[tor-talk] Why does requesting for bridges by email require a Yahoo or Gmail address?
isis at torproject.org
Sat Jul 26 00:38:27 UTC 2014
isis transcribed 4.9K bytes:
> Mirimir transcribed 1.5K bytes:
> > On 07/24/2014 02:36 PM, Roger Dingledine wrote:
> > > On Thu, Jul 24, 2014 at 03:24:26PM -0500, Cypher wrote:
> > >> In light of the last year of disclosures by Edward Snowden, why is Tor
> > >> requiring that I establish an account with an email provider that is
> > >> completely out of my control and has a general history of complying with
> > >> law enforcement data requests? Why those two providers specically?
> > >
> > > Because we need an adequately popular provider that makes it hard to
> > > generate lots of addresses. Otherwise an attacker could make millions
> > > of addresses and "be" millions of different people asking for bridges.
> > >
> > > https://svn.torproject.org/svn/projects/design-paper/blocking.html#tth_sEc7.4
> > That totally makes sense.
> > > (Also, it recently became clear that it would be useful for people to
> > > access this provider via https, rather than http, so a network adversary
> > > can't just sniff the bridge addresses off the Internet when the user
> > > reads her mail. And it would also be nice to not use providers that turn
> > > their entire email databases over to the adversary, even unwittingly.
> > > Lots of adversaries and lots of goals to manage at once here.)
> > >
> > > --Roger
> > Right, and with HTTPS, users' ISPs (and their friends) can't even see
> > that bridges are being provided. Does the bridge database talk directly
> > with Google and Yahoo mail servers, to prevent possible XKeyScore snooping?
> In addition to requiring that an email provider enforce some base difficulty
> level for obtaining new accounts, BridgeDB requires that a provider must have:
> 1) TLS enabled for both their SMTP and webmail/IMAP/POP interfaces. Using TLS
> when sending and receiving to/from the provider from BridgeDB is
> required. 
> 2) Verifiable DKIM signatures on the user's outgoing emails.
> I've long been in favour of removing Yahoo from the accepted providers. 
> However, we've decided not to do that for the sake of people who have already
> followed BridgeDB's instructions and obtained Yahoo email addresses, and we've
> opted for a different solution instead. 
> I'm also strongly in favour of adding Riseup! to the list of acceptable
> providers, as I believe that their account security, commitment to their
> users, unwillingness to hand over logs, and difficulty of account creation to
> be orders of magnitude better than any other email provider out there. I'm
> currently working with the Riseup! birds to get (2) enabled so that we can do
> this. 
> : https://trac.torproject.org/projects/tor/ticket/10989
> : https://trac.torproject.org/projects/tor/ticket/11140
> : https://trac.torproject.org/projects/tor/ticket/11330
> : https://trac.torproject.org/projects/tor/ticket/11139
And... obviously, five minutes after I sent that email, I realised that
Riseup!'s DKIM signature now checks out fine, meaning that you all should now
be able to email BridgeDB from a riseup.net email address to receive
Thank the Riseup! birds for fixing this (and for being all around a great
bunch of people with everything they do). <3
♥Ⓐ isis agora lovecruft
Current Keys: https://blog.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1154 bytes
Desc: Digital signature
More information about the tor-talk