Slashdot Mirror
Gmail Security Is a Problem For Tor Users In Repressive Countries
blottsie writes Google is a long-time contributor to the Tor Project. But a security feature in Gmail poses a potential problem for Tor users who live under dangerous regimes or otherwise need to protect their anonymity, reports Joseph Cox at the Daily Dot. The email service kicks users out of their login session if it detects logins from IP addresses originating in other countries, then requires a user to enter a PIN code sent to a cellphone. Unless the user has a burner phone, this could potentially betray his or her identity to authorities.
Ever heard of https://support.google.com/accounts/answer/1066447?hl=en
Just disable this feature in your account settings, or better yet: don't enable it in the first place.
Google keeps trying to get me to enter a phone number. I will never comply.
that there are no alternate email providers on this green planet of our Lord and Savior Baby Jesus. Amen.
This is an obviously beneficial security feature. Just use two-factor authentication and it will almost never come up.
Or did you want random hackers in other countries to guess their way into your account data?
Good for Google for protecting my logins.
- Michael T. Babcock (Yes, I blog)
I really hate these "security" features that are based on the assumption that you've always got phone service available.
I've run into this recently with my credit card company. It used to be that I could use their service to generate a one-time use credit card number for use in online transactions. But now they've implemented a policy that every time you use it, you have to first receive a code via text message and type that into their website -- so if (like me) you spend a lot of time in places with no cell phone service, but with internet access, it becomes unusable.
The end result: I'm now stuck giving everyone my real credit card information again if I purchase something online. Genius "security" move, guys.
I don't have anything against the idea of having the option of receiving a code via a cell phone for added security -- but it needs to be an option, not something that's required across the board.
How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
Instead of using a third-party emails, somebody should build (if it doesn't exist already) a blockchain based messaging system. People would create "accounts" that consist of a uuid, and (short) messages would be distributed publicly via the chain (but signed via PGP or some such).
If you stick to a basic login only with no secondary authentication options, this doesn't happen, you just get logged in and you'll get a security notification the next time you log in from your usual location - I have a very old gmail account though, I don't know if it's still possible to set up a gmail account to work this way.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Per the AC there is an app for that, which doesn't require phone service, and there are backup codes you can print for when you don't have your phone. So although your CC company might cause problems, gmail doesn't have to.
I'm guessing most repressive countries don't have burner phones. In Saudi Arabia, we have to take government photo-ID with us to register any new SIM card. I have to enter my ID number every time I top up credit on my phone. Burners don't exist here. Anything I do on my phone or online, I do attached to my (or someone else's) identity.
I would never give Google or anyone else my cell phone number for "COUGH" security reasons. So I used TOR to sign into gmail it asked me to fill in my predetermined email address. I didn't go on from there so what's this about cellphones? Why would anyone trust a corporation that's been fined zillions of dollars for breaking laws and the customers trust? And the security works, if your a bad guy or someone who needs to hide from the government why in gods name are you using GMAIL?? lol They already told you they collect all/store your emails..DUH.
Jack of all trades,master of none
If you get googles 2 factor and run the authenticator app on ios or andriod you will not get the text messages, keeping you safe.
Surely just using a non-web client would solve this too, no?
I remember sigs. Oh, a simpler time!
Whew! I feel so safe in the good old USA, the shining beacon of freedom. And I fully expect our FBI to hack down the repressive firewalls of censorship, without a warrant, and ram some of our great freedoms down their commie throats.
I know where you're coming from (literally - I'm North American), but some beacons of freedom shine more brightly than others. In Fiji, a country which I visit professionally on a fairly regular basis, this story about a man hospitalised by military intelligence has raised some eyebrows.
Ever since the military take-over some years ago, there have been rumours of wholesale surveillance. Numerous people who for whatever reason objected to the post-coup regime reported being contacted by police or military on the day before a gathering (for example), and asked questions about things that they could only know about by eavesdropping on their communications. Soldiers reputedly beat up a large number of people in order to intimidate them into silence. There has indeed been video released of police torturing their prisoners. [Find it yourself; I'm not going to gratify your prurience.]
But this appears to be the first time a person has explicitly been detained tortured and imprisoned because of text messages sent complaining about the regime's leader (and lo and behold, newly-elected prime minister).
So yes, sending authorisation keys via text message is a Very Bad Idea in some places.
Crumb's Corollary: Never bring a knife to a bun fight.
This is extremely dangerous, and for those who heard the whoosh, I'll try to explain why by describing how easy it would be to identify/locate someone with nothing more than a Google authenticator code. Google will ALWAYS cooperate with the authorities in whatever countries they operate in.
OK, so let's assume for a second that the authorities know that an email address exists and that it's used for nefarious purposes like planning a lawful demonstration and/or it's yours. Google sends an authenticator code to your subscriber number which is registered in your name. Now the authorities know where your phone is (and can in fact track it in real time down to three feet - they could pick you out in a moving crowd using a cellular ping) and working on the assumption that it's always in your pocket they can move to apprehend you or send in a blind assassin to kill whoever's attached to the handset. The technology exists to do either.
A burn phone (it's not a burner phone, there isn't a CDRW drive attached to it) is one which is purchased anonymously, used once then discarded - phone, battery, SIM, the lot. Separated and discarded. I've found need to use burn phones, you need disposable cash in some countries as you might find that you can't buy a phone without $10 (or equivalent) of calling credit. It's very difficult to track a device that isn't powered hence isn't sending a signal anywhere.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
So you are in a third world country and are trying to plan something, communicate in a way using an existing gmail account (and you aren't concerned about the fact that those communications are hosted by Google in the US, and probably liable to warrant search, etc) -- Still want to keep your current location secret?
* Google Authenticator app works on mathematic principles and doesn't require internet access
* Single use codes can be produced in advance, and used as needed
And what if you are in one of these countries and want a gmail account, but want to do so anonymously?
* Google asks for a cell phone number on account creation, but DOESN'T REQUIRE ONE (unless you want two factor auth)... hit skip
For the truly paranoid grey hat on the go? Pre-arrange an forum online somewhere (like here, or reddit, or even usenet), and post PGP using Tor :) Get the message out, the messages in, and stay truly anonymous.
- Holy crap, I've got MOD points! Who thought that was a good idea.
You cant sign up without giving them your number anymore.
That's just not true. I just tested this and I was able to create a new Gmail account without specifying either a phone number or an alternate email address. Go try it yourself. There's a phone number field on the form but it's not mandatory.
I wish I were as sure of anything as some people are of everything
Oh, I don't know.... because you are in Somalia worried about a Somali warlord who has a tendency to crucify his opponents in the town square, and not an American corporation?
So don't use gmail. There are PLENTY of other options out there. This is a retarded complaint.
There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
Yes you're correct. I didn't over Tor. Perhaps I misunderstood that signing up over Tor was a requirement.
GGP: "I would never give Google or anyone else my cell phone number"
GP: "You cant sign up without giving them your number anymore."
Me: "Yes you can."
I have not tested it but I'm entirely willing to believe that account creation over Tor is more difficult.
I wish I were as sure of anything as some people are of everything