[tor-talk] Google disable web-access to gmail for Tor-users?

Aaron aagbsn at extc.org
Wed Apr 6 18:25:00 UTC 2011


On Tue, Apr 5, 2011 at 8:38 PM, grarpamp <grarpamp at gmail.com> wrote:
>> If you must have GMail, I've noticed that accounts created on android
>> devices are not subject to these checks. And yes, even when using Tor
>> via Orbot.
>
> Since using your android is, afaik, the same as giving them your
> phone (SMS), or alternate identity, it would seem obvious that this
> would work. And thus a non-solution in general.
>
Actually, Android is an open source project:
http://source.android.com/

And also other derivatives:
http://www.cyanogenmod.com/

You can run Android on a phone without google proprietary code, though
most phones sold are google branded and bundled with proprietary apps.

>> You don't have an android phone?
>
> Many good folks that would make good use of a gmail account
> do not have such things. Similarly, many good folks that do
> have such things would surely not wish to associate the identity
> of such a thing (IMEI/SIM/account/location/life/etc) with any
> gmail account just in order to get gmail. So for many, this is out
> based on access and/or principle alone.

I do think it's ridiculous to need a cellphone to get a webmail
account. That said, there are a lot of competing providers. What I
don't understand is hating on Google but still wanting to use their
webmail service.
>
>> 1. Install the android sdk/emulator and create an avd. I tested with
>> API 8 (android 2.2) + google apis
>> 2. launch the emulator: emulator -http-proxy http://127.0.0.1:8118
>> @your_adb_name_here (the proxy settings in the gui did *not* work for
>> me)
>> 4. navigate through settings->accounts&sync->add account->google->create
>
> Interesting...
> - Are you suggesting that this simulator runs on a PC using unix or windows?
> - What is an "adb_name"?

The android emulator can be found here:
http://developer.android.com/sdk/index.html
It does run on the 3 major platforms.

adb_name is a typo, I meant to say avd_name -- for 'android virtual device'.

> - And it seems like a heavyweight solution in general. Do you have any
> insight into why it works? Such as its use of a certain browser string,
> preloaded cookie strings, or other http parameters? It would certainly
> be easier for many people to simply mimic those in say firefox than
> to setup an entire development and emulation environment.

I don't have any idea how this works. If anyone is interested in
poking into this I suggest adding a self-signed root CA on a device or
emulator and use sslsniff + wireshark to see what is going on.
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>


More information about the tor-talk mailing list