Sorry. Here is a clarification: our http and email bots "worked" well. We have stopped those bots for quite a while and have no plan to make them run again. I also realized email distribution is necessary for some people. So a challenge-response mechanism can be necessary too against bots. However, the challenge-response mechanism should be able to tell bots from humans. Otherwise, the bots can still send email, read email and analyze the email for bridges.<br>
<br>Xinwen Fu<br><br><div class="gmail_quote">On Tue, Jul 20, 2010 at 10:52 AM, Xinwen Fu <span dir="ltr"><<a href="mailto:xinwenfu@gmail.com">xinwenfu@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
We have implemented the http and email bots, which are working well
without much human labor work.<br><br>I'd recommend CATCHA to be implemented on the bridge http server. The email server should have at least a challenge-response mechanism. However, this challenge-response mechanism helps only a little bit. Maybe we should not have the email distribution mechanism if decent CATCHA is used on the http server?<br>
<font color="#888888">
<br>Xinwen Fu <br></font><div><div></div><div class="h5"><br><div class="gmail_quote">On Mon, Jul 19, 2010 at 5:17 AM, <span dir="ltr"><<a href="mailto:andrew@torproject.org" target="_blank">andrew@torproject.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
On Mon, Jul 19, 2010 at 12:12:48AM +0800, <a href="mailto:moses.mason@gmail.com" target="_blank">moses.mason@gmail.com</a> wrote 1.0K bytes in 27 lines about:<br>
: Could you guys add a CAPTCHA test for the bridges page<br>
<div>: <a href="https://bridges.torproject.org/" target="_blank">https://bridges.torproject.org/</a> ? It is almost certain that bridges<br>
: are crawled, analyzed and blocked by bots now.<br>
<br>
</div>This is on the short-term todo list. However, it's been told to us that<br>
humans are crawling the bridges, not bots. In particular, China is<br>
crawling the https and smtp pools by human interaction, not bots.<br>
<br>
Stopping the bots is a fine idea as well. I believe captchas are easy<br>
to break by automated analysis already, but we'll find out when we roll<br>
out a captcha on <a href="http://bridges.torproject.org" target="_blank">bridges.torproject.org</a>.<br>
<br>
--<br>
Andrew Lewman<br>
The Tor Project<br>
pgp 0x31B0974B<br>
+1-781-352-0568<br>
<br>
Website: <a href="https://www.torproject.org/" target="_blank">https://www.torproject.org/</a><br>
Blog: <a href="https://blog.torproject.org/" target="_blank">https://blog.torproject.org/</a><br>
Identi.ca: torproject<br>
Skype: lewmanator<br>
<div><div></div><div>***********************************************************************<br>
To unsubscribe, send an e-mail to <a href="mailto:majordomo@torproject.org" target="_blank">majordomo@torproject.org</a> with<br>
unsubscribe or-talk in the body. <a href="http://archives.seul.org/or/talk/" target="_blank">http://archives.seul.org/or/talk/</a><br>
</div></div></blockquote></div><br>
</div></div></blockquote></div><br>