[tor-talk] Why does requesting for bridges by email require a Yahoo or Gmail address?

obx obx at riseup.net
Fri Jul 25 15:44:21 UTC 2014

> Because we need an adequately popular provider that makes it hard to
> generate lots of addresses. Otherwise an attacker could make millions
> of addresses and "be" millions of different people asking for bridges.

I know this is the reason, but there are still captchas, right?

Also, I think this list needs to be expanded.

> (Also, it recently became clear that it would be useful for people to
> access this provider via https, rather than http, so a network adversary
> can't just sniff the bridge addresses off the Internet when the user
> reads her mail.

I'm not sure if gmail is safe against this recent adversary, regardless
of the protocol.

More information about the tor-talk mailing list