- John Oliver confirms the internet’s suspicions about that ‘Lion King’ cast photo 5 Years Ago
- Report: Fake Libra accounts rampant on Facebook, Instagram 5 Years Ago
- Tennessee neighbors form human chain to help father and son escape ICE 5 Years Ago
- Google settled two multi-million dollar lawsuits this week 5 Years Ago
- How to live stream Guadalajara vs. Atletico Madrid Today 12:47 PM
- Forget Area 51—People are planning to storm the Bermuda Triangle Today 12:41 PM
- It’s too late to book a room for the Area 51 raid Today 12:28 PM
- Adam Sandler’s next Netflix film is a star-studded Halloween comedy Today 12:17 PM
- How to live stream Arsenal vs. Real Madrid Today 12:06 PM
- Netflix’s ‘7SEEDS’ is an abominable adaptation of the original manga Today 11:59 AM
- Alinity Divine hasn’t been punished for throwing her cat—and people are livid Today 10:16 AM
- Gamer Krucial B passes away during Defend the North tournament Today 9:25 AM
- Brexit supporter Boris Johnson becomes prime minister—spawning lots of memes Today 9:16 AM
- Democrats want to ban use of facial recognition in public housing Today 8:29 AM
- In America’s meme war, the left and right are fighting different battles Today 8:10 AM
This is not a dig at Google, but it is a problem.
While working Monday morning, Gmail suddenly logged me out. After trying to get back in, I was told that my exit had been because of ‘unusual activity’ with my account.
This happens when Google automatically detects your IP address coming from geographically distinct areas in quick succession: a symptom of someone accessing your account without your permission elsewhere in the world. Or, perhaps because you’re using the popular anonymity tool Tor, which reroutes your traffic to make it appear as though you’re logging in from somewhere you’re not.
At the time, I was using Tor.
Runa Sandvik, technical advisor to Freedom of the Press Foundation and former Tor developer weighed in, saying that she has used the network and Gmail together for years, with no problems.
Although I haven’t used Tor as much as Sandvik, I am a heavy user, running it both in order to work, and for personal privacy reasons. Appearing as if I was logging in from the U.K., followed by Russia and then the U.S., for example, is hardly new activity for my Gmail account.
It’s important to point out that Google didn’t lock my account explicitly for my use of Tor. Rather, the email service’s security system “thought” my account was being fiddled with by a third party, while I’m (pretty) sure it wasn’t.
That alone would be a mere nuisance—not a problem worth mentioning. It’s what I had to do to regain access to my email that is a cause for concern: I had to register a telephone number to receive a verification code, which I then punched into my browser, unlocking my account.
Luckily, I do not live under an oppressive regime. But having to use a telephone to get back into an account could be worrisome for, say, a journalist or political dissident in a hostile country, especially one that utilizes interception technology, such as Syria or Iran. (Admittedly, if you are trying to remain undetected, you could send the code to a burner phone—but that requires quite a few more levels of forethought.)
Gmail is far from the only online service that fails to play nice with Tor. A recent blog post from the Tor Project lamented that many people have problems with popular websites when using the network. After mentioning that pressure from policy makers or Internet service providers can make it difficult for Tor to expand, the blog states: “We missed a third threat to Tor’s success: a growing number of websites treat users from anonymity services differently.” For example, “Slashdot doesn’t let you post comments over Tor, Wikipedia won’t let you edit over Tor, and Google sometimes gives you a captcha when you try to search.”
You could possibly add ‘Google locking the email accounts of people accessing their services over Tor.’
Google has not yet responded to our questions about the situation.
This is not a dig at Google. The company has been a sponsor of the Tor Project since 2007, according to a list maintained by the organization. But it does highlight that more work needs to be done to allow people to use Tor, while also accessing more mainstream services.
Photo via Ben Coombs/Flickr (CC BY SA 2.0) | Remix by Jason Reed
Joseph Cox reports on cybercrime and hacking for Vice's Motherboard site. He also maintains Spy Tech Exports on Medium, a repository for documents and data pertaining to surveillance technology. His work has also appeared on HuffPost, the MIT Technology Review, the Daily Beast, and Virus Bulletin.