[tor-talk] Why does requesting for bridges by email require a Yahoo or Gmail address?

Mirimir mirimir at riseup.net
Thu Jul 24 21:16:40 UTC 2014


On 07/24/2014 02:36 PM, Roger Dingledine wrote:
> On Thu, Jul 24, 2014 at 03:24:26PM -0500, Cypher wrote:
>> In light of the last year of disclosures by Edward Snowden, why is Tor
>> requiring that I establish an account with an email provider that is
>> completely out of my control and has a general history of complying with
>> law enforcement data requests? Why those two providers specically?
> 
> Because we need an adequately popular provider that makes it hard to
> generate lots of addresses. Otherwise an attacker could make millions
> of addresses and "be" millions of different people asking for bridges.
> 
> https://svn.torproject.org/svn/projects/design-paper/blocking.html#tth_sEc7.4

That totally makes sense.

> (Also, it recently became clear that it would be useful for people to
> access this provider via https, rather than http, so a network adversary
> can't just sniff the bridge addresses off the Internet when the user
> reads her mail. And it would also be nice to not use providers that turn
> their entire email databases over to the adversary, even unwittingly.
> Lots of adversaries and lots of goals to manage at once here.)
> 
> --Roger

Right, and with HTTPS, users' ISPs (and their friends) can't even see
that bridges are being provided. Does the bridge database talk directly
with Google and Yahoo mail servers, to prevent possible XKeyScore snooping?


More information about the tor-talk mailing list