[tor-talk] Why does requesting for bridges by email require a Yahoo or Gmail address?
isis at torproject.org
Sun Jul 27 19:38:06 UTC 2014
grarpamp transcribed 1.2K bytes:
> This thread talk of only gmail and yahoo, but i also believe
> outlook (hotmail) will no longer create usable accounts 
> (ie not via tor, but perhaps via clearnet?) without requiring
> phone. [Truly you mean to say 'phone' tech when you say
> prevent multiple or hard to create/abuse. But it is cheap enemical
> solution against people.] And yahoo now require phone
> to create. I wish there was not bridges mail service to anyone
> then, so we do not endorse preference to these phone collecting
> people. Or open to all instead.
> Embed a bridge in the webpage sometimes, in twitter, in
> blog, in git, in tpo.org/bridge/blah, make all kind of captcha
> and delay, telnet, slideshow, hidden service. All different
> and more rings.
> Do we underestimate the social net in oppressed
> that gives them awareness of tor, and to obtain binary
> and share bridge info in the first place? Or that oppressor
> will not burn $cheap govt SIM and IP army to get and block
> bridges from gmail to @getbridges?
> This is difficult.
>  that you can actually send mail from instead of
> just play in.
Thanks, I'm aware of the difficulties.
I don't think a SIM card is the epitome of Sybil-proof
authentication. Purchasing Yahoo emails accounts (phone verified!), as noted
on ticket #11340, costs $0.005 a piece. A SIM card doesn't prove you're a
unique human any more than 0.001 Satoshi proves you're human or solving N
CAPTCHAs proves you're human. I am increasingly convinced that the only way to
determine if a human is a unique human is to ask said human's friends. As you
can imagine, doing this without retaining a social graph of users is quite a
non-trivial task. And FWIW, the system most of us want to see implemented for
bridge distribution doesn't exactly have the most implementable
cryptography.  :/
Though perhaps you missed what I mentioned earlier: You can use Riseup
now. They don't require a phone, and I consider their form of social
verification to be the most secure way to authenticate strangers in any
currently-deployed system. It's got what activist groups have required for
years to combat snitches and feds AFK: convince a few real people that you're
a trustworthy friend, or convince a live human that you're useful and not a
parasite of some sort. There's no other proof-of-work system which is
effective against the state-level adversaries we aim to fight. They've got
more money, more guns, more CPU, more RAM, more Bitcoin, and more everything
than us, except friends.
♥Ⓐ isis agora lovecruft
Current Keys: https://blog.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1154 bytes
Desc: Digital signature
More information about the tor-talk