[tor-talk] Why does requesting for bridges by email require a Yahoo or Gmail address?
obx at riseup.net
Fri Jul 25 15:44:21 UTC 2014
> Because we need an adequately popular provider that makes it hard to
> generate lots of addresses. Otherwise an attacker could make millions
> of addresses and "be" millions of different people asking for bridges.
I know this is the reason, but there are still captchas, right?
Also, I think this list needs to be expanded.
> (Also, it recently became clear that it would be useful for people to
> access this provider via https, rather than http, so a network adversary
> can't just sniff the bridge addresses off the Internet when the user
> reads her mail.
I'm not sure if gmail is safe against this recent adversary, regardless
of the protocol.
More information about the tor-talk