest giving arm a shot [1][2] [1] http://www.atagar.com/arm/ [2] http://www.atagar.com/transfer/tmp/armScreenshot-1.4.2.png Holy shit! This looks cool :) Definitely going to check it out. Thanks! I can't speak for anyone else or torproject, but I could definitely use some good tools for logging use of, displaying and configuring everything related to exits. A panel to add/modify/delete all existing MAPADDRESS. Etc. I'm watching circuits as they are BUILT and streams as they SUCCEEDED via the controller. But I'd rather see something that pulls it all together like the latter... 481 SUCCEEDED 63 1.2.3.4:80 491 SUCCEEDED fp fp_ip fp_country dst_fqdn_if any dst_ip:port ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] geocaching.com and okcupid.com doesn't allow access via TOR
OKCupid doesn't allow you to log in. The error is password invalid. I can confirm as of last weekend that OKCupid does in fact allow all functions from account creation, to usage, to deletion, via Tor. HOWEVER, on depending on the exit, you will be outright blocked from the site and presented with their form of an error message... Uh-oh. That wasn’t supposed to happen! Let us know what you did, and we’ll get it fixed right away. Thanks! — Staff Robot Just hit NEWNYM. OKCupid is a working candidate for HttpsEveryWhere. I would also suggest using MAPADDRESS for any site that acts up based on exit, or for which you wish to appear as coming from a sensible/matching location. I further suggest that you review and support/endorse this ticket to give you better MAPADDRESS capabilities: https://trac.torproject.org/projects/tor/ticket/933 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] geocaching.com and okcupid.com doesn't allow access via TOR
I can confirm that www.geocaching.com, www.waymarking.com, and www.wherigo.com have been abused by someone using Tor. They are currently investigating the abuse and attempting to bring legal action against abusers, so that is likely the reason for a potential block. All the best, Joel Knighton On Wednesday, April 6, 2011 at 5:09 PM, grarpamp wrote: OKCupid doesn't allow you to log in. The error is password invalid. I can confirm as of last weekend that OKCupid does in fact allow all functions from account creation, to usage, to deletion, via Tor. HOWEVER, on depending on the exit, you will be outright blocked from the site and presented with their form of an error message... Uh-oh. That wasn’t supposed to happen! Let us know what you did, and we’ll get it fixed right away. Thanks! — Staff Robot Just hit NEWNYM. OKCupid is a working candidate for HttpsEveryWhere. I would also suggest using MAPADDRESS for any site that acts up based on exit, or for which you wish to appear as coming from a sensible/matching location. I further suggest that you review and support/endorse this ticket to give you better MAPADDRESS capabilities: https://trac.torproject.org/projects/tor/ticket/933 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
I do think it's ridiculous to need a phone to get a webmail account. I just don't like their apparent stance requiring SMS/voice auth. What I don't understand is hating on Google but still wanting to use their webmail service. As mentioned earlier, it's a perception thing. And of course all the other cool Google services that come with an account, and third-party online tie-ins. And they're one of few that do not put the source IP/FQDN in the headers... which sometimes makes for more reliable mail delivery and better perception as well. 1. Install the android sdk/emulator and create an avd. I tested with API 8 (android 2.2) ditto + openjdk6 + ia32-libs on Ubuntu 10.10 amd64 updated + google apis Not sure what you mean by this. 2. launch the emulator: emulator -http-proxy http://127.0.0.1:8118 @avb 3. verify tor is working via http://check.torproject.org Done, but skipped the proxy for now, because if it doesn't work via clearnet, it won't work via tor. Note the emulator is really slow. And I've no idea how to enlarge the screen so you don't have to scroll around so much? 4. navigate through settings-accountssync-add account-google-create Ok... so This menu tree exists for me: settings accountssync Everything including and after 'add account' does not exist in the accountssync menu. settings accountssync yields just a note on screen about an Exchange account, username and password. Again via clearnet, I also tried using the android browser (the globe ball thing on the screen). https://mail.google.com/mail/signup. Filled out the page form and its captcha, hit accept/create and boom, the next page is the SMS/voice verification request as usual. So no dice there either. Can you more fully document your process as I tinker? Thanks. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
I usually require https (creation and management), imaps (retrieval), smtps/submission (sending), no automatic addition of addresses to 'contact' lists when sent via web or smtp, and an outright account deletion function. I meant to include with this: no inclusion of source IP/FQDN in the headers. And imaps should delete and purge when fetched. http://en.wikipedia.org/wiki/Comparison_of_webmail_providers Was quite surprised how many are avail besides big 3. I've found some too, just haven't had time to test and catalog them. GMX is next to try. Don't understand clinging to Gmail for dear life. They just happen to have some really good services and tie-ins that all rely on having a gmail/google account. I may just cough up $20 for a disposable phone to get that. If someday the services really become a real world value to me, sure, I'd get another phone or use my own, no problem :) ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On Apr 6, 2011 4:42 PM, grarpamp grarp...@gmail.com wrote: I do think it's ridiculous to need a phone to get a webmail account. I just don't like their apparent stance requiring SMS/voice auth. What I don't understand is hating on Google but still wanting to use their webmail service. As mentioned earlier, it's a perception thing. And of course all the other cool Google services that come with an account, and third-party online tie-ins. And they're one of few that do not put the source IP/FQDN in the headers... which sometimes makes for more reliable mail delivery and better perception as well. 1. Install the android sdk/emulator and create an avd. I tested with API 8 (android 2.2) ditto + openjdk6 + ia32-libs on Ubuntu 10.10 amd64 updated + google apis Not sure what you mean by this. when you create your avd there is a list of api versions. if you do not see listings that include '+ google apis' you may need to download those - see 'available packages' and make sure you check at least one of 'Google APIs by Google Inc. Android API ...' I used version 8. This should add the option to create a google account. 2. launch the emulator: emulator -http-proxy http://127.0.0.1:8118 @avb 3. verify tor is working via http://check.torproject.org Done, but skipped the proxy for now, because if it doesn't work via clearnet, it won't work via tor. Note the emulator is really slow. yes, it sucks. sorry. And I've no idea how to enlarge the screen so you don't have to scroll around so much? when you create an avd you have the option of specifying a custom screen resolution 4. navigate through settings-accountssync-add account-google-create Ok... so This menu tree exists for me: settings accountssync Everything including and after 'add account' does not exist in the accountssync menu. settings accountssync yields just a note on screen about an Exchange account, username and password. Again via clearnet, I also tried using the android browser (the globe ball thing on the screen). https://mail.google.com/mail/signup. Filled out the page form and its captcha, hit accept/create and boom, the next page is the SMS/voice verification request as usual. So no dice there either. Can you more fully document your process as I tinker? Thanks. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On Wed, Apr 6, 2011 at 11:25 AM, Aaron aag...@extc.org wrote: On Tue, Apr 5, 2011 at 8:38 PM, grarpamp grarp...@gmail.com wrote: If you must have GMail, I've noticed that accounts created on android devices are not subject to these checks. And yes, even when using Tor via Orbot. Since using your android is, afaik, the same as giving them your phone (SMS), or alternate identity, it would seem obvious that this would work. And thus a non-solution in general. Actually, Android is an open source project: http://source.android.com/ And also other derivatives: http://www.cyanogenmod.com/ You can run Android on a phone without google proprietary code, though most phones sold are google branded and bundled with proprietary apps. You don't have an android phone? Many good folks that would make good use of a gmail account do not have such things. Similarly, many good folks that do have such things would surely not wish to associate the identity of such a thing (IMEI/SIM/account/location/life/etc) with any gmail account just in order to get gmail. So for many, this is out based on access and/or principle alone. I do think it's ridiculous to need a cellphone to get a webmail account. That said, there are a lot of competing providers. What I don't understand is hating on Google but still wanting to use their webmail service. 1. Install the android sdk/emulator and create an avd. I tested with API 8 (android 2.2) + google apis 2. launch the emulator: emulator -http-proxy http://127.0.0.1:8118 @your_adb_name_here (the proxy settings in the gui did *not* work for me) 4. navigate through settings-accountssync-add account-google-create Interesting... - Are you suggesting that this simulator runs on a PC using unix or windows? - What is an adb_name? The android emulator can be found here: http://developer.android.com/sdk/index.html It does run on the 3 major platforms. adb_name is a typo, I meant to say avd_name -- for 'android virtual device'. - And it seems like a heavyweight solution in general. Do you have any insight into why it works? Such as its use of a certain browser string, preloaded cookie strings, or other http parameters? It would certainly be easier for many people to simply mimic those in say firefox than to setup an entire development and emulation environment. I don't have any idea how this works. If anyone is interested in poking into this I suggest adding a self-signed root CA on a device or emulator and use sslsniff + wireshark to see what is going on. Just thought I'd update this here in case anyone else is trying this. I found a nice tutorial explaining how to install a root CA here: http://wiki.cacert.org/ImportRootCert Unfortunately this did not work and the certificate is still untrusted. I also tried installing the certificate from the SD card (through settings-locationsecurity-install from sd card), but that doesn't affect the global certificate store. Attempts to create an account failed and sslsniff did not log anything. --Aaron ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] GSOC Ideas.
Hello Everyone, I'v submitted my first GSOC proposal to the Google Melange site. It is proposing an update of TorStatus to work with Metrics. I am aware that this may not be the highest priority for the community so I plan to submit an alternate proposal too. I would greatly appreciate any feedback on it that anyone can provide. Let me know if anyone would like me to post it here too. Thanks! -- Ian Foster www.vorsk.com ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] About the use of TorBulkExitList.py locally.
Hi all, I can use the following command to obtain the exit list for my ip: https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=222.75.27.212 But, on the webpage: https://check.torproject.org/cgi-bin/TorBulkExitList.py, I can find the following instructions: --- If you'd like, you're free to run your own copy of this program. It's Free Software and can be downloaded from the Tor subversion repository. --- Does this mean I can run the TorBulkExitList.py on my local computer to obtain the similar result just as I run it onlinely? If so, what's the usage for TorBulkExitList.py by run locally? I've run the TorBulkExitList.py like this but get noting: werner@debian:~/Desktop/TorBulkExitList.py ip=125.23.63.5 Thanks in advance. Regards. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk