Re: Tor 0.2.2.14-alpha is out

To: or-talk@xxxxxxxxxxxxx

Subject: Re: Tor 0.2.2.14-alpha is out

From: Xinwen Fu <xinwenfu@xxxxxxxxx>

Date: Tue, 20 Jul 2010 17:10:05 -0400

Delivered-to: archiver@xxxxxxxx

Delivered-to: or-talk-outgoing@xxxxxxxx

Delivered-to: or-talk@xxxxxxxx

Delivery-date: Tue, 20 Jul 2010 17:10:12 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=FVXChBgvsWa42QKOpeRopdM5az8jFHSHSo5kOpyliM4=; b=dvgzT3cnV0T8jEYo94S7VPDDIMrEAFeUnfZ6qHqSYOp9VLBcZbtrFE1tq/9YkMi1Qr HzKwCuBe1PN36MQ2J+svBeNUuyjFelNuhyTsnMIIxl0T/cjlaBTYw8B/MSz42HRtMpRM KDDfJ6as9U9gVsHrI2jJVjmlhvROhwDOTMP7w=

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=Ky2XAGI9+UIzzI3qiU63iAuJL2pPs3wRa8Pk6EfjldLI8m8tQkXIaGAqb/Mnc1nXE8 HjpSwlkFpgf/anKqRU2es24xTRAf7xMaFRw94rxtk1dQMym0B6sNgMSOsYbtC2KIZfsw 7oq+JkJE1rRip28JzbX8EYs+u2869aItDuwCk=

In-reply-to: <AANLkTimB2qd6nYsGEC2HysawteZ3I3HabHQAXHL3O21f@xxxxxxxxxxxxxx>

References: <20100713195129.GZ10010@xxxxxxxxxxxxxx> <AANLkTilzXv2Ihaq6v6XXOmIzyI83FmsT5N-zL3HUASKw@xxxxxxxxxxxxxx> <20100719091723.GG20653@xxxxxxxxxxxxxx> <AANLkTimB2qd6nYsGEC2HysawteZ3I3HabHQAXHL3O21f@xxxxxxxxxxxxxx>

Reply-to: or-talk@xxxxxxxxxxxxx

Sender: owner-or-talk@xxxxxxxxxxxxx

On Tue, Jul 20, 2010 at 10:52 AM, Xinwen Fu <xinwenfu@xxxxxxxxx> wrote:

We have implemented the http and email bots, which are working well without much human labor work.

I'd recommend CATCHA to be implemented on the bridge http server. The email server should have at least a challenge-response mechanism. However, this challenge-response mechanism helps only a little bit. Maybe we should not have the email distribution mechanism if decent CATCHA is used on the http server?

Xinwen Fu

On Mon, Jul 19, 2010 at 5:17 AM, <andrew@xxxxxxxxxxxxxx> wrote:

On Mon, Jul 19, 2010 at 12:12:48AM +0800, moses.mason@xxxxxxxxx wrote 1.0K bytes in 27 lines about:
: Could you guys add a CAPTCHA test for the bridges page

: https://bridges.torproject.org/ ? It is almost certain that bridges
: are crawled, analyzed and blocked by bots now.

This is on the short-term todo list. However, it's been told to us that
humans are crawling the bridges, not bots. In particular, China is
crawling the https and smtp pools by human interaction, not bots.

Stopping the bots is a fine idea as well. I believe captchas are easy
to break by automated analysis already, but we'll find out when we roll
out a captcha on bridges.torproject.org.

--
Andrew Lewman
The Tor Project
pgp 0x31B0974B
+1-781-352-0568

Website: https://www.torproject.org/
Blog: https://blog.torproject.org/
Identi.ca: torproject
Skype: lewmanator

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/