[tor-talk] Gmail and Tor
Mike Hearn
hearn at google.com
Mon Dec 24 14:38:41 UTC 2012
To re-iterate previous threads on this topic, if you have at least one
successful login from a Tor exit node or other anonymizing proxy
service then the security system won't hassle you when you log in from
these networks. That's how you disable it - pass verification from a
Tor login.
I don't know what the reset process or weeks timeout refers to. If
they abandoned the login process after being asked to provide some
more information then the system assumes the hijack was real and
forces a password change. Perhaps that's what they mean.
With regards to why we do this, you can review the following
presentation I gave at the RIPE 64 conference:
https://ripe64.ripe.net/presentations/48-AbuseAtScale.pdf
https://ripe64.ripe.net/archives/video/25/
or (faster) this post from Urs:
https://plus.sandbox.google.com/u/0/+UrsH%C3%B6lzle/posts/Fvr2rCPiPUu
More information about the tor-talk
mailing list