Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] when you are using Tor, Twitter will blocked your acc

Travis Biehn tbiehn at
Sun Jun 8 16:33:23 PDT 2014

If you have a heuristic used to apply additional scrutiny to traffic coming
from certain locations you shouldn't have:
IF it's from a bad source AND it's not in the whitelist of allowed bad

Treat them as possibly malicious and handle it like risky traffic: Throw
difficult captchas at your users and don't deny login or require password
Let users turn off logic for IP-based 'hack' attempt detection.


On Sun, Jun 8, 2014 at 5:58 PM, Jacob Appelbaum <jacob at> wrote:

> I've had my twiter account locked half a dozen times (web client,
> using Tails) in the last few weeks. It seems to be some new security
> heuristic where one is still able to login to change the password but
> the account is locked from generating new public (or DM) events.
> It is a super annoying "security feature" to say the least.
> I think some Twitter security folks are on this list - if so, I'd love
> to discuss the issue in detail. It seems like the issue is when Tor
> circuits rotate. So when I've logged in from say, a US Tor exit node,
> all is fine. After a while, I'll be exiting the Tor network through
> Germany. It appears that say, over the course of a day, I'll jump
> through ten countries. At some point, Twitter decides that this is
> abuse or evidence of hacking or something. It doesn't appear to know
> that I'm using Tor though. So while actually, I'm just consistantly
> using Tor, the GeoIP is constantly rotating. I suspect this is what
> trips the security feature in question.
> It would be nice if Twitter was a bit more intelligent about Tor
> usage. I wrote the BulkExitList feature on for
> Wikipedia. They ironically use it to block edits from Tor. Twitter
> could use that export of data or a similar one to have a list of all
> current (updated per hour with the network consensus) exit nodes and
> then do something better than Wikipedia.
> All the best,
> Jacob
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at

Twitter <> | LinkedIn
<> | GitHub <>
| <> | Google Plus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list