Food for thought: How much do you think it would cost per email to have the same thing (collecting a heap of bridges) done via Mechanical Turk, etc.? On 07/24/2014 05:16 PM, Mirimir wrote: > On 07/24/2014 02:36 PM, Roger Dingledine wrote: >> On Thu, Jul 24, 2014 at 03:24:26PM -0500, Cypher wrote: >>> In light of the last year of disclosures by Edward Snowden, why is Tor >>> requiring that I establish an account with an email provider that is >>> completely out of my control and has a general history of complying with >>> law enforcement data requests? Why those two providers specically? >> >> Because we need an adequately popular provider that makes it hard to >> generate lots of addresses. Otherwise an attacker could make millions >> of addresses and "be" millions of different people asking for bridges. >> >> https://svn.torproject.org/svn/projects/design-paper/blocking.html#tth_sEc7.4 > > That totally makes sense. > >> (Also, it recently became clear that it would be useful for people to >> access this provider via https, rather than http, so a network adversary >> can't just sniff the bridge addresses off the Internet when the user >> reads her mail. And it would also be nice to not use providers that turn >> their entire email databases over to the adversary, even unwittingly. >> Lots of adversaries and lots of goals to manage at once here.) >> >> --Roger > > Right, and with HTTPS, users' ISPs (and their friends) can't even see > that bridges are being provided. Does the bridge database talk directly > with Google and Yahoo mail servers, to prevent possible XKeyScore snooping? >
Attachment:
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk