[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor is out

We have implemented the http and email bots, which are working well without much human labor work.

I'd recommend CATCHA to be implemented on the bridge http server. The email server should have at least a challenge-response mechanism. However, this challenge-response mechanism helps only a little bit. Maybe we should not have the email distribution mechanism if decent CATCHA is used on the http server?

Xinwen Fu

On Mon, Jul 19, 2010 at 5:17 AM, <andrew@xxxxxxxxxxxxxx> wrote:
On Mon, Jul 19, 2010 at 12:12:48AM +0800, moses.mason@xxxxxxxxx wrote 1.0K bytes in 27 lines about:
: Could you guys add a CAPTCHA test for the bridges page
: https://bridges.torproject.org/ ? It is almost certain that bridges
: are crawled, analyzed and blocked by bots now.

This is on the short-term todo list.  However, it's been told to us that
humans are crawling the bridges, not bots.  In particular, China is
crawling the https and smtp pools by human interaction, not bots.

Stopping the bots is a fine idea as well.  I believe captchas are easy
to break by automated analysis already, but we'll find out when we roll
out a captcha on bridges.torproject.org.

Andrew Lewman
The Tor Project
pgp 0x31B0974B

Website: https://www.torproject.org/
Blog: https://blog.torproject.org/
Identi.ca: torproject
Skype:  lewmanator
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/