[tor-talk] Why does requesting for bridges by email require a Yahoo or Gmail address?

Mirimir mirimir at riseup.net
Sat Jul 26 03:57:44 UTC 2014

On 07/25/2014 06:38 PM, isis wrote:
> isis transcribed 4.9K bytes:
>> Mirimir transcribed 1.5K bytes:
>>> On 07/24/2014 02:36 PM, Roger Dingledine wrote:
>>>> On Thu, Jul 24, 2014 at 03:24:26PM -0500, Cypher wrote:
>>>>> In light of the last year of disclosures by Edward Snowden, why is Tor
>>>>> requiring that I establish an account with an email provider that is
>>>>> completely out of my control and has a general history of complying with
>>>>> law enforcement data requests? Why those two providers specically?
>>>> Because we need an adequately popular provider that makes it hard to
>>>> generate lots of addresses. Otherwise an attacker could make millions
>>>> of addresses and "be" millions of different people asking for bridges.
>>>> https://svn.torproject.org/svn/projects/design-paper/blocking.html#tth_sEc7.4
>>> That totally makes sense.
>>>> (Also, it recently became clear that it would be useful for people to
>>>> access this provider via https, rather than http, so a network adversary
>>>> can't just sniff the bridge addresses off the Internet when the user
>>>> reads her mail. And it would also be nice to not use providers that turn
>>>> their entire email databases over to the adversary, even unwittingly.
>>>> Lots of adversaries and lots of goals to manage at once here.)
>>>> --Roger
>>> Right, and with HTTPS, users' ISPs (and their friends) can't even see
>>> that bridges are being provided. Does the bridge database talk directly
>>> with Google and Yahoo mail servers, to prevent possible XKeyScore snooping?
>> In addition to requiring that an email provider enforce some base difficulty
>> level for obtaining new accounts, BridgeDB requires that a provider must have:
>>  1) TLS enabled for both their SMTP and webmail/IMAP/POP interfaces. Using TLS
>>     when sending and receiving to/from the provider from BridgeDB is
>>     required. [0]
>>  2) Verifiable DKIM signatures on the user's outgoing emails. 
>> I've long been in favour of removing Yahoo from the accepted providers. [1]
>> However, we've decided not to do that for the sake of people who have already
>> followed BridgeDB's instructions and obtained Yahoo email addresses, and we've
>> opted for a different solution instead. [2]
>> I'm also strongly in favour of adding Riseup! to the list of acceptable
>> providers, as I believe that their account security, commitment to their
>> users, unwillingness to hand over logs, and difficulty of account creation to
>> be orders of magnitude better than any other email provider out there. I'm
>> currently working with the Riseup! birds to get (2) enabled so that we can do
>> this. [3]
>> [0]: https://trac.torproject.org/projects/tor/ticket/10989
>> [1]: https://trac.torproject.org/projects/tor/ticket/11140
>> [2]: https://trac.torproject.org/projects/tor/ticket/11330
>> [3]: https://trac.torproject.org/projects/tor/ticket/11139
> And... obviously, five minutes after I sent that email, I realised that
> Riseup!'s DKIM signature now checks out fine, meaning that you all should now
> be able to email BridgeDB from a riseup.net email address to receive
> bridges. [0]

That's very cool!

> Thank the Riseup! birds for fixing this (and for being all around a great
> bunch of people with everything they do). <3

Yes, I love them too :)

> [0]: https://trac.torproject.org/projects/tor/ticket/11139#comment:15

More information about the tor-talk mailing list