[tor-talk] Google disable web-access to gmail for Tor-users?

grarpamp grarpamp at gmail.com
Thu Apr 7 07:22:00 UTC 2011


> I used version 8.

sdk tools rev 10
sdk platform-tools rev 3
plat 3.0   api 11 rev 1 + google api 11 rev 1
plat 2.3.3 api 10 rev 1 + google api 10 rev 1
plat 2.2   api  8 rev 1 + google api  8 rev 2

These all work. I wanted to install the platform-tools, platforms
and add-ons individually via the command line but didn't have luck
with the filters.

3.0 has a nice big tablet interface, but no keypad/button panels
and it seems to wedge now and then.

> This should add the option to create a google account.

The above are working as expected now.

android list
android create avd -t <id> -n <name>

> when you create an avd you have the option of specifying a custom
> screen resolution

I didn't have much luck there. My physical crt is 21" at 1600x1200.
So I'd want the android glass to be maybe 800x600, excluding the
keypad/button panels off to the right. All within an X window of
maybe 1024x768.

Anyways: emulator -avb <name> -wipe-data -scale 0.76


Regarding identities and what is being sent...

# sdk installation
Though I haven't hashed the installation tree, I don't expeect
android/google is issuing unique software packages (with embedded
certs, etc).

# avb runtime
There are notes on the developer blog about various software generated
identities. So at minimum the avd's should be regenned per account.
You could diff the avb dirs. And further unpack/mount the images.

Also: adb bugreport

# host
Though less likely, there could also be access (via java, blobs)
of the host system UUID, MAC address, etc.

# wire
It's https, can't sniff it. I doubt google still has a fallback
http creation interface either.

My guess is that if you torify the entire box, regen the avb's and
maybe change your MAC... you should be safe across accounts. But
to be sure...


>> I don't have any idea how this works. If anyone is interested in
>> poking into this I suggest adding a self-signed root CA on a device or
>> emulator and use sslsniff + wireshark to see what is going on.
> I found a nice tutorial explaining how to install a root CA here:
> http://wiki.cacert.org/ImportRootCert
> Unfortunately this did not work and the certificate is still
> untrusted. I also tried installing the certificate from the SD card
> (through settings->location&security->install from sd card), but that
> doesn't affect the global certificate store.
> Attempts to create an account failed and sslsniff did not log anything.

There's probably some android debugger that would work to trace the
I/O of the android process that's talking through the stack to google.

Regardless of what's being sent, I'm pretty sure it's using a
lightweight android domain/proxy service cluster within google.


More information about the tor-talk mailing list