isis transcribed 4.9K bytes: > Mirimir transcribed 1.5K bytes: > > On 07/24/2014 02:36 PM, Roger Dingledine wrote: > > > On Thu, Jul 24, 2014 at 03:24:26PM -0500, Cypher wrote: > > >> In light of the last year of disclosures by Edward Snowden, why is Tor > > >> requiring that I establish an account with an email provider that is > > >> completely out of my control and has a general history of complying with > > >> law enforcement data requests? Why those two providers specically? > > > > > > Because we need an adequately popular provider that makes it hard to > > > generate lots of addresses. Otherwise an attacker could make millions > > > of addresses and "be" millions of different people asking for bridges. > > > > > > https://svn.torproject.org/svn/projects/design-paper/blocking.html#tth_sEc7.4 > > > > That totally makes sense. > > > > > (Also, it recently became clear that it would be useful for people to > > > access this provider via https, rather than http, so a network adversary > > > can't just sniff the bridge addresses off the Internet when the user > > > reads her mail. And it would also be nice to not use providers that turn > > > their entire email databases over to the adversary, even unwittingly. > > > Lots of adversaries and lots of goals to manage at once here.) > > > > > > --Roger > > > > Right, and with HTTPS, users' ISPs (and their friends) can't even see > > that bridges are being provided. Does the bridge database talk directly > > with Google and Yahoo mail servers, to prevent possible XKeyScore snooping? > > In addition to requiring that an email provider enforce some base difficulty > level for obtaining new accounts, BridgeDB requires that a provider must have: > > 1) TLS enabled for both their SMTP and webmail/IMAP/POP interfaces. Using TLS > when sending and receiving to/from the provider from BridgeDB is > required. [0] > 2) Verifiable DKIM signatures on the user's outgoing emails. > > I've long been in favour of removing Yahoo from the accepted providers. [1] > However, we've decided not to do that for the sake of people who have already > followed BridgeDB's instructions and obtained Yahoo email addresses, and we've > opted for a different solution instead. [2] > > I'm also strongly in favour of adding Riseup! to the list of acceptable > providers, as I believe that their account security, commitment to their > users, unwillingness to hand over logs, and difficulty of account creation to > be orders of magnitude better than any other email provider out there. I'm > currently working with the Riseup! birds to get (2) enabled so that we can do > this. [3] > > [0]: https://trac.torproject.org/projects/tor/ticket/10989 > [1]: https://trac.torproject.org/projects/tor/ticket/11140 > [2]: https://trac.torproject.org/projects/tor/ticket/11330 > [3]: https://trac.torproject.org/projects/tor/ticket/11139 And... obviously, five minutes after I sent that email, I realised that Riseup!'s DKIM signature now checks out fine, meaning that you all should now be able to email BridgeDB from a riseup.net email address to receive bridges. [0] Thank the Riseup! birds for fixing this (and for being all around a great bunch of people with everything they do). <3 [0]: https://trac.torproject.org/projects/tor/ticket/11139#comment:15 -- ââ isis agora lovecruft _________________________________________________________ GPG: 4096R/A3ADB67A2CDB8B35 Current Keys: https://blog.patternsinthevoid.net/isis.txt
Attachment:
signature.asc
Description: Digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk