On Sat, Jul 26, 2014 at 09:42:04PM -0700, Ken Keys wrote:
On 7/26/2014 1:54 AM, Matthew Finkel wrote:
We also do try to discard fake requests, isis actually added another yesterday!
Could you elaborate on this? I don't understand what you mean my fake requests but the incident sounds interesting.
Sure :) Fake requests meaning requests that do not appear to be from users who need bridges to access the Tor network.
The way we currently do it is by keeping a blacklist of known-spammy email addresses. When we receive a request for bridges we compare the source email address against the email addresses in the blacklist. If they are identical or very similar[0] then we probably deny[1] the request. See the ticket[2] for some more details.
[0] https://gitweb.torproject.org/user/isis/bridgedb.git/commitdiff/20b3063ffb81... [1] https://gitweb.torproject.org/user/isis/bridgedb.git/commitdiff/98a1ed16d711... [2] https://trac.torproject.org/projects/tor/ticket/9385