[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Other bridge distribution methods [was: why does gettor require Yahoo or Gmail?]



Griffin Boyce transcribed 0.7K bytes:
> Matthew Finkel wrote:
> > This actually has very little to do with trust, and (as Roger said)
> > these providers were chosen because of the difficulty of creating new
> > accounts.
> 
>   Preventing bridge enumeration is a hard problem to solve, but I don't
> think that limiting gettor to gmail/yahoo actually solves it.  It is not
> computationally difficult to pay for a few thousand yahoo addresses.
> 
>   What do you think about getting bridges via SMS?

That is essentially *why* BridgeDB used to require either Gmail or Yahoo,
because both email providers make accounts difficult to obtain via requiring
SMS verification.

I am never going to add SMS verification to BridgeDB. See my replies on the
rest of this thread for why I refuse to continue coding up broken, half-assed,
and non-privacy-preserving "solutions" to the verification-authentication
problem which ultimately do no more than sweep the problem under someone else's
rug.

-- 
 ââ isis agora lovecruft
_________________________________________________________
GPG: 4096R/A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt

Attachment: signature.asc
Description: Digital signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk