TOR has never claimed that it cannot be detected. Some countries ban the use of TOR and Onion Routing, but there are work arounds for that. You might try using one of those workarounds for more security. For absolute security, do not use the internet.
When you have questions about TOR the official advice is…
- Read through the FAQ and the Documentation
- See if your question is asked or answered on our StackExchange page. If it isn't, please consider asking it there! Then everybody else can benefit from your question and the answer to it.
- Join the #tor irc channel, state the issue, and wait patiently for help.
- Read through the archives of the mailing lists to see if anybody else has raised your issue recently. Note that you need to subscribe to the mailing lists before you can post.
For example I found a couple of FAQs that perhaps relate to some of the issues you have had with Google.
Google makes me solve a CAPTCHA or tells me I have spyware installed.
This is a known and intermittent problem; it does not mean that Google considers Tor to be spyware.
When you use Tor, you are sending queries through exit relays that are also shared by thousands of other users. Tor users typically see this message when many Tor users are querying Google in a short period of time. Google interprets the high volume of traffic from a single IP address (the exit relay you happened to pick) as somebody trying to "crawl" their website, so it slows down traffic from that IP address for a short time.
An alternate explanation is that Google tries to detect certain kinds of spyware or viruses that send distinctive queries to Google Search. It notes the IP addresses from which those queries are received (not realizing that they are Tor exit relays), and tries to warn any connections coming from those IP addresses that recent queries indicate an infection.
To our knowledge, Google is not doing anything intentionally specifically to deter or block Tor use. The error message about an infected machine should clear up again after a short time.
Gmail warns me that my account may have been compromised.
Sometimes, after you've used Gmail over Tor, Google presents a pop-up notification that your account may have been compromised. The notification window lists a series of IP addresses and locations throughout the world recently used to access your account.
In general this is a false alarm: Google saw a bunch of logins from different places, as a result of running the service via Tor, and decided it was a good idea to confirm the account was being accessed by it's rightful owner.
Even though this may be a biproduct of using the service via tor, that doesn't mean you can entirely ignore the warning. It is probably a false positive, but it might not be since it is possible for someone to hijack your Google cookie.
Cookie hijacking is possible by either physical access to your computer or by watching your network traffic. In theory only physical access should compromise your system because Gmail and similar services should only send the cookie over an SSL link. In practice, alas, it's way more complex than that.
And if somebody did steal your google cookie, they might end up logging in from unusual places (though of course they also might not). So the summary is that since you're using Tor, this security measure that Google uses isn't so useful for you, because it's full of false positives. You'll have to use other approaches, like seeing if anything looks weird on the account, or looking at the timestamps for recent logins and wondering if you actually logged in at those times.
You might find
This page on Pluggable transports helpful in working around any blocking of TOR.
