[tor-bugs] #11139 [BridgeDB]: BridgeDB's email whitelist should include @riseup.net
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Mar 27 00:24:01 UTC 2014
#11139: BridgeDB's email whitelist should include @riseup.net
--------------------------+-------------------------------------------
Reporter: isis | Owner: isis
Type: defect | Status: new
Priority: normal | Milestone:
Component: BridgeDB | Version:
Resolution: | Keywords: bridgedb-email,bridgedb-0.1.x
Actual Points: | Parent ID:
Points: |
--------------------------+-------------------------------------------
Comment (by mikeperry):
I think this is a good idea, but if we're going to change the Tor Launcher
strings, we should try to future proof it, especially if stuff like #11140
is on the table (though I would prefer limiting the yahoo bridge pool
instead of completely removing it), or we want to add new providers later.
Here's the two entities I think we should use instead of the current
single entity:
{{{
<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to
bridges at torproject.org with the line 'get bridges' by itself in the body
of the message. However, to make it harder for an attacker to learn
a lot of bridge addresses, you must send this request from one of the
following email address providers (listed in order of preference):">
<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net,
https://mail.google.com, or https://mail.yahoo.com">
}}}
This will produce:
{{{
Send email to bridges at torproject.org with the line 'get bridges' by itself
in the body of the message. However, to make it harder for an attacker to
learn a lot of bridge addresses, you must send this request from one of
the following email address providers (listed in order of preference):
https://mail.riseup.net, https://mail.google.com, or
https://mail.yahoo.com
}}}
How is that? Can we make the differing expense of crawling these three any
more clear with different (yet concise) text?
While we're at it, does the email interface allow the user to specify a
pluggable transport type? Does it give the user any additional
instructions about this, or should we also add that text to the Tor
Launcher UI?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11139#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list