[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Why does requesting for bridges by email require a Yahoo or Gmail address?



On 07/24/2014 02:36 PM, Roger Dingledine wrote:
> On Thu, Jul 24, 2014 at 03:24:26PM -0500, Cypher wrote:
>> In light of the last year of disclosures by Edward Snowden, why is Tor
>> requiring that I establish an account with an email provider that is
>> completely out of my control and has a general history of complying with
>> law enforcement data requests? Why those two providers specically?
> 
> Because we need an adequately popular provider that makes it hard to
> generate lots of addresses. Otherwise an attacker could make millions
> of addresses and "be" millions of different people asking for bridges.
> 
> https://svn.torproject.org/svn/projects/design-paper/blocking.html#tth_sEc7.4

That totally makes sense.

> (Also, it recently became clear that it would be useful for people to
> access this provider via https, rather than http, so a network adversary
> can't just sniff the bridge addresses off the Internet when the user
> reads her mail. And it would also be nice to not use providers that turn
> their entire email databases over to the adversary, even unwittingly.
> Lots of adversaries and lots of goals to manage at once here.)
> 
> --Roger

Right, and with HTTPS, users' ISPs (and their friends) can't even see
that bridges are being provided. Does the bridge database talk directly
with Google and Yahoo mail servers, to prevent possible XKeyScore snooping?
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk