[tor-talk] Why does requesting for bridges by email require a Yahoo or Gmail address?

isis isis at torproject.org
Fri Jul 25 23:19:53 UTC 2014


Mirimir transcribed 1.5K bytes:
> On 07/24/2014 02:36 PM, Roger Dingledine wrote:
> > On Thu, Jul 24, 2014 at 03:24:26PM -0500, Cypher wrote:
> >> In light of the last year of disclosures by Edward Snowden, why is Tor
> >> requiring that I establish an account with an email provider that is
> >> completely out of my control and has a general history of complying with
> >> law enforcement data requests? Why those two providers specically?
> > 
> > Because we need an adequately popular provider that makes it hard to
> > generate lots of addresses. Otherwise an attacker could make millions
> > of addresses and "be" millions of different people asking for bridges.
> > 
> > https://svn.torproject.org/svn/projects/design-paper/blocking.html#tth_sEc7.4
> 
> That totally makes sense.
> 
> > (Also, it recently became clear that it would be useful for people to
> > access this provider via https, rather than http, so a network adversary
> > can't just sniff the bridge addresses off the Internet when the user
> > reads her mail. And it would also be nice to not use providers that turn
> > their entire email databases over to the adversary, even unwittingly.
> > Lots of adversaries and lots of goals to manage at once here.)
> > 
> > --Roger
> 
> Right, and with HTTPS, users' ISPs (and their friends) can't even see
> that bridges are being provided. Does the bridge database talk directly
> with Google and Yahoo mail servers, to prevent possible XKeyScore snooping?

In addition to requiring that an email provider enforce some base difficulty
level for obtaining new accounts, BridgeDB requires that a provider must have:

 1) TLS enabled for both their SMTP and webmail/IMAP/POP interfaces. Using TLS
    when sending and receiving to/from the provider from BridgeDB is
    required. [0]
 2) Verifiable DKIM signatures on the user's outgoing emails. 

I've long been in favour of removing Yahoo from the accepted providers. [1]
However, we've decided not to do that for the sake of people who have already
followed BridgeDB's instructions and obtained Yahoo email addresses, and we've
opted for a different solution instead. [2]

I'm also strongly in favour of adding Riseup! to the list of acceptable
providers, as I believe that their account security, commitment to their
users, unwillingness to hand over logs, and difficulty of account creation to
be orders of magnitude better than any other email provider out there. I'm
currently working with the Riseup! birds to get (2) enabled so that we can do
this. [3]

[0]: https://trac.torproject.org/projects/tor/ticket/10989
[1]: https://trac.torproject.org/projects/tor/ticket/11140
[2]: https://trac.torproject.org/projects/tor/ticket/11330
[3]: https://trac.torproject.org/projects/tor/ticket/11139

-- 
 ♥Ⓐ isis agora lovecruft
_________________________________________________________
GPG: 4096R/A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1154 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20140725/b459ea12/attachment.sig>


More information about the tor-talk mailing list