On 9/2/2013 11:59 AM, Steve Snyder wrote:
On 09/02/2013 10:02 AM, Kostas Jakeliunas wrote:
Having this tool on an unencrypted HTTP site doesn't seem safe to me. Anybody can sniff the bridge IP addresses that users submit for reporting.
It may be different if someone compiles the program locally, but AFAICT no secrets are being divulged from the globe web page. From the page the details of no bridge can be found without knowing the name of the bridge in the first place; and if someone knows that she also know the other details. One doesn't have to go to the page to do a brute force attack.
At the same time globe is useful in helping lower-level bridge operators such as myself get a better sense of what the information windows in the browser bundle are actually telling us.
If I'm wrong in any of the above, please do correct me.
eliaz gpg: 0x63D01EC6