[tor-talk] Tor and Google error / CAPTCHAs.
Joe Btfsplk
joebtfsplk at gmx.com
Wed Sep 28 01:19:41 UTC 2016
On 9/27/2016 9:57 AM, blobby at openmailbox.org wrote:
>
>
> This is exactly my issue. If I login to my Gmail or FB account then
> invariably Gmail or FB thinks I am a suspicious person hence "Something
> seems a bit different about the way you're trying to sign in. Complete
> the step below to let us know it's you and not someone pretending to be
> you" or worse "Google couldn't verify it's you, so you can't sign in to
> this account right now." In the FB case, I am asked to identify my
> "friends" half of whom have baby photos or the image is unclear..
> Sometimes I get them wrong and am locked out for a few hours. And this
> is when connecting via the FB .onion address.
>
> IMO, and I am curious to know what Alec thinks, Google, FB, etc are
> creating far too many false positives. Googling "Something seems a bit
> different about the way you're trying to sign in" results in numerous
> cases where innocent users have been locked out.
>
> Two questions:
>
> Is there a way that using an exit node for Gmail, FB, etc will not be
> considered suspicious? Is that even possible?
I can't say about Gmail today (I hope you're not trying to use it w/
Tor, hoping for anonymity).
But w/ other login sites that balked at Tor, forcing a exit relay in
same country that you signed up from, sometimes fixed the messages like,
"We've detected unusual behavior... Give us your home phone & address &
we'll call you." :D Sometimes even Startpage, DDG, etc. will pop a
captcha. I wonder why, until I look at the exit country & it's China or
Uzbekistan or such. After I change that to a country less known for
cybercrime, no more capthcas on those sites.
>
> Is it possible to use a different proxy way to access Gmail, FB, etc
> without being seen as suspicious? For example, one could use proxychains
> with Tor followed by a SOCKS proxy to login.
Probably depends on the proxy. You could try, but I'm guessing that's
what a lot of spammers & scammers try. Gmail has pretty strict rules to
try & prevent fraud (keep a good reputation). They don't want to lose
many users, or they don't get to scan the email & scrape the private
data. Would be financial loss, so they don't want other ISPs or sites
blocking gmail.
It's hard to sign up for gmail w/ Tor. They want SMS authentication,
which is usually going to blow most users' anonymity.
By contrast, if you create an acct w/ non-Tor browser, then access it w/
TBB, that accomplishes nothing - as for anonymity.
Only creating an acct w/ TBB & then *never* accessing it w/ anything
else (& not having addons or plugins that might leak IPa) will
accomplish anonymity. For Tor Browser email, it just seems a better
idea to start w/ a provider that's both Tor friendly AND privacy /
security conscious. That's not google.
Even then, I'm not sure. What if you get an email - via TBB, that
mentions your real name, or is from someone in your town - using their
real IPa - saying, "come on over tonight, to 123 Oak St.," or gives
their phone #, etc.? Then the mail provider effectively knows which
town you live in, at minimum. The right agencies can then cross
reference that person's contacts - if they want. And then probably the
national security agency know all that.
>
> In both cases above (exit node and exit node plus SOCKS) we assume that
> the IP address more or less matches the "normal" non-proxy login. I am
> in Paris and use a Paris exit node and a Paris SOCKS proxy for example.
>
> Finally, thanks for participating in this discussion. It is rare to have
> people who work or used to work at the major webmail and social media
> companies from a) getting involved and b) providing a nuanced (not
> anti-Tor) perspective.
More information about the tor-talk
mailing list