- Cooking Mama’s return whips up a fresh batch of memes Tuesday 8:18 PM
- Influencer body-shames model, Photoshops photo of self to ‘prove point’ Tuesday 7:27 PM
- Boosie Badazz goes on transphobic rant about Dwyane Wade’s daughter Tuesday 6:34 PM
- Royal Family’s website accidentally links to porn instead of charity Tuesday 5:39 PM
- Republican senator spreads false conspiracy about coronavirus Tuesday 5:11 PM
- New DNA technology could help exonerate Black man serving life sentence Tuesday 4:24 PM
- ‘SNL’s’ Kenan Thompson to host the White House Correspondents’ Dinner Tuesday 3:58 PM
- Singer Summer Walker dragged for insensitive HIV comments Tuesday 2:39 PM
- This video of a teddy bear getting steam cleaned makes a perfect meme Tuesday 2:27 PM
- Ted Cruz goes on Twitter tirade over proposed vasectomy bill Tuesday 2:22 PM
- Billie Eilish says she’s stopped reading Instagram comments Tuesday 2:13 PM
- Christian group blames satanists for Twitter poll results Tuesday 1:41 PM
- Coronavirus has pandemic-themed video games topping charts Tuesday 12:58 PM
- Bloomberg said kids are drawn to socialism because they think it involves social media Tuesday 12:55 PM
- Jake Paul gives ill-informed advice on how to deal with anxiety Tuesday 12:25 PM
Gmail security is a problem for Tor users
This is not a dig at Google, but it is a problem.
While working Monday morning, Gmail suddenly logged me out. After trying to get back in, I was told that my exit had been because of ‘unusual activity’ with my account.
This happens when Google automatically detects your IP address coming from geographically distinct areas in quick succession: a symptom of someone accessing your account without your permission elsewhere in the world. Or, perhaps because you’re using the popular anonymity tool Tor, which reroutes your traffic to make it appear as though you’re logging in from somewhere you’re not.
At the time, I was using Tor.
Runa Sandvik, technical advisor to Freedom of the Press Foundation and former Tor developer weighed in, saying that she has used the network and Gmail together for years, with no problems.
Although I haven’t used Tor as much as Sandvik, I am a heavy user, running it both in order to work, and for personal privacy reasons. Appearing as if I was logging in from the U.K., followed by Russia and then the U.S., for example, is hardly new activity for my Gmail account.
It’s important to point out that Google didn’t lock my account explicitly for my use of Tor. Rather, the email service’s security system “thought” my account was being fiddled with by a third party, while I’m (pretty) sure it wasn’t.
That alone would be a mere nuisance—not a problem worth mentioning. It’s what I had to do to regain access to my email that is a cause for concern: I had to register a telephone number to receive a verification code, which I then punched into my browser, unlocking my account.
Luckily, I do not live under an oppressive regime. But having to use a telephone to get back into an account could be worrisome for, say, a journalist or political dissident in a hostile country, especially one that utilizes interception technology, such as Syria or Iran. (Admittedly, if you are trying to remain undetected, you could send the code to a burner phone—but that requires quite a few more levels of forethought.)
Gmail is far from the only online service that fails to play nice with Tor. A recent blog post from the Tor Project lamented that many people have problems with popular websites when using the network. After mentioning that pressure from policy makers or Internet service providers can make it difficult for Tor to expand, the blog states: “We missed a third threat to Tor’s success: a growing number of websites treat users from anonymity services differently.” For example, “Slashdot doesn’t let you post comments over Tor, Wikipedia won’t let you edit over Tor, and Google sometimes gives you a captcha when you try to search.”
You could possibly add ‘Google locking the email accounts of people accessing their services over Tor.’
Google has not yet responded to our questions about the situation.
This is not a dig at Google. The company has been a sponsor of the Tor Project since 2007, according to a list maintained by the organization. But it does highlight that more work needs to be done to allow people to use Tor, while also accessing more mainstream services.
Photo via Ben Coombs/Flickr (CC BY SA 2.0) | Remix by Jason Reed
Joseph Cox reports on cybercrime and hacking for Vice's Motherboard site. He also maintains Spy Tech Exports on Medium, a repository for documents and data pertaining to surveillance technology. His work has also appeared on HuffPost, the MIT Technology Review, the Daily Beast, and Virus Bulletin.