add in an explanation about the gmail 'account compromise' warning
Roger Dingledine commited on 2010-09-22 04:24:03
Zeige 1 geänderte Dateien mit 46 Einfügungen und 0 Löschungen.
- en/faq.wml 12849a81a..971af2e51
| ... | ... |
@@ -51,6 +51,8 @@ start.</a></li> |
| 51 | 51 |
are used for entry/exit?</a></li> |
| 52 | 52 |
<li><a href="#GoogleCaptcha">Google makes me solve a Captcha or tells |
| 53 | 53 |
me I have spyware installed.</a></li> |
| 54 |
+<li><a href="#GmailWarning">Gmail warns me that my account may have |
|
| 55 |
+been compromised.</a></li> |
|
| 54 | 56 |
</ul> |
| 55 | 57 |
|
| 56 | 58 |
<p>Running a Tor relay:</p> |
| ... | ... |
@@ -954,6 +956,50 @@ Ixquick or Bing. |
| 954 | 956 |
|
| 955 | 957 |
<hr /> |
| 956 | 958 |
|
| 959 |
+<a id="GmailWarning"></a> |
|
| 960 |
+<h3><a class="anchor" href="#GmailWarning">Gmail warns me that my account |
|
| 961 |
+may have been compromised.</a></h3> |
|
| 962 |
+ |
|
| 963 |
+<p> |
|
| 964 |
+Sometimes, after you've used Gmail over Tor recently, you'll get a pop-up |
|
| 965 |
+notice from Google that says your account may have been compromised. The |
|
| 966 |
+window lists a series of IP addresses and locations throughout the world. |
|
| 967 |
+</p> |
|
| 968 |
+ |
|
| 969 |
+<p> |
|
| 970 |
+In general this is a false alarm: Google saw a bunch of logins from |
|
| 971 |
+different places, thought that was unusual for you, and wanted to let |
|
| 972 |
+you know. If you use Tor to access a Google service, then it will appear |
|
| 973 |
+like you're coming from lots of different places. Nothing to worry about |
|
| 974 |
+in particular. |
|
| 975 |
+</p> |
|
| 976 |
+ |
|
| 977 |
+<p> |
|
| 978 |
+But that doesn't mean you can entirely ignore the warning. It's |
|
| 979 |
+<i>probably</i> a false positive, but it might not be. It is possible |
|
| 980 |
+that somebody could at some point steal your Google cookie, which would |
|
| 981 |
+allow them to log in to the Google service as you. They might steal it |
|
| 982 |
+by breaking into your computer, or by watching your network traffic at |
|
| 983 |
+Starbucks or sniffing your wireless at home (when you're not using Tor), |
|
| 984 |
+or by watching traffic going over the Tor network. In theory none of |
|
| 985 |
+this should be possible because Gmail and similar services should only |
|
| 986 |
+send the cookie over an SSL link. In practice, alas, it's <a |
|
| 987 |
+href="http://fscked.org/blog/fully-automated-active-https-cookie-hijacking">way |
|
| 988 |
+more complex than that</a>. |
|
| 989 |
+</p> |
|
| 990 |
+ |
|
| 991 |
+<p> |
|
| 992 |
+And if somebody <i>did</i> steal your google cookie, they might end |
|
| 993 |
+up logging in from unusual places (though of course they also might |
|
| 994 |
+not). So the summary is that since you're using Tor, this security |
|
| 995 |
+measure that Google uses isn't so useful for you, because it's full of |
|
| 996 |
+false positives. You'll have to use other approaches, like seeing if |
|
| 997 |
+anything looks weird on the account, or looking at the timestamps for |
|
| 998 |
+recent logins and wondering if you actually logged in at those times. |
|
| 999 |
+</p> |
|
| 1000 |
+ |
|
| 1001 |
+<hr /> |
|
| 1002 |
+ |
|
| 957 | 1003 |
<a id="RelayFlexible"></a> |
| 958 | 1004 |
<h3><a class="anchor" href="#RelayFlexible">How stable does my relay |
| 959 | 1005 |
need to be?</a></h3> |
| 960 | 1006 |