[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Why does requesting for bridges by email require a Yahoo or Gmail address?



isis transcribed 4.9K bytes:
> Mirimir transcribed 1.5K bytes:
> > On 07/24/2014 02:36 PM, Roger Dingledine wrote:
> > > On Thu, Jul 24, 2014 at 03:24:26PM -0500, Cypher wrote:
> > >> In light of the last year of disclosures by Edward Snowden, why is Tor
> > >> requiring that I establish an account with an email provider that is
> > >> completely out of my control and has a general history of complying with
> > >> law enforcement data requests? Why those two providers specically?
> > > 
> > > Because we need an adequately popular provider that makes it hard to
> > > generate lots of addresses. Otherwise an attacker could make millions
> > > of addresses and "be" millions of different people asking for bridges.
> > > 
> > > https://svn.torproject.org/svn/projects/design-paper/blocking.html#tth_sEc7.4
> > 
> > That totally makes sense.
> > 
> > > (Also, it recently became clear that it would be useful for people to
> > > access this provider via https, rather than http, so a network adversary
> > > can't just sniff the bridge addresses off the Internet when the user
> > > reads her mail. And it would also be nice to not use providers that turn
> > > their entire email databases over to the adversary, even unwittingly.
> > > Lots of adversaries and lots of goals to manage at once here.)
> > > 
> > > --Roger
> > 
> > Right, and with HTTPS, users' ISPs (and their friends) can't even see
> > that bridges are being provided. Does the bridge database talk directly
> > with Google and Yahoo mail servers, to prevent possible XKeyScore snooping?
> 
> In addition to requiring that an email provider enforce some base difficulty
> level for obtaining new accounts, BridgeDB requires that a provider must have:
> 
>  1) TLS enabled for both their SMTP and webmail/IMAP/POP interfaces. Using TLS
>     when sending and receiving to/from the provider from BridgeDB is
>     required. [0]
>  2) Verifiable DKIM signatures on the user's outgoing emails. 
> 
> I've long been in favour of removing Yahoo from the accepted providers. [1]
> However, we've decided not to do that for the sake of people who have already
> followed BridgeDB's instructions and obtained Yahoo email addresses, and we've
> opted for a different solution instead. [2]
> 
> I'm also strongly in favour of adding Riseup! to the list of acceptable
> providers, as I believe that their account security, commitment to their
> users, unwillingness to hand over logs, and difficulty of account creation to
> be orders of magnitude better than any other email provider out there. I'm
> currently working with the Riseup! birds to get (2) enabled so that we can do
> this. [3]
> 
> [0]: https://trac.torproject.org/projects/tor/ticket/10989
> [1]: https://trac.torproject.org/projects/tor/ticket/11140
> [2]: https://trac.torproject.org/projects/tor/ticket/11330
> [3]: https://trac.torproject.org/projects/tor/ticket/11139


And... obviously, five minutes after I sent that email, I realised that
Riseup!'s DKIM signature now checks out fine, meaning that you all should now
be able to email BridgeDB from a riseup.net email address to receive
bridges. [0]

Thank the Riseup! birds for fixing this (and for being all around a great
bunch of people with everything they do). <3

[0]: https://trac.torproject.org/projects/tor/ticket/11139#comment:15

-- 
 ââ isis agora lovecruft
_________________________________________________________
GPG: 4096R/A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt

Attachment: signature.asc
Description: Digital signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk