[tor-talk] Google disable web-access to gmail for Tor-users?

Joe Btfsplk joebtfsplk at gmx.com
Sat Apr 2 15:06:58 UTC 2011

On 4/2/2011 8:04 AM, James Brown wrote:
> I run Icedove 3.5.16 on Debian Squeeze (under a transparently-torified
> linux user), Tor v0.2.1.30, TB 1.2.5.
> When I try to log into my gmail accounts I have the next message:
>>   We've detected a problem with your cookie settings.
>> Enable cookies
>> Make sure your cookies are enabled. To enable cookies, follow these browser-specific instructions.
>> Clear cache and cookies
>> If you have cookies enabled but are still having trouble, clear your browser's cache and cookies.
>> Adjust your privacy settings
>> If clearing your cache and cookies doesn't resolve the problem, try adjusting your browser's privacy settings. If your settings are on high, manually add www.google.com to your list of allowed sites. Learn more
> I have enabled cookies, because it I try to clear my browser's cache and
> cookies but I have the same result.
> The next, I go to the page "Changing privacy settings" and I read the
> bellow:
> I.e. they reguire to connect their site avoiding the tor-net!!!
Google / Gmail requires cookies to login. I use a cookie manager addon 
in Firefox 4. I allowed Google to set temporary cookies, & didn't get 
"cookies are disabled" message. But, when open the Gmail page in Tor 
mode, try to login - it gives me the following message (which seems like 
an idiotic privacy invasion & bad security idea - from user's stand point):
> Verify your account
> We've detected unusual activity on your account. To immediately 
> restore access to your account, type your phone number below.
> *Verification Options *
> 	*Text Message*
> 	Google will send a text message containing a verification code to 
> your mobile phone.
> 	*Voice Call*
> 	Google will make an automated voice call to your phone with a 
> verification code.
> *Country *
> *Mobile phone number *
If click on link "learn more about your support options," get this screen:
> Accounts <https://www.google.com/accounts/> › Help articles 
> <http://www.google.com/support/accounts/> › Suspicious activity 
> detected on your account
> Google Accounts: Suspicious activity detected on your account
> Share Print
> Because we detected unusual activity on your account, we've disabled 
> all access for your protection. We do this to protect your privacy and 
> make sure that only you have access to your account.
> *For immediate access, follow these steps:*
>    1. Sign in to your account at http://www.google.com/accounts
>    2. You’ll be prompted to enter your phone number to verify your
>       account. Enter your phone number and choose how you want to
>       receive a verification code (SMS or voice call)
>    3. Click *Send verification code to my phone*
>    4. You may need to wait up to 10 minutes to receive our SMS or
>       voice call. Please do not request another code if the first one
>       has not arrived. Only the most recent code requested will be
>       accepted.
> If the above process does not work, you can 
> <https://www.google.com/support/accounts/bin/request.py?ara=1&hl=en&contact_type=ara&ctx=ara>fill 
> out this form, (gives a link) which asks you to provide details about 
> your account. Make sure to take your time and answer as many questions 
> as possible. If we are able to verify that you own the account, you’ll 
> be able to reset your password.
> Read this article 
> <https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=46526> 
> for more information on keeping your account secure.

This problem has been discussed before, but I don't know the real 
solution, if there is one. Because the Tor exit node (in my case) 
appears to be in a diff country than one given to Gmail when opened the 
acct (or the assumed country from my orig IP address), Google thinks it 
may be someone trying to hack the acct. There may be settings users can 
change in their acct to have Google (or other providers) to contact in a 
case like this, other than sending your phone #, to verify your 
identity. Don't think I'll be sending them my phone #. I've never seen 
this or heard of them (or any site) asking users to send their phone #. 
Yes, I'm sure I was on the real Gmail login page - 

When I set up my acct, I chose "security questions" for verification (or 
at least if forget my password), but in this case, seems Google isn't 
using that to verify I'm the real acct owner.

It might be possible to limit relays Tor uses to your country, but never 
dealt w/ that. Others will know more than me.

More information about the tor-talk mailing list