[tor-talk] Gmail and Tor

grarpamp grarpamp at gmail.com
Fri Dec 21 08:15:01 UTC 2012


Sometime within the last few weeks I witnessed a user's
gmail account becoming locked due to use of Tor via their
'strange location' 'hijack detection' mechanism. After going
through the 'reset' process as directed by gmail, they were
unable to reset and instructed [1] to wait about a weeks
timeout before trying again. Gmail's knowledge base on
the matter made specific reference to 'Tor' and anonymizing
proxies.

So just take note that if using Gmail and Tor, you may
encounter this situation. I have not yet. Nor have I heard
that user's subsequent timeout outcome.

[1] Perhaps, and likely, entirely due to said user's refusal to
supply any secondary / out of band authentication forms such
as: secondary email address, OpenID, or their phone number.
Their username and password were still intact and known,
and they always use https.

Personally I think Gmail needs to bury a "leave us anons and
corporate VPN'ers alone with this business about 'protecting us'"
option somewhere in their config, or just notice Tor/VPN/Proxy
and do it by default.


More information about the tor-talk mailing list