[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tor-talk] Are webmail providers biased against Tor?
On 2015-03-16 11:33, Sukhbir Singh wrote:
I have noticed that when I try to login to my Gmail or Hotmail
Tor, I invariably get asked to validate myself (e.g. receive an SMS).
is understandably due my IP being in a different country from the
IPs that I use to sign in.
However, I have experimented with StrictExitNodes. I am in New York
used a number of New York exit nodes. I still get asked to verify.
I am wondering if Tor developers or experienced users know (for a
whether or not this is "normal" or whether using an exit node
makes Gmail and Hotmail think that a "hacker" is attempting to access
This is not a case of a website e.g. Craigslist blocking Tor. It is
the use of an exit node IP automatically engenders scrutiny from
security algorithms certain webmail providers use.
Mike Hearn from Google addressed this issue on the tor-talk mailing
in October 2012, where he said this:
"Access to Google accounts via Tor (or any anonymizing proxy service)
not allowed unless you have established a track record of using those
This was in response to several TorBirdy users complaining that they
couldn't access their Gmail accounts over Tor. As someone who used to
have a Gmail account and used TorBirdy over it, there were occasional
periods where I couldn't access my account over IMAP and had to log in
through the web interface and unlock it by entering a CAPTCHA.
This was still better than what some other users who used Tor over
reported -- in some cases, Gmail would force them to provide a phone
number where Google would call or send a SMS before you could use your
account. The surprising part here was that Gmail wanted _any_ phone
number in _any_ country and not a number previously associated with
account. I am unsure how this helps them and what is the purpose
asking users to register with a phone. If one were to assume that they
wanted to know the location of the user, then why would they allow the
user to enter the number of any country? (A friend confirmed this
recently and had to enter a phone number to unlock the account. Gmail
refused to allow access until a phone number was entered, where they
could call or send a text.)
So yes, it seems like Gmail doesn't favour users using Tor.
I see. Thanks for that helpful link.
Of course, if you are in NY and you go on holiday to Nepal and login,
then Gmail will ask for validation since you have a totally different
The question I was wondering about was whether a Tor exit node is
considered suspicious even if in the same city as the user (in other
words the user hasn't gone on holiday as in the example above).
The impression seems to be that Tor is ipso facto suspicious to Gmail
irrespective of the exit node's location, whereas "abnormal" IPs (e.g.
those from Nepal) are only suspicious if they originate from outside the
usual geographical location of the user.
tor-talk mailing list - firstname.lastname@example.org
To unsubscribe or change other settings go to