Parfois, après avoir utilisé Gmail avec Tor, Google affiche un pop-up disant que votre compte peut être compromis. La fenêtre de notification liste une série d'adresses IP et de localisations à travers le monde qui ont été récemment utilisées pour accéder à votre compte.

In general, this is a false alarm: Google saw a bunch of logins from different places, as a result of running the service via Tor, and decided it was a good idea to confirm the account was being accessed by its rightful owner.

Even though this may be a byproduct of using the service via Tor, that doesn't mean you can entirely ignore the warning. It is probably a false positive, but it might not be since it is possible for someone to hijack your Google cookie.

Cookie hijacking is possible by either physical access to your computer or by watching your network traffic. En théorie, seul un accès physique devrait compromettre votre système, car Gmail et les services semblables ne devraient envoyer le témoin que par une connexion SSL. In practice, alas, it's way more complex than that.

And if somebody did steal your Google cookie, they might end up logging in from unusual places (though of course they also might not). So the summary is that since you're using Tor Browser, this security measure that Google uses isn't so useful for you, because it's full of false positives. You'll have to use other approaches, like seeing if anything looks weird on the account, or looking at the timestamps for recent logins and wondering if you actually logged in at those times.

More recently, Gmail users can turn on 2-Step Verification on their accounts to add an extra layer of security.