<br><div class="gmail_quote">On Wed, May 26, 2010 at 3:42 PM, Al MailingList <span dir="ltr"><<a href="mailto:alpal.mailinglist@gmail.com">alpal.mailinglist@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im"><br>
</div>Is it worth adding a captcha to <a href="http://bridges.torproject.org" target="_blank">bridges.torproject.org</a>? Incidentally,<br>
what happens when "adversaries" just block access to that site?<br>
<br>
How about responding to bridge request emails with a captcha style<br>
email attachment with the IPs of bridges?<br>
<br>
That would kill any automated attempt to scrape the bridges?<br>
<font color="#888888"><br>
Al<br>
</font><div><div></div><div class="h5"><br></div></div></blockquote><div><br></div>I have a project called ObfuscaTOR which reads bridge information and displays it using captcha-style encoding. Its a wordpress plugin, and development is kinda stalled. There have been some downloads, and a Reddit post, but other then that interest seemed kind of low. I even had one guy email me to remove the project as I was helping to destroy the Tor Project.<br>
<div><br></div><div>This gets around "adversaries" blocking access because any one of the millions of bloggers can include the plugin, so you can't block the whole internet(unless you have a country wide firewall of course;) As far as automated scanning, I have heard China doesn't automate the process so much as they have thousands of workers manually scanning for things such as this.</div>
<div><br></div><div>I like your email idea though, its a lot easier to track and block email requests from the same domain. It seems like it would be a lot harder to setup lots of fake mail servers. How about incoming email being filtered based on the sender however?</div>
<div><br></div><div><br></div><div>Ryan </div></div>