> The phone portion of this is extremely problematic - to tie a username > to a phone may create a direct link with a government issued ID card.
Yes, we know. For the following discussion when I say "Tor" you can assume I mean any anonymizing proxy service. We don't have any policies specific to Tor. The assumption we have is that if you created a Google account without using Tor, then you're OK with Google having some identity info, as obviously, we already have unobfuscated IP addresses from you from previous logins. If you wanted to remain completely untracable you lost already. So our primary goal is to protect the account from people who have stolen your password. If you create an account via Tor, then you have given us evidence that you want to use proxy services and the login security system will largely leave you alone. Note that the signup security system WILL phone verify you, but you don't have to use your own phone number for that. Any number will do. It won't be saved in your account so you won't be asked to receive a code on the same phone again. You could get somebody else to do it for you, or (worst case scenario) buy an account from somebody else. Buying accounts is risky because it technically violates our ToS and if the supplier is creating a lot of them (eg, for spammers) they may be automatically clustered and terminated, but it's an option. > Is there a possible way to pro-actively indicate that a user will want > to use Tor? For example - if you notice they're regularly in Iran, > China, Syria and so on - won't current events of filtering be enough to > tip Google off to the political changes that impact how users connect? I don't want to discuss our policies around anonymizing proxies in much detail for obvious reasons. Suffice it to say we are aware of what's going on in these countries and are sensitive to the demand for anonymizing proxy services there. > Is there a way to add that token to the email authentication happening > with Thunderbird and TorBirdy? Proving to the system that you want to use Tor by logging in via the web more or less disables the security system for logins coming from Tor. So that's the simplest solution. IMAP doesn't have any notion of cookies. If an IMAP client supports the OAuth2 standard then you can use an authentication token gained via a web login to do that. I doubt Thunderbird supports OAuth2. See here: http://googledevelopers.blogspot.ch/2012/09/adding-oauth-20-support-for-imapsmtp.html Note that we also support OAuth2 for XMPP/Jabber. > It would be quite helpful if we could add a setup wizard to TorBirdy > that could walk a user through doing these things safely. If TorBirdy sees that the user is trying to use a Gmail account, I think a dialog box saying "Please ensure you log in via the web using Tor first" would be sufficient. > As a slight aside - I have noticed that the Gmail login list does not > seem to know about Tor nor about XMPP logins. It also sometimes has > extremely inaccurate GeoIP data. I have on many occasions been warned > that my account was hacked from China (!) I suspect what you're seeing is a little known warning designed for people we believe are victims of state sponsored attacks. It's an unrelated system. If it bothers you I can put you in touch with the people who manage that and they can take you off the list of sensitive accounts. We know the login audit trail we provide to end users is pretty poor and it'd definitely be nice to improve it in future. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk