We have implemented the http and email bots, which are working well without much human labor work.
I'd recommend CATCHA to be implemented on the bridge http server. The email server should have at least a challenge-response mechanism. However, this challenge-response mechanism helps only a little bit. Maybe we should not have the email distribution mechanism if decent CATCHA is used on the http server?
Xinwen FuOn Mon, Jul 19, 2010 at 5:17 AM, <andrew@xxxxxxxxxxxxxx> wrote:
On Mon, Jul 19, 2010 at 12:12:48AM +0800, moses.mason@xxxxxxxxx wrote 1.0K bytes in 27 lines about:
: Could you guys add a CAPTCHA test for the bridges page
: https://bridges.torproject.org/ ? It is almost certain that bridgesThis is on the short-term todo list. However, it's been told to us that
: are crawled, analyzed and blocked by bots now.
humans are crawling the bridges, not bots. In particular, China is
crawling the https and smtp pools by human interaction, not bots.
Stopping the bots is a fine idea as well. I believe captchas are easy
to break by automated analysis already, but we'll find out when we roll
out a captcha on bridges.torproject.org.
--
Andrew Lewman
The Tor Project
pgp 0x31B0974B
+1-781-352-0568
Website: https://www.torproject.org/
Blog: https://blog.torproject.org/
Identi.ca: torproject
Skype: lewmanator
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/