On Wed, May 26, 2010 at 3:42 PM, Al MailingList
<alpal.mailinglist@xxxxxxxxx> wrote:
Is it worth adding a captcha to bridges.torproject.org? Incidentally,
what happens when "adversaries" just block access to that site?
How about responding to bridge request emails with a captcha style
email attachment with the IPs of bridges?
That would kill any automated attempt to scrape the bridges?
Al
I have a project called ObfuscaTOR which reads bridge information and displays it using captcha-style encoding. Its a wordpress plugin, and development is kinda stalled. There have been some downloads, and a Reddit post, but other then that interest seemed kind of low. I even had one guy email me to remove the project as I was helping to destroy the Tor Project.
This gets around "adversaries" blocking access because any one of the millions of bloggers can include the plugin, so you can't block the whole internet(unless you have a country wide firewall of course;) As far as automated scanning, I have heard China doesn't automate the process so much as they have thousands of workers manually scanning for things such as this.
I like your email idea though, its a lot easier to track and block email requests from the same domain. It seems like it would be a lot harder to setup lots of fake mail servers. How about incoming email being filtered based on the sender however?
Ryan