11.27.07
Google + Tor
It seems to me that Google isn't the biggest fan of Tor...
Do a search for 'what's my IP' and you get a number of results, whatsmyip.org being the first one. Now do that same search with Tor running... I got a 403 page from Google:
We're sorry...
... but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can't process your request right now.
We'll restore your access as quickly as possible, so try again soon. In the meantime, if you suspect that your computer or network has been infected, you might want to run a virus checker or spyware remover to make sure that your systems are free of viruses and other spurious software.
We apologize for the inconvenience, and hope we'll see you again on Google.
To continue searching, please type the characters you see below:
If you can read this, you do not have images enabled. Please enable images in order to proceed.
Disable Tor and once again I can run the query.
Ryan Poppa said,
November 27, 2007 at 11:36 am
Sorry dude. This is the standard error that you get when Google has seen too many “requests” coming from your IP that seem suspicious and/or automated without using the Google API
The likely culprit is that someone who is using Tor (and is exiting through the present proxy that you are using), is making some pretty heavy handed requests to Google and Google is blocking your outbound IP, which is the tor proxy you are presently using.
Tyler Reguly said,
November 27, 2007 at 11:39 am
Someone using Tor may be making Google not like Tor… but that doesn’t change the fact that Google doesn’t like Tor :)… I’ve actually changed my exit points numerous times and every exit point has the same result. On top of that, the CAPTCHA image doesn’t appear… which would normally allow you to bypass the message… however if you disable Tor and refresh, the CAPTCHA image is there.
Jibbler said,
November 27, 2007 at 11:39 am
Are you sure this has anything to do with Tor? That looks like the standard error you get from Google if you appear to be doing lots of automated queries. Bearing in mind how many other clients (humans and bots) are likely to be using the same Tor exit node, that is not a surprising phenomonon. I doubt Google are explicitly blocking use of Tor.
Ero Carrera said,
November 27, 2007 at 12:46 pm
I vote for the hypothesis that they are just blocking it because of too many queries coming out of those IPs… maybe they blacklist them once they go beyond certain threshold (hence the missing CAPTCHA as well). I’ve been playing with “unofficial” query automation (i.e. not using Google API) and doesn’t really take much to upset their automation detection algorithms… it’s enough with a few queries fast enough.
Tyler Reguly said,
November 27, 2007 at 5:16 pm
I agree that Google is most likely blocking the IPs because of automated scanning by someone via Tor… however I still think at some point they are blacklisting the exit points permanently…
nil0lab said,
December 2, 2007 at 12:24 am
It may also have to do with privoxy sanitizing the request and google not getting the (excessive amount of) data a browser usually gives them with a request (referrer, os, etc.)
one who reads the faq said,
December 17, 2007 at 3:22 pm
“To our knowledge, Google is not doing anything intentionally specifically to deter or block Tor use. The error message about an infected machine should clear up again after a short time.”
http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#GoogleSpyware