[tor-talk] TorBirdy doesn't work with Gmail?

[Mike Hearn]

> The phone portion of this is extremely problematic - to tie a username
> to a phone may create a direct link with a government issued ID card.

Yes, we know.

For the following discussion when I say "Tor" you can assume I mean
any anonymizing proxy service. We don't have any policies specific to
Tor.

The assumption we have is that if you created a Google account without
using Tor, then you're OK with Google having some identity info, as
obviously, we already have unobfuscated IP addresses from you from
previous logins. If you wanted to remain completely untracable you
lost already. So our primary goal is to protect the account from
people who have stolen your password.

If you create an account via Tor, then you have given us evidence that
you want to use proxy services and the login security system will
largely leave you alone. Note that the signup security system WILL
phone verify you, but you don't have to use your own phone number for
that. Any number will do. It won't be saved in your account so you
won't be asked to receive a code on the same phone again. You could
get somebody else to do it for you, or (worst case scenario) buy an
account from somebody else. Buying accounts is risky because it
technically violates our ToS and if the supplier is creating a lot of
them (eg, for spammers) they may be automatically clustered and
terminated, but it's an option.

> Is there a possible way to pro-actively indicate that a user will want
> to use Tor? For example - if you notice they're regularly in Iran,
> China, Syria and so on - won't current events of filtering be enough to
> tip Google off to the political changes that impact how users connect?

I don't want to discuss our policies around anonymizing proxies in
much detail for obvious reasons. Suffice it to say we are aware of
what's going on in these countries and are sensitive to the demand for
anonymizing proxy services there.

> Is there a way to add that token to the email authentication happening
> with Thunderbird and TorBirdy?

Proving to the system that you want to use Tor by logging in via the
web more or less disables the security system for logins coming from
Tor. So that's the simplest solution.

IMAP doesn't have any notion of cookies. If an IMAP client supports
the OAuth2 standard then you can use an authentication token gained
via a web login to do that. I doubt Thunderbird supports OAuth2. See
here:

http://googledevelopers.blogspot.ch/2012/09/adding-oauth-20-support-for-imapsmtp.html

Note that we also support OAuth2 for XMPP/Jabber.

> It would be quite helpful if we could add a setup wizard to TorBirdy
> that could walk a user through doing these things safely.

If TorBirdy sees that the user is trying to use a Gmail account, I
think a dialog box saying "Please ensure you log in via the web using
Tor first" would be sufficient.

> As a slight aside - I have noticed that the Gmail login list does not
> seem to know about Tor nor about XMPP logins. It also sometimes has
> extremely inaccurate GeoIP data. I have on many occasions been warned
> that my account was hacked from China (!)

I suspect what you're seeing is a little known warning designed for
people we believe are victims of state sponsored attacks. It's an
unrelated system. If it bothers you I can put you in touch with the
people who manage that and they can take you off the list of sensitive
accounts.

We know the login audit trail we provide to end users is pretty poor
and it'd definitely be nice to improve it in future.