apply nil's faq patch from ticket 1965.
Andrew Lewman

Andrew Lewman commited on 2011-01-26 20:29:49
Zeige 1 geänderte Dateien mit 22 Einfügungen und 21 Löschungen.

... ...
@@ -992,31 +992,32 @@ may have been compromised.</a></h3>
992 992
 
993 993
 <p>
994 994
 Sometimes, after you've used Gmail over Tor, Google presents a
995
-pop-up notification that your account may have been compromised. The
996
-notification window lists a series of IP addresses and locations throughout
997
-the world recently used to access your account.
995
+pop-up notification that your account may have been compromised.
996
+The notification window lists a series of IP addresses and locations
997
+throughout the world recently used to access your account.
998 998
 </p>
999 999
 
1000 1000
 <p>
1001 1001
 In general this is a false alarm: Google saw a bunch of logins from
1002
-different places  and wanted to let
1003
-you know. If you use Tor to access a Google service, then it will appear
1004
-like you're coming from lots of different places. Nothing to worry about
1005
-in particular.
1006
-</p>
1007
-
1008
-<p>
1009
-But that doesn't mean you can entirely ignore the warning. It's
1010
-<i>probably</i> a false positive, but it might not be. It is possible
1011
-that somebody could at some point steal your Google cookie, which would
1012
-allow them to log in to the Google service as you. They might steal it
1013
-by breaking into your computer, or by watching your network traffic at
1014
-Starbucks or sniffing your wireless at home (when you're not using Tor),
1015
-or by watching traffic going over the Tor network. In theory none of
1016
-this should be possible because Gmail and similar services should only
1017
-send the cookie over an SSL link. In practice, alas, it's <a
1018
-href="http://fscked.org/blog/fully-automated-active-https-cookie-hijacking">way
1019
-more complex than that</a>.
1002
+different places, as a result of running the service via Tor, and decided
1003
+it was a good idea to confirm the account was being accessed by it's
1004
+rightful owner.
1005
+</p>
1006
+
1007
+<p>
1008
+Even though this may be a biproduct of using the service via tor,
1009
+that doesn't mean you can entirely ignore the warning. It is
1010
+<i>probably</i> a false positive, but it might not be since it is
1011
+possible for someone to hijack your Google cookie.
1012
+</p>
1013
+
1014
+<p>
1015
+Cookie hijacking is possible by either physical access to your computer
1016
+or by watching your network traffic.  In theory only physical access
1017
+should compromise your system because Gmail and similar services
1018
+should only send the cookie over an SSL link. In practice, alas, it's <a
1019
+href="http://fscked.org/blog/fully-automated-active-https-cookie-hijacking">
1020
+way more complex than that</a>.
1020 1021
 </p>
1021 1022
 
1022 1023
 <p>
1023 1024