[tor-talk] Other bridge distribution methods [was: why does gettor require Yahoo or Gmail?]
isis
isis at torproject.org
Tue Jul 29 05:53:26 UTC 2014
Griffin Boyce transcribed 0.7K bytes:
> Matthew Finkel wrote:
> > This actually has very little to do with trust, and (as Roger said)
> > these providers were chosen because of the difficulty of creating new
> > accounts.
>
> Preventing bridge enumeration is a hard problem to solve, but I don't
> think that limiting gettor to gmail/yahoo actually solves it. It is not
> computationally difficult to pay for a few thousand yahoo addresses.
>
> What do you think about getting bridges via SMS?
That is essentially *why* BridgeDB used to require either Gmail or Yahoo,
because both email providers make accounts difficult to obtain via requiring
SMS verification.
I am never going to add SMS verification to BridgeDB. See my replies on the
rest of this thread for why I refuse to continue coding up broken, half-assed,
and non-privacy-preserving "solutions" to the verification-authentication
problem which ultimately do no more than sweep the problem under someone else's
rug.
--
♥Ⓐ isis agora lovecruft
_________________________________________________________
GPG: 4096R/A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1154 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20140729/2b831503/attachment-0001.sig>
More information about the tor-talk
mailing list