- The YouTuber who exposed the site’s ‘softcore pedophile ring’ is under attack 4 Years Ago
- Trump randomly calls for companies to ‘step up’ their 5G efforts in U.S. 4 Years Ago
- Professional media person: Poor people have money but they just waste it on ‘benders’ 4 Years Ago
- Netflix acquires highest-grossing blockbuster of 2019 (so far) Today 9:29 AM
- Ocasio-Cortez blasts media over home reports after Coast Guard member’s hit list revealed Today 8:52 AM
- Are you being harassed by a Bernie Bro or a Bernie bot? Today 7:30 AM
- Jason Reitman is empowering toxic ‘Ghostbusters’ fanboys Today 6:55 AM
- The Twitter accounts taking on journalism’s straight, white, cis male problem Today 6:30 AM
- 12 essential Amazon Echo accessories for your smart home Today 6:00 AM
- How to watch ‘A Place to Call Home’ online for free Today 5:30 AM
- Report: Disney yanks YouTube ad spending following child exploitation accusations Wednesday 7:56 PM
- These people are organizing Fyre Fest live-action role-play parties Wednesday 6:35 PM
- White woman berates Mexican restaurant manager for speaking Spanish Wednesday 4:12 PM
- In Pixar short ‘Kitbull,’ a cat and pit bull become unlikely friends Wednesday 3:48 PM
- Stop exploiting the Jussie Smollett case to discredit LGBTQ hate crime victims Wednesday 3:28 PM
This is not a dig at Google, but it is a problem.
While working Monday morning, Gmail suddenly logged me out. After trying to get back in, I was told that my exit had been because of ‘unusual activity’ with my account.
This happens when Google automatically detects your IP address coming from geographically distinct areas in quick succession: a symptom of someone accessing your account without your permission elsewhere in the world. Or, perhaps because you’re using the popular anonymity tool Tor, which reroutes your traffic to make it appear as though you’re logging in from somewhere you’re not.
At the time, I was using Tor.
Runa Sandvik, technical advisor to Freedom of the Press Foundation and former Tor developer weighed in, saying that she has used the network and Gmail together for years, with no problems.
Although I haven’t used Tor as much as Sandvik, I am a heavy user, running it both in order to work, and for personal privacy reasons. Appearing as if I was logging in from the U.K., followed by Russia and then the U.S., for example, is hardly new activity for my Gmail account.
It’s important to point out that Google didn’t lock my account explicitly for my use of Tor. Rather, the email service’s security system “thought” my account was being fiddled with by a third party, while I’m (pretty) sure it wasn’t.
That alone would be a mere nuisance—not a problem worth mentioning. It’s what I had to do to regain access to my email that is a cause for concern: I had to register a telephone number to receive a verification code, which I then punched into my browser, unlocking my account.
Luckily, I do not live under an oppressive regime. But having to use a telephone to get back into an account could be worrisome for, say, a journalist or political dissident in a hostile country, especially one that utilizes interception technology, such as Syria or Iran. (Admittedly, if you are trying to remain undetected, you could send the code to a burner phone—but that requires quite a few more levels of forethought.)
Gmail is far from the only online service that fails to play nice with Tor. A recent blog post from the Tor Project lamented that many people have problems with popular websites when using the network. After mentioning that pressure from policy makers or Internet service providers can make it difficult for Tor to expand, the blog states: “We missed a third threat to Tor’s success: a growing number of websites treat users from anonymity services differently.” For example, “Slashdot doesn’t let you post comments over Tor, Wikipedia won’t let you edit over Tor, and Google sometimes gives you a captcha when you try to search.”
You could possibly add ‘Google locking the email accounts of people accessing their services over Tor.’
Google has not yet responded to our questions about the situation.
This is not a dig at Google. The company has been a sponsor of the Tor Project since 2007, according to a list maintained by the organization. But it does highlight that more work needs to be done to allow people to use Tor, while also accessing more mainstream services.
Photo via Ben Coombs/Flickr (CC BY SA 2.0) | Remix by Jason Reed
Joseph Cox reports on cybercrime and hacking for Vice's Motherboard site. He also maintains Spy Tech Exports on Medium, a repository for documents and data pertaining to surveillance technology. His work has also appeared on HuffPost, the MIT Technology Review, the Daily Beast, and Virus Bulletin.