Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gmail Security Is a Problem For Tor Users In Repressive Countries

Posted by samzenpus on from the lets-see-what-you-got dept.

blottsie writes Google is a long-time contributor to the Tor Project. But a security feature in Gmail poses a potential problem for Tor users who live under dangerous regimes or otherwise need to protect their anonymity, reports Joseph Cox at the Daily Dot. The email service kicks users out of their login session if it detects logins from IP addresses originating in other countries, then requires a user to enter a PIN code sent to a cellphone. Unless the user has a burner phone, this could potentially betray his or her identity to authorities.

1 of 74 comments (clear)

  1. Re:under dangerous regimes by grcumb · · Score: 3, Interesting

    Whew! I feel so safe in the good old USA, the shining beacon of freedom. And I fully expect our FBI to hack down the repressive firewalls of censorship, without a warrant, and ram some of our great freedoms down their commie throats.

    I know where you're coming from (literally - I'm North American), but some beacons of freedom shine more brightly than others. In Fiji, a country which I visit professionally on a fairly regular basis, this story about a man hospitalised by military intelligence has raised some eyebrows.

    Ever since the military take-over some years ago, there have been rumours of wholesale surveillance. Numerous people who for whatever reason objected to the post-coup regime reported being contacted by police or military on the day before a gathering (for example), and asked questions about things that they could only know about by eavesdropping on their communications. Soldiers reputedly beat up a large number of people in order to intimidate them into silence. There has indeed been video released of police torturing their prisoners. [Find it yourself; I'm not going to gratify your prurience.]

    But this appears to be the first time a person has explicitly been detained tortured and imprisoned because of text messages sent complaining about the regime's leader (and lo and behold, newly-elected prime minister).

    So yes, sending authorisation keys via text message is a Very Bad Idea in some places.

    --
    Crumb's Corollary: Never bring a knife to a bun fight.