[tor-talk] Why does requesting for bridges by email require a Yahoo or Gmail address?

Mirimir mirimir at riseup.net
Fri Jul 25 04:48:03 UTC 2014 

On 07/24/2014 09:28 PM, Joe Btfsplk wrote:
> 
> On 7/24/2014 9:38 PM, Matthew Finkel wrote:
>> On Thu, Jul 24, 2014 at 10:29:49PM +0000, ideas buenas wrote:
>>> I don't trust Gmail nor Yahoo. Roger, found another way. No excuses,
>>> please.
>>>
>> This actually has very little to do with trust, and (as Roger said)
>> these providers were chosen because of the difficulty of creating new
>> accounts. Out of curiousity, what are you actually worried about?
>> Personally, it is sad that you need a phone number when you create
>> these accounts over Tor, but if retrieving bridges is important (and
>> it usually is), then there are usually ways to do this safely.
>>
>> Another distribution method is currently being written and we will
>> write others in the future, but please help us provide another way
>> (yes, you, please help us if the current situation is unsatisfactory!).
>> The more people we can safely help, the better.
> 
> I don't understand.  I haven't tried to create an email acct w/ Google
> in yrs, but as I understand it, unless you have a burner phone, a new
> acct won't be anonymous.
> 
> 1) Is it important to have anonymous email to request bridges? 
> Seriously.  I've never done it.

Whether or not it's crucial depends on your adversaries. If your
adversaries include the NSA or Five Eyes, it's crucial. Otherwise,
especially if your adversaries are their adversaries, it likely doesn't
matter. And if your adversaries do include the NSA etc, you need a safer
way to get your bridges ;)

If you need bridges, one of your adversaries is your ISP, or whatever
controls it. As long as you're using HTTPS, that adversary will not even
see that you got bridges. The NSA etc may know via XKeyScore, or
whatever the latest iteration is called. But that only matters if they
are working with your ISP-related adversary.

> 2) If (1) = yes, --> GOTO (4)
> 3) No sweat
> 4) Google is the wrong provider for you. :D

Even if you do need an "anonymous email address", that doesn't rule out
Gmail or Yahoo. You can create an account via public WiFi, and use
http://receive-sms-online.com/ to get the authentication code. To
protect against MAC tracking, you can use a USB WiFi adapter. That way,
there's no link to the IP address that you'll be using with Tor.

More information about the tor-talk mailing list