Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 4/7/2011 1:54 PM, grarpamp wrote: The shortest answer is that strong pseudonyms are useful, even (or especially) in a well connected social environment. Many people want to have those links. Many want use some of the services google offers: https://www.google.com/intl/en/options/ Many want to participate in the scene... just not as themselves. Point taken. If I understand, the reason many want to use Tor w/ Gmail isn't for email - other services / options? Because if they are using it for email, it's not private on Gmail (or a lot of others) - other than your IP address, if can successfully login w/ Tor. I get trying to beat the system - as I often do, but I try to take the path of least resistance. Aren't most / all of the options, or even better ones (except ones dealing w/ gmail) available directly, instead of going thru Gmail? Is it just a matter of convenience of having many options / links in ONE place? Maybe some of those sites won't allow Tor either? I'm trying to see what I'm missing that can't be found anywhere except through google. If I wanted to blog *anonymously *, I wouldn't do it on Google. Maybe there are SOME just not available anywhere except Google / Gmail??? If I wanted to use google search, I'd use Scroogle SSL. If wanted to look at youtube, I'd go to youtube. If I suddenly lost most brain function wanted to organize my medical records online, google is the last place on God's green Earth I'd choose - via Tor or not. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
I used version 8. sdk tools rev 10 sdk platform-tools rev 3 plat 3.0 api 11 rev 1 + google api 11 rev 1 plat 2.3.3 api 10 rev 1 + google api 10 rev 1 plat 2.2 api 8 rev 1 + google api 8 rev 2 These all work. I wanted to install the platform-tools, platforms and add-ons individually via the command line but didn't have luck with the filters. 3.0 has a nice big tablet interface, but no keypad/button panels and it seems to wedge now and then. This should add the option to create a google account. The above are working as expected now. android list android create avd -t id -n name when you create an avd you have the option of specifying a custom screen resolution I didn't have much luck there. My physical crt is 21 at 1600x1200. So I'd want the android glass to be maybe 800x600, excluding the keypad/button panels off to the right. All within an X window of maybe 1024x768. Anyways: emulator -avb name -wipe-data -scale 0.76 Regarding identities and what is being sent... # sdk installation Though I haven't hashed the installation tree, I don't expeect android/google is issuing unique software packages (with embedded certs, etc). # avb runtime There are notes on the developer blog about various software generated identities. So at minimum the avd's should be regenned per account. You could diff the avb dirs. And further unpack/mount the images. Also: adb bugreport # host Though less likely, there could also be access (via java, blobs) of the host system UUID, MAC address, etc. # wire It's https, can't sniff it. I doubt google still has a fallback http creation interface either. My guess is that if you torify the entire box, regen the avb's and maybe change your MAC... you should be safe across accounts. But to be sure... I don't have any idea how this works. If anyone is interested in poking into this I suggest adding a self-signed root CA on a device or emulator and use sslsniff + wireshark to see what is going on. I found a nice tutorial explaining how to install a root CA here: http://wiki.cacert.org/ImportRootCert Unfortunately this did not work and the certificate is still untrusted. I also tried installing the certificate from the SD card (through settings-locationsecurity-install from sd card), but that doesn't affect the global certificate store. Attempts to create an account failed and sslsniff did not log anything. There's probably some android debugger that would work to trace the I/O of the android process that's talking through the stack to google. Regardless of what's being sent, I'm pretty sure it's using a lightweight android domain/proxy service cluster within google. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 05.04.2011 08:21, Aaron wrote: If you must have GMail, I've noticed that accounts created on android devices are not subject to these checks. And yes, even when using Tor via Orbot. You don't have an android phone? The following works too: 1. Install the android sdk/emulator and create an avd. I tested with API 8 (android 2.2) + google apis Oh, it is so slow to install that emulator through Tor... Do I need only install for that API 8 (android 2.2) + google apis, not others? And why do you try it with that version (which is now so new)? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 4/6/2011 7:27 PM, grarpamp wrote: Don't understand clinging to Gmail for dear life. They just happen to have some really good services and tie-ins that all rely on having a gmail/google account. I may just cough up $20 for a disposable phone to get that. If someday the services really become a real world value to me, sure, I'd get another phone or use my own, no problem :) ___ If I understand some Tor users' reasoning, they want to use Tor w/ email for various privacy reasons AND they want to use really good services tie-ins at the same time? Plus, some are concerned about having huge email storage while using Tor? Uh, not sure I understand that. I must be missing something. You do know anything stored on their servers isn't private? My questions here are sincere - trying to learn - why use Tor email (? on everyday basis ?) AND Gmail? Presumably, the email contents would only be hidden from ISPs - or perhaps prevented from being intercepted. The weakest link in chain is everything is exposed to Google. Maybe I'll learn something about privacy / security by meaningful input why Tor + Gmail are so important. No offense, but I don't consider really good services or storage, etc., priorities when using Tor (if I was going to use it w/ email). In some respects, if using Gmail, you may as well take out a front page ad on NY Times. So why the concern for certain features (vs basic email service) AND Tor compatibility? Why not use another provider w/ Tor, and a diff one (Gmail, if you insist) for everyday email? What are a few of the reasons for using Tor w/ email, where it's not just as easy to use another Tor friendly provider? IMHO, the brand recognition issue, especially when using Tor, doesn't make sense. If you want privacy, Gmail or anything remotely connected to Google isn't the place to be. Not an opinion - well documented over yrs. It's like saying, how can I stick my head in a lion's mouth w/o getting bitten? How about not sticking it in at all? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
If I understand some Tor users' reasoning, they want to use Tor w/ email for various privacy reasons AND they want to use really good services tie-ins at the same time? ... My questions here are sincere - trying to learn The shortest answer is that strong pseudonyms are useful, even (or especially) in a well connected social environment. Many people want to have those links. Many want use some of the services google offers: https://www.google.com/intl/en/options/ Many want to participate in the scene... just not as themselves. No one here is saying that google is not indeed terribly evil. Nor does being social or using google services equate to compromise of one's nym. That's up to the user and how they use it. Some keep their nym intact, some selectively disclose, some fully. Google, facebook, twitter, etc are all good entry points into the space, whether one chooses to do so pseudonymously or not. If they forbid access from anonymity networks, that element of usage is broken. So people testing and cataloging what works and doesn't, and finding workarounds, is a very useful thing. Some want location masking, some want identity masking, some want both. Presumably, the email contents would only be hidden from ISPs The weakest link in chain is everything is exposed to Google. Maybe I'll learn something about privacy / security by meaningful input why Tor + Gmail are so important. They are no more important to privacy/security than any other provider. All providers of all services are not to be trusted in that regard. Neither is anyone who might be able to trump them. That's old news :) IMHO, the brand recognition issue ... doesn't make sense. See the first paragraphs. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
Those are very good points. My usage is just to expand the Tor community and get some modicum of privacy. The more regular users that use Tor, the more acceptable it's use will be perceived. As, if only the pedophiles and criminals use it, then it draws more attention and immediately labels you a bad guy if you're suspected of using Tor. It also adds to the cost of those who would try to circumvent it's use. Yep. Many people use anonymity networks for their day to day biz and personal life, even with their real identity. Nothing 'bad' about it. It's kindof cool even. I don't like the association of such nets with 'bad' elements. They'll always be there, and overridden by the 'good' ones. Call it critical mass :) ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 06.04.2011 07:35, Orionjur Tor-admin wrote: On 05.04.2011 08:21, Aaron wrote: If you must have GMail, I've noticed that accounts created on android devices are not subject to these checks. And yes, even when using Tor via Orbot. You don't have an android phone? The following works too: 1. Install the android sdk/emulator and create an avd. I tested with API 8 (android 2.2) + google apis Where can I get the android sdk/emulator ? It would be nice to know how exactly the AVD is transmitted. I guess you could then easily fake the value without having to install the SDK. -- Moritz Bartl https://www.torservers.net/ ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 06.04.2011 10:12, grarpamp wrote: It would be nice to know how exactly the AVD is transmitted. I guess you could then easily fake the value without having to install the SDK. AVD (android virtual device)... sounds like a virtualbox instance. I don't believer it's 'transmitted' anywhere. ADB (Android Debug Bridge)... sounds like a hardware interface to a real phone (meaning identity disclosure, thus useless?). adb devices command... is supposed to list serial number. If you can use the emulator without an actual device to register a gmail account it should as well work without the emulator. The information has to be transmitted to Gmail in some way in all cases. -- Moritz Bartl https://www.torservers.net/ ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 06.04.2011 08:40, Moritz Bartl wrote: On 06.04.2011 10:12, grarpamp wrote: It would be nice to know how exactly the AVD is transmitted. I guess you could then easily fake the value without having to install the SDK. AVD (android virtual device)... sounds like a virtualbox instance. I don't believer it's 'transmitted' anywhere. ADB (Android Debug Bridge)... sounds like a hardware interface to a real phone (meaning identity disclosure, thus useless?). adb devices command... is supposed to list serial number. If you can use the emulator without an actual device to register a gmail account it should as well work without the emulator. The information has to be transmitted to Gmail in some way in all cases. What is ncessity to inform the Gmail team about existing methods of registering accoutns without sms? For helping 'em in their evil policy? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
Could you elaborate a bit on this? After this discussion I went ahead and tried to create another anonymous gmail account and ran into the requires SMS hitch as discussed (and there is no option that I can see to bypass this via other means as others have described) I have no idea what @your_adb_name_here refers to. What is an ADB name? Do you just make something up from thin air? How about an example? On Tuesday, April 05, 2011 04:21:32 am Aaron wrote: If you must have GMail, I've noticed that accounts created on android devices are not subject to these checks. And yes, even when using Tor via Orbot. You don't have an android phone? The following works too: 1. Install the android sdk/emulator and create an avd. I tested with API 8 (android 2.2) + google apis 2. launch the emulator: emulator -http-proxy http://127.0.0.1:8118 @your_adb_name_here (the proxy settings in the gui did *not* work for me) 3. verify tor is working via http://check.torproject.org 4. navigate through settings-accountssync-add account-google-create 5. solve captcha 6. profit --Aaron On Mon, Apr 4, 2011 at 10:52 PM, grarpamp grarp...@gmail.com wrote: Google requires you to be able to receive a text message or phone call to use a GMail account over Tor. 1st I've heard they REQUIRE a phone # to use Gmail over Tor. Anyone else aware this is the only way? First I've heard that they require SMS to *USE* gmail. However, SMS has been required for quite some time now to *CREATE* a new gmail account. There was a thread a few months back regarding creation. And to date, I've not been able to create a new gmail account without SMS from any exit anywhere on the planet. Nor from any residential DHCP pool I have access to. I'd bet, from the Google message about unusual activity, it was because the exit node wasn't in the same country I used when created Yeah, they like to pop up red warning banners for avid travelers. I just hit dismiss, no SMS junk required. In once case, it happened while I was using a pseudonym to contibute to another open source project and ask questions on a mailinglist. I've never had any problems sending any message anywhere, at all. Only with new account creation. And the occaisional dismissed nag notice. clicked through the help links and filled out some form explaining my desire for strong pseudonymity, and they lifted the block without a cell #. When I try creating a new account, without providing an SMS or other number, there is a form to fill out. I pick don't have phone or don't want to give number and explain the same. They ignore it. And if I recall, the account is left in a locked state. And since, rightly, no secondary address was provided, they can't reach me anyways. And any cool account name you came up with dies locked with it too. No offense to the list, but fuck google. With all their supposed brain power you'd think they could come up with something a little less brutal than a sledgehammer. Then again, I don't blame them... the GECOS, user, pass, contact, recovery, and mail content is certainly worth many millions more when combined with a phone number. Pigs. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Economics is not practised as a science. Rather, it is a pretentious way to covertly promote political prejudices. - Fred Harrison ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
Just a quick note...a nice, safe, easily anonymized email account can be had at safe-mail.net. No hoops to jump through, tor friendly. On Tuesday, April 05, 2011 01:52:31 am grarpamp wrote: Google requires you to be able to receive a text message or phone call to use a GMail account over Tor. 1st I've heard they REQUIRE a phone # to use Gmail over Tor. Anyone else aware this is the only way? First I've heard that they require SMS to *USE* gmail. However, SMS has been required for quite some time now to *CREATE* a new gmail account. There was a thread a few months back regarding creation. And to date, I've not been able to create a new gmail account without SMS from any exit anywhere on the planet. Nor from any residential DHCP pool I have access to. I'd bet, from the Google message about unusual activity, it was because the exit node wasn't in the same country I used when created Yeah, they like to pop up red warning banners for avid travelers. I just hit dismiss, no SMS junk required. In once case, it happened while I was using a pseudonym to contibute to another open source project and ask questions on a mailinglist. I've never had any problems sending any message anywhere, at all. Only with new account creation. And the occaisional dismissed nag notice. clicked through the help links and filled out some form explaining my desire for strong pseudonymity, and they lifted the block without a cell #. When I try creating a new account, without providing an SMS or other number, there is a form to fill out. I pick don't have phone or don't want to give number and explain the same. They ignore it. And if I recall, the account is left in a locked state. And since, rightly, no secondary address was provided, they can't reach me anyways. And any cool account name you came up with dies locked with it too. No offense to the list, but fuck google. With all their supposed brain power you'd think they could come up with something a little less brutal than a sledgehammer. Then again, I don't blame them... the GECOS, user, pass, contact, recovery, and mail content is certainly worth many millions more when combined with a phone number. Pigs. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Economics is not practised as a science. Rather, it is a pretentious way to covertly promote political prejudices. - Fred Harrison ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 4/5/2011 11:10 PM, grarpamp wrote: What if you don't have a phone # to give them (or don't want to) - they just don't let you create an acct? In my tests to date (limited by free time), yes, that's what I said. FYI - I tried GMX w/ Tor couple days ago - worked just fine. Yes, free alternates that work fine are always welcome suggestions :) I usually require https (creation and management), imaps (retrieval), smtps/submission (sending), no automatic addition of addresses to 'contact' lists when sent via web or smtp, and an outright account deletion function. There's a comparison of different webmail providers: http://en.wikipedia.org/wiki/Comparison_of_webmail_providers I'm sure there are others. Many have all the features you mention. When I started looking for alternatives, was quite surprised how many are avail besides big 3. I do use alternates. It's just that gmail... like yahoo and hotmail... has a certain credibility about it that the moronic public 'trusts'. ... That's why it would be useful to the anonymity/privacy community to figure this one out. Whether by testing, or perhaps even via formal contact with gmail, followed up with education and a plea for sanity if needed. The domain shown for my gmx acct is just gmx.com. I think even in full header, shows a US origin. I don't know if there's any stopping an 800 pound gorilla like Gmail / Google. My guess is Tor users are a tiny % of accts. Vast majority of most of internet users are clueless about dangers privacy invasion / data collection - not just w/ Gmail. Even w/ ongoing publicity of google's privacy violations (some they had to back down on), people still use it. That's not gonna change. I'm the world's worst must beat them (any entity) at their own game type person. But Tor users are usually more enlightened compared to gen. pop. Don't understand clinging to Gmail for dear life. Point taken about recipients being familiar w/ gmail, yahoo other familiar names. If more started using others - even on trial basis - they'd become more familiar names. I get a red one line warning bar near the top once in a while that says something like we noticed you coming from a strange place. set alert preference, or dismiss/ignore it. I also commonly get blue/red ones that say we don't have your recovery info: supply SMS -and/or- supply secondary email address both of which i hit dismiss/ignore on. None of these three nanny nag notices lock me out, require me to supply the requested info, require me to submit requests to let me live without suppling the info, or hinder my use in any way other than swatting down the nags once in a while. Looks like diff users get diff screens, at times, about the SMS verification and ability to bypass notices. I / others could try it diff times / ways, but just seems like (for Tor use) might be easier to use another provider. I'm tempted to try their form for new account creation (Mike's blurb). Yet I don't quite know how I would explain my request (refusal to supply). Even though it's none of their business (there aren't laws requiring them to gather very personal data), for a reason why I was asking to remove my house from street view, just stated I was law enforcement was worried about privacy / security of my family. I need to check if it's still removed. And creating another unlinked account elsewhere just for that takes time... and what happens if I deassociate it (in gmail) or delete it (on the provider) and miss or hit some sort of gmail reauthenticate wall months later. I'm not pushing any mail provider, but I found creating / deleting accts on GMX very quick. If using Tor w/ email is a goal, massive storage space w/ a provider probably isn't a concern. Neither is social networking features, etc. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 06.04.2011 13:28, Praedor Atrebates wrote: Could you elaborate a bit on this? After this discussion I went ahead and tried to create another anonymous gmail account and ran into the requires SMS hitch as discussed (and there is no option that I can see to bypass this via other means as others have described) You did it with the above-mentioned emulator? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 06.04.2011 13:37, Praedor Atrebates wrote: Just a quick note...a nice, safe, easily anonymized email account can be had at safe-mail.net. No hoops to jump through, tor friendly. I know and sometimes use it for some purposes. But they give their users only 3 Mb and they let use their resourse only through web. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On Wed, Apr 6, 2011 at 3:23 AM, Orionjur Tor-admin tor-ad...@orionjurinform.com wrote: On 06.04.2011 08:40, Moritz Bartl wrote: On 06.04.2011 10:12, grarpamp wrote: It would be nice to know how exactly the AVD is transmitted. I guess you could then easily fake the value without having to install the SDK. AVD (android virtual device)... sounds like a virtualbox instance. I don't believer it's 'transmitted' anywhere. ADB (Android Debug Bridge)... sounds like a hardware interface to a real phone (meaning identity disclosure, thus useless?). adb devices command... is supposed to list serial number. If you can use the emulator without an actual device to register a gmail account it should as well work without the emulator. The information has to be transmitted to Gmail in some way in all cases. What is ncessity to inform the Gmail team about existing methods of registering accoutns without sms? For helping 'em in their evil policy? Depends how many devices in the field they want to break :-) ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On Tue, Apr 5, 2011 at 8:38 PM, grarpamp grarp...@gmail.com wrote: If you must have GMail, I've noticed that accounts created on android devices are not subject to these checks. And yes, even when using Tor via Orbot. Since using your android is, afaik, the same as giving them your phone (SMS), or alternate identity, it would seem obvious that this would work. And thus a non-solution in general. Actually, Android is an open source project: http://source.android.com/ And also other derivatives: http://www.cyanogenmod.com/ You can run Android on a phone without google proprietary code, though most phones sold are google branded and bundled with proprietary apps. You don't have an android phone? Many good folks that would make good use of a gmail account do not have such things. Similarly, many good folks that do have such things would surely not wish to associate the identity of such a thing (IMEI/SIM/account/location/life/etc) with any gmail account just in order to get gmail. So for many, this is out based on access and/or principle alone. I do think it's ridiculous to need a cellphone to get a webmail account. That said, there are a lot of competing providers. What I don't understand is hating on Google but still wanting to use their webmail service. 1. Install the android sdk/emulator and create an avd. I tested with API 8 (android 2.2) + google apis 2. launch the emulator: emulator -http-proxy http://127.0.0.1:8118 @your_adb_name_here (the proxy settings in the gui did *not* work for me) 4. navigate through settings-accountssync-add account-google-create Interesting... - Are you suggesting that this simulator runs on a PC using unix or windows? - What is an adb_name? The android emulator can be found here: http://developer.android.com/sdk/index.html It does run on the 3 major platforms. adb_name is a typo, I meant to say avd_name -- for 'android virtual device'. - And it seems like a heavyweight solution in general. Do you have any insight into why it works? Such as its use of a certain browser string, preloaded cookie strings, or other http parameters? It would certainly be easier for many people to simply mimic those in say firefox than to setup an entire development and emulation environment. I don't have any idea how this works. If anyone is interested in poking into this I suggest adding a self-signed root CA on a device or emulator and use sslsniff + wireshark to see what is going on. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
I have the SDK installed and have run an emulator...not sure what to do with it though. I cannot transmit messages (or anything) and cannot receive anything (to what number would it go to in any case?). praedor On Wednesday, April 06, 2011 01:00:42 pm Orionjur Tor-admin wrote: On 06.04.2011 13:28, Praedor Atrebates wrote: Could you elaborate a bit on this? After this discussion I went ahead and tried to create another anonymous gmail account and ran into the requires SMS hitch as discussed (and there is no option that I can see to bypass this via other means as others have described) You did it with the above-mentioned emulator? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Economics is not practised as a science. Rather, it is a pretentious way to covertly promote political prejudices. - Fred Harrison ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
The workaround is for creating new accounts; not for receiving SMS verification of existing accounts (unfortunately). If you need a throwaway number for SMS there are a number of VOIP services that might be useful and could probably be purchased using a prepay card if you want to do it anonymously. --Aaron On Wed, Apr 6, 2011 at 1:47 PM, Praedor Atrebates prae...@yahoo.com wrote: I have the SDK installed and have run an emulator...not sure what to do with it though. I cannot transmit messages (or anything) and cannot receive anything (to what number would it go to in any case?). praedor On Wednesday, April 06, 2011 01:00:42 pm Orionjur Tor-admin wrote: On 06.04.2011 13:28, Praedor Atrebates wrote: Could you elaborate a bit on this? After this discussion I went ahead and tried to create another anonymous gmail account and ran into the requires SMS hitch as discussed (and there is no option that I can see to bypass this via other means as others have described) You did it with the above-mentioned emulator? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Economics is not practised as a science. Rather, it is a pretentious way to covertly promote political prejudices. - Fred Harrison ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
One thing you could test is adding your existing google account (one pending SMS verification) to the android emulator and see if that has any effect. It's pretty much the same process I outlined before, except hit the 'add existing' option rather than 'create new' --Aaron On Wed, Apr 6, 2011 at 1:54 PM, Aaron aag...@extc.org wrote: The workaround is for creating new accounts; not for receiving SMS verification of existing accounts (unfortunately). If you need a throwaway number for SMS there are a number of VOIP services that might be useful and could probably be purchased using a prepay card if you want to do it anonymously. --Aaron On Wed, Apr 6, 2011 at 1:47 PM, Praedor Atrebates prae...@yahoo.com wrote: I have the SDK installed and have run an emulator...not sure what to do with it though. I cannot transmit messages (or anything) and cannot receive anything (to what number would it go to in any case?). praedor On Wednesday, April 06, 2011 01:00:42 pm Orionjur Tor-admin wrote: On 06.04.2011 13:28, Praedor Atrebates wrote: Could you elaborate a bit on this? After this discussion I went ahead and tried to create another anonymous gmail account and ran into the requires SMS hitch as discussed (and there is no option that I can see to bypass this via other means as others have described) You did it with the above-mentioned emulator? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Economics is not practised as a science. Rather, it is a pretentious way to covertly promote political prejudices. - Fred Harrison ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 06.04.2011 22:54, Aaron wrote: If you need a throwaway number for SMS there are a number of VOIP services that might be useful and could probably be purchased using a prepay card if you want to do it anonymously. OT: I have recently registered a VOIP number and mistakenly entered the wrong postal address details. They wanted me to submit either a scan of a government ID or a recent phone bill. I used a free PDF editor and changed my address in the PDF to match the wrong address. A day later, the account was confirmed. -- Moritz Bartl https://www.torservers.net/ ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
I do think it's ridiculous to need a phone to get a webmail account. I just don't like their apparent stance requiring SMS/voice auth. What I don't understand is hating on Google but still wanting to use their webmail service. As mentioned earlier, it's a perception thing. And of course all the other cool Google services that come with an account, and third-party online tie-ins. And they're one of few that do not put the source IP/FQDN in the headers... which sometimes makes for more reliable mail delivery and better perception as well. 1. Install the android sdk/emulator and create an avd. I tested with API 8 (android 2.2) ditto + openjdk6 + ia32-libs on Ubuntu 10.10 amd64 updated + google apis Not sure what you mean by this. 2. launch the emulator: emulator -http-proxy http://127.0.0.1:8118 @avb 3. verify tor is working via http://check.torproject.org Done, but skipped the proxy for now, because if it doesn't work via clearnet, it won't work via tor. Note the emulator is really slow. And I've no idea how to enlarge the screen so you don't have to scroll around so much? 4. navigate through settings-accountssync-add account-google-create Ok... so This menu tree exists for me: settings accountssync Everything including and after 'add account' does not exist in the accountssync menu. settings accountssync yields just a note on screen about an Exchange account, username and password. Again via clearnet, I also tried using the android browser (the globe ball thing on the screen). https://mail.google.com/mail/signup. Filled out the page form and its captcha, hit accept/create and boom, the next page is the SMS/voice verification request as usual. So no dice there either. Can you more fully document your process as I tinker? Thanks. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
I usually require https (creation and management), imaps (retrieval), smtps/submission (sending), no automatic addition of addresses to 'contact' lists when sent via web or smtp, and an outright account deletion function. I meant to include with this: no inclusion of source IP/FQDN in the headers. And imaps should delete and purge when fetched. http://en.wikipedia.org/wiki/Comparison_of_webmail_providers Was quite surprised how many are avail besides big 3. I've found some too, just haven't had time to test and catalog them. GMX is next to try. Don't understand clinging to Gmail for dear life. They just happen to have some really good services and tie-ins that all rely on having a gmail/google account. I may just cough up $20 for a disposable phone to get that. If someday the services really become a real world value to me, sure, I'd get another phone or use my own, no problem :) ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On Apr 6, 2011 4:42 PM, grarpamp grarp...@gmail.com wrote: I do think it's ridiculous to need a phone to get a webmail account. I just don't like their apparent stance requiring SMS/voice auth. What I don't understand is hating on Google but still wanting to use their webmail service. As mentioned earlier, it's a perception thing. And of course all the other cool Google services that come with an account, and third-party online tie-ins. And they're one of few that do not put the source IP/FQDN in the headers... which sometimes makes for more reliable mail delivery and better perception as well. 1. Install the android sdk/emulator and create an avd. I tested with API 8 (android 2.2) ditto + openjdk6 + ia32-libs on Ubuntu 10.10 amd64 updated + google apis Not sure what you mean by this. when you create your avd there is a list of api versions. if you do not see listings that include '+ google apis' you may need to download those - see 'available packages' and make sure you check at least one of 'Google APIs by Google Inc. Android API ...' I used version 8. This should add the option to create a google account. 2. launch the emulator: emulator -http-proxy http://127.0.0.1:8118 @avb 3. verify tor is working via http://check.torproject.org Done, but skipped the proxy for now, because if it doesn't work via clearnet, it won't work via tor. Note the emulator is really slow. yes, it sucks. sorry. And I've no idea how to enlarge the screen so you don't have to scroll around so much? when you create an avd you have the option of specifying a custom screen resolution 4. navigate through settings-accountssync-add account-google-create Ok... so This menu tree exists for me: settings accountssync Everything including and after 'add account' does not exist in the accountssync menu. settings accountssync yields just a note on screen about an Exchange account, username and password. Again via clearnet, I also tried using the android browser (the globe ball thing on the screen). https://mail.google.com/mail/signup. Filled out the page form and its captcha, hit accept/create and boom, the next page is the SMS/voice verification request as usual. So no dice there either. Can you more fully document your process as I tinker? Thanks. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On Wed, Apr 6, 2011 at 11:25 AM, Aaron aag...@extc.org wrote: On Tue, Apr 5, 2011 at 8:38 PM, grarpamp grarp...@gmail.com wrote: If you must have GMail, I've noticed that accounts created on android devices are not subject to these checks. And yes, even when using Tor via Orbot. Since using your android is, afaik, the same as giving them your phone (SMS), or alternate identity, it would seem obvious that this would work. And thus a non-solution in general. Actually, Android is an open source project: http://source.android.com/ And also other derivatives: http://www.cyanogenmod.com/ You can run Android on a phone without google proprietary code, though most phones sold are google branded and bundled with proprietary apps. You don't have an android phone? Many good folks that would make good use of a gmail account do not have such things. Similarly, many good folks that do have such things would surely not wish to associate the identity of such a thing (IMEI/SIM/account/location/life/etc) with any gmail account just in order to get gmail. So for many, this is out based on access and/or principle alone. I do think it's ridiculous to need a cellphone to get a webmail account. That said, there are a lot of competing providers. What I don't understand is hating on Google but still wanting to use their webmail service. 1. Install the android sdk/emulator and create an avd. I tested with API 8 (android 2.2) + google apis 2. launch the emulator: emulator -http-proxy http://127.0.0.1:8118 @your_adb_name_here (the proxy settings in the gui did *not* work for me) 4. navigate through settings-accountssync-add account-google-create Interesting... - Are you suggesting that this simulator runs on a PC using unix or windows? - What is an adb_name? The android emulator can be found here: http://developer.android.com/sdk/index.html It does run on the 3 major platforms. adb_name is a typo, I meant to say avd_name -- for 'android virtual device'. - And it seems like a heavyweight solution in general. Do you have any insight into why it works? Such as its use of a certain browser string, preloaded cookie strings, or other http parameters? It would certainly be easier for many people to simply mimic those in say firefox than to setup an entire development and emulation environment. I don't have any idea how this works. If anyone is interested in poking into this I suggest adding a self-signed root CA on a device or emulator and use sslsniff + wireshark to see what is going on. Just thought I'd update this here in case anyone else is trying this. I found a nice tutorial explaining how to install a root CA here: http://wiki.cacert.org/ImportRootCert Unfortunately this did not work and the certificate is still untrusted. I also tried installing the certificate from the SD card (through settings-locationsecurity-install from sd card), but that doesn't affect the global certificate store. Attempts to create an account failed and sslsniff did not log anything. --Aaron ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
If you must have GMail, I've noticed that accounts created on android devices are not subject to these checks. And yes, even when using Tor via Orbot. You don't have an android phone? The following works too: 1. Install the android sdk/emulator and create an avd. I tested with API 8 (android 2.2) + google apis 2. launch the emulator: emulator -http-proxy http://127.0.0.1:8118 @your_adb_name_here (the proxy settings in the gui did *not* work for me) 3. verify tor is working via http://check.torproject.org 4. navigate through settings-accountssync-add account-google-create 5. solve captcha 6. profit --Aaron On Mon, Apr 4, 2011 at 10:52 PM, grarpamp grarp...@gmail.com wrote: Google requires you to be able to receive a text message or phone call to use a GMail account over Tor. 1st I've heard they REQUIRE a phone # to use Gmail over Tor. Anyone else aware this is the only way? First I've heard that they require SMS to *USE* gmail. However, SMS has been required for quite some time now to *CREATE* a new gmail account. There was a thread a few months back regarding creation. And to date, I've not been able to create a new gmail account without SMS from any exit anywhere on the planet. Nor from any residential DHCP pool I have access to. I'd bet, from the Google message about unusual activity, it was because the exit node wasn't in the same country I used when created Yeah, they like to pop up red warning banners for avid travelers. I just hit dismiss, no SMS junk required. In once case, it happened while I was using a pseudonym to contibute to another open source project and ask questions on a mailinglist. I've never had any problems sending any message anywhere, at all. Only with new account creation. And the occaisional dismissed nag notice. clicked through the help links and filled out some form explaining my desire for strong pseudonymity, and they lifted the block without a cell #. When I try creating a new account, without providing an SMS or other number, there is a form to fill out. I pick don't have phone or don't want to give number and explain the same. They ignore it. And if I recall, the account is left in a locked state. And since, rightly, no secondary address was provided, they can't reach me anyways. And any cool account name you came up with dies locked with it too. No offense to the list, but fuck google. With all their supposed brain power you'd think they could come up with something a little less brutal than a sledgehammer. Then again, I don't blame them... the GECOS, user, pass, contact, recovery, and mail content is certainly worth many millions more when combined with a phone number. Pigs. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 4/5/2011 12:52 AM, grarpamp wrote: First I've heard that they require SMS to *USE* gmail. However, SMS has been required for quite some time now to *CREATE* a new gmail account. There was a thread a few months back regarding creation. And to date, I've not been able to create a new gmail account without SMS from any exit anywhere on the planet. Nor from any residential DHCP pool I have access to. I've had this Gmail acct since 2007 (that I tried w/ Tor the other day after OP's question). I've not tried to create any new ones lately via Tor, so you may be right. What if you don't have a phone # to give them (or don't want to) - they just don't let you create an acct? In the past, I could use Tor w/ Gmail - assumed they changed policies. It's pretty nervy ( savvy) of them to attach a phone # w/ email acct. Obviously, people are eating it up w/ a spoon. Their google st. view had a pic of my house w/ car in front - showing license plate. Had them remove my house. FYI - I tried GMX w/ Tor couple days ago - worked just fine. I'd bet, from the Google message about unusual activity, it was because the exit node wasn't in the same country I used when created Yeah, they like to pop up red warning banners for avid travelers. I just hit dismiss, no SMS junk required. What do you mean by I just hit dismiss? When I tried Gmail thru Tor from a PC, there was no way to dismiss the screen. The only way (I found) around giving a phone, was fill out their investigation form, w/ a 2nd email, info about your Gmail acct, then wait for reply. I didn't follow the link they sent, but assume it'd require resetting PW. Not a good solution to this prob. I've never had any problems sending any message anywhere, at all. Are you talking about using Tor Gmail - recently, w/o SMS or other #? clicked through the help links and filled out some form explaining my desire for strong pseudonymity, and they lifted the block without a cell #. Was this a permanent lift of ban while using Tor? As in, you never had to ask them again or had problems logging in w/ Tor? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
The problem with gmail appears to be tied to certain countries. I created a completely anonymous gmail account late last year (no SMS crap) via tor. I have found that most of the time I am able to connect to my account but there are times (wrong exit node/country?) when it refuses to let log in. I use tor button on mozilla, by the way. You must enable cookies and 3rd party cookies to be able to log in. --- On Tue, 4/5/11, Joe Btfsplk joebtfs...@gmx.com wrote: From: Joe Btfsplk joebtfs...@gmx.com Subject: Re: [tor-talk] Google disable web-access to gmail for Tor-users? To: tor-talk@lists.torproject.org Date: Tuesday, April 5, 2011, 2:03 PM On 4/5/2011 12:52 AM, grarpamp wrote: First I've heard that they require SMS to *USE* gmail. However, SMS has been required for quite some time now to *CREATE* a new gmail account. There was a thread a few months back regarding creation. And to date, I've not been able to create a new gmail account without SMS from any exit anywhere on the planet. Nor from any residential DHCP pool I have access to. I've had this Gmail acct since 2007 (that I tried w/ Tor the other day after OP's question). I've not tried to create any new ones lately via Tor, so you may be right. What if you don't have a phone # to give them (or don't want to) - they just don't let you create an acct? In the past, I could use Tor w/ Gmail - assumed they changed policies. It's pretty nervy ( savvy) of them to attach a phone # w/ email acct. Obviously, people are eating it up w/ a spoon. Their google st. view had a pic of my house w/ car in front - showing license plate. Had them remove my house. FYI - I tried GMX w/ Tor couple days ago - worked just fine. I'd bet, from the Google message about unusual activity, it was because the exit node wasn't in the same country I used when created Yeah, they like to pop up red warning banners for avid travelers. I just hit dismiss, no SMS junk required. What do you mean by I just hit dismiss? When I tried Gmail thru Tor from a PC, there was no way to dismiss the screen. The only way (I found) around giving a phone, was fill out their investigation form, w/ a 2nd email, info about your Gmail acct, then wait for reply. I didn't follow the link they sent, but assume it'd require resetting PW. Not a good solution to this prob. I've never had any problems sending any message anywhere, at all. Are you talking about using Tor Gmail - recently, w/o SMS or other #? clicked through the help links and filled out some form explaining my desire for strong pseudonymity, and they lifted the block without a cell #. Was this a permanent lift of ban while using Tor? As in, you never had to ask them again or had problems logging in w/ Tor? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
Yes, thus my question about where the StrictExitNodes commands would be input / stored (maybe for specific country) ? Not sure if this was answered but you just put the entries in your torrc file. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 4/5/2011 4:54 PM, Praedor Tempus wrote: The problem with gmail appears to be tied to certain countries. I created a completely anonymous gmail account late last year (no SMS crap) via tor. I have found that most of the time I am able to connect to my account but there are times (wrong exit node/country?) when it refuses to let log in. I use tor button on mozilla, by the way. You must enable cookies and 3rd party cookies to be able to log in. The little I do use Gmail, I've never had 3rd party cookies ENABLED (login w/o Tor running) - no problems - even last week. If there's something diff about logging in w/ Tor that requires 3rd party cookies, I'd be surprised. Anything's possible, but I'd double check that. Google's already getting enough w/o requiring 3rd party cookies. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 4/5/2011 3:53 PM, Matthew wrote: Yes, thus my question about where the StrictExitNodes commands would be input / stored (maybe for specific country) ? Not sure if this was answered but you just put the entries in your torrc file. No, it wasn't answered - that I saw. Thanks. I know there's a lot on the Tor proj. site about editing torrc file. I thought it probably went there, but wasn't sure. I mentioned earlier in another reply, that might be easier to use another mail provider besides Gmail that works w/ Tor, w/o the hassle. IMHO, if one is concerned about privacy, the last mail provider on my list to use would be Gmail. Some others aren't much better, but google's straight forward about how they're going to scan your email (and everyone that replies to a Gmail email). If you have something you want to keep private, don't send it thru Gmail, for sure. Probably good advice, in general. Or use encryption. Some providers claim they don't ever scan mail - but I wouldn't stake my life on them keeping their word. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
Google requires you to be able to receive a text message or phone call to use a GMail account over Tor. 1st I've heard they REQUIRE a phone # to use Gmail over Tor. Anyone else aware this is the only way? First I've heard that they require SMS to *USE* gmail. However, SMS has been required for quite some time now to *CREATE* a new gmail account. There was a thread a few months back regarding creation. And to date, I've not been able to create a new gmail account without SMS from any exit anywhere on the planet. Nor from any residential DHCP pool I have access to. I'd bet, from the Google message about unusual activity, it was because the exit node wasn't in the same country I used when created Yeah, they like to pop up red warning banners for avid travelers. I just hit dismiss, no SMS junk required. In once case, it happened while I was using a pseudonym to contibute to another open source project and ask questions on a mailinglist. I've never had any problems sending any message anywhere, at all. Only with new account creation. And the occaisional dismissed nag notice. clicked through the help links and filled out some form explaining my desire for strong pseudonymity, and they lifted the block without a cell #. When I try creating a new account, without providing an SMS or other number, there is a form to fill out. I pick don't have phone or don't want to give number and explain the same. They ignore it. And if I recall, the account is left in a locked state. And since, rightly, no secondary address was provided, they can't reach me anyways. And any cool account name you came up with dies locked with it too. No offense to the list, but fuck google. With all their supposed brain power you'd think they could come up with something a little less brutal than a sledgehammer. Then again, I don't blame them... the GECOS, user, pass, contact, recovery, and mail content is certainly worth many millions more when combined with a phone number. Pigs. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
Thus spake Joe Btfsplk (joebtfs...@gmx.com): On 4/2/2011 2:33 PM, katmagic wrote: Google requires you to be able to receive a text message or phone call to use a GMail account over Tor. This is unrelated to Torbutton's cookie handling (which was broken but has since been fixed). Personally, I got a friend on IRC to let me use his phone for it. 1st I've heard they REQUIRE a phone # to use Gmail over Tor. Anyone else aware this is the only way? I'd bet, from the Google message about unusual activity, it was because the exit node wasn't in the same country I used when created acct. This is possible. The unusual activity message is unrelated to cookie issues, and appears to have something to do with the exit node chosen to connect to gmail. You can be asked for an SMS confirmation from one exit, and then hit New Identity and then not be asked on the next. It must have something to do with either geolocation, or the types of activity their systems see from particular exits that make them think bots are involved. In once case, it happened while I was using a pseudonym to contibute to another open source project and ask questions on a mailinglist. I was unable to get the message to go away with New Identity (possibly because sending mail to a milinglist smells extra-spammy?), so I clicked through the help links and filled out some form explaining my desire for strong pseudonymity, and they lifted the block without a cell #. Can you expand a little of Torbutton's cookie handling being fixed? Again, I'm using TB 1.3.2a. What are the criteria for TB to allow a site to set cookies? TB is not actually blocking any cookies here. At least not on purpose. The TB feature that is causing this issue is one that is designed to minimize the number of Google captchas Tor users must solve to use Google Search. We attempt to transfer the captcha-relaed cookies from all international domains, but we ended up mangling some login cookies after a change to how Google auth works. The issue is fixed in the 1.3.x series, but not in 1.2. The plan is to release 1.4.0 as the new stable ASAP, rather than backport these fixes to 1.2.x. Otherwise, Torbutton's default cookie policy is to allow cookies to persist in memory until either the Torbutton is toggled, or the browser exits. We plan to eventually extend this functionality to provide a New Identity button in the browser, to synchronize the clearing of all Firefox identifiers with the New Identity functionality of Vidalia/Tor, but this requires some additional integration work... -- Mike Perry Mad Computer Scientist fscked.org evil labs pgptlpetkCz2g.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 4/3/2011 1:06 AM, Mike Perry wrote: Thus spake Joe Btfsplk (joebtfs...@gmx.com): On 4/2/2011 2:33 PM, katmagic wrote: Google requires you to be able to receive a text message or phone call to use a GMail account over Tor. This is unrelated to Torbutton's cookie handling (which was broken but has since been fixed). Personally, I got a friend on IRC to let me use his phone for it. Since I don't retrieve email by phone (certainly not from Google), I'm not going to give them my cell / home #. I'm not aware that I have another option for the phone contact, available to me, personally. Actually, you can also fill out a form online, giving info about the acct that only the acct holder would likely know (though this form is several layers deep, to get to). In my experiment, after entering required info, their official statement is, it may take up to 24 hrs for them to investigate reply. Must also have previously set up an alternate email address, where they'll send an authorization link. In my 1st attempt at this, took about 10 min to get an email, which would then allow resetting PW. This whole process is WAY too cumbersome for frequent use - just a learning exercise for me. It might be easier to find another mail provider that works better w/ Tor. This is possible. The unusual activity message is unrelated to cookie issues, and appears to have something to do with the exit node chosen to connect to gmail. Yes, thus my question about where the StrictExitNodes commands would be input / stored (maybe for specific country) ? From diff options presented (aside from giving google a phone #), if one wanted to use Tor w/ Gmail, maybe specifying specific country exit nodes would be fastest way to get into a Gmail acct. Though won't know if that prevents the unusual activity msg from Gmail till try it. I'll try Tor w/ other email providers to see if works better. Others can do same post results. Otherwise, Torbutton's default cookie policy is to allow cookies to persist in memory until either the Torbutton is toggled, or the browser exits. We plan to eventually extend this functionality to provide a New Identity button in the browser, to synchronize the clearing of all Firefox identifiers with the New Identity functionality of Vidalia/Tor... I am assuming (please correct) that if Firefox's accept cookies from sites option is UN checked (cookies denied globally), then for Torbutton to allow a site to set cookies during Tor mode, there MUST already be an exception to allow that site to set cookies, stored in permissions.sqlite? Re: Matthew's comment: Why not let TorButton handle your cookies or allow cookies then securely delete cookies.sqlite afterwards? It appears I didn't have an exception to allow google.com to set cookies. I seldom login to Gmail. Then, only allow temp / session cookies. However (for others' info), about cookies.sqlite - appears only persistent cookies are stored in it. Session cookies are not. I believe session / temp cookies are stored in memory, unless that's changed in FX 4. IMHO, if users are worried about privacy in email, they probably should another provider than Gmail. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 02/04/11 14:04, James Brown wrote: I run Icedove 3.5.16 on Debian Squeeze (under a transparently-torified linux user), Tor v0.2.1.30, TB 1.2.5. When I try to log into my gmail accounts I have the next message: We've detected a problem with your cookie settings. Enable cookies Make sure your cookies are enabled. To enable cookies, follow these browser-specific instructions. Clear cache and cookies If you have cookies enabled but are still having trouble, clear your browser's cache and cookies. Adjust your privacy settings If clearing your cache and cookies doesn't resolve the problem, try adjusting your browser's privacy settings. If your settings are on high, manually add www.google.com to your list of allowed sites. Learn more I have enabled cookies, because it I try to clear my browser's cache and cookies but I have the same result. The next, I go to the page Changing privacy settings and I read the bellow: you have your browser's privacy settings set to 'High' you may be unable to access Google Accounts. To resolve this problem, please add www.google.com to your browser's list of allowed sites. To add allowed sites in Microsoft Internet Explorer (IE): 1. Go to the Tools menu and select Internet Options. 2. Click the Privacy tab. 3. Click the Sites... button and type www.google.com in the 'Address of Web site' section. 4. Click Allow. 5. Click OK. To add allowed sites in Mozilla Firefox: 1. Go to the Tools menu and select Options. 2. Click the Privacy tab. 3. Click Exceptions and type www.google.com in the 'Address of web site' section. 4. Click Allow. 5. Click OK. If you're accessing Google Accounts from behind a firewall, proxy, or anti-virus program, temporarily disable the program and try signing in to Google Accounts. If disabling the program resolves the issue you're experiencing, then most likely the software is causing the problem. We suggest consulting the program's online support center to find out why it might be interfering with your ability to access your Google Account. Note: if you're using a work computer, the problem may be related to your computer's corporate security settings. We suggest checking with your system administrator. The pasted message below is from 13 February 2011 and should solve the cookie problem: I am wondering if you are using Torbutton and, if so, whether you are using 1.3.2pre-alpha3? With extensions.torbutton.xfer_google_cookies as true and with the xpi downloaded (see below) I no longer received the error you have quoted. --- Can you please try the .xpi from this bug: https://trac.torproject.org/projects/tor/ticket/2377#comment:3 and let me know if it behaves ok for Google logins now? It may need a few tries, iirc, this bug is random. Be sure to go back in toabout:config and reset extensions.torbutton.xfer_google_cookies back to*true* before running your tests. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 02.04.2011 17:11, Matthew wrote: I am wondering if you are using Torbutton and, if so, whether you are using 1.3.2pre-alpha3? With extensions.torbutton.xfer_google_cookies as true and with the xpi downloaded (see below) I no longer received the error you have quoted. --- Can you please try the .xpi from this bug: https://trac.torproject.org/projects/tor/ticket/2377#comment:3 and let me know if it behaves ok for Google logins now? It may need a few tries, iirc, this bug is random. torbutton-1.3.2pre-alpha3.xpi Be sure to go back in toabout:config and reset extensions.torbutton.xfer_google_cookies back to*true* before running your tests. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk Hi, Matthew, Very thanks, I'll try it in the nearest time. But I cannot find the file of digital sign of this file (such as torbutton-1.3.2pre-alpha3.xpi.asc): https://trac.torproject.org/projects/tor/attachment/ticket/2377/torbutton-1.3.2pre-alpha3.xpi Where can I get it? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google disable web-access to gmail for Tor-users?
On 4/2/2011 2:33 PM, katmagic wrote: Google requires you to be able to receive a text message or phone call to use a GMail account over Tor. This is unrelated to Torbutton's cookie handling (which was broken but has since been fixed). Personally, I got a friend on IRC to let me use his phone for it. 1st I've heard they REQUIRE a phone # to use Gmail over Tor. Anyone else aware this is the only way? I'd bet, from the Google message about unusual activity, it was because the exit node wasn't in the same country I used when created acct. Can you expand a little of Torbutton's cookie handling being fixed? Again, I'm using TB 1.3.2a. What are the criteria for TB to allow a site to set cookies? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk