On 07/24/2014 03:29 PM, mal wrote: > Food for thought: How much do you think it would cost per email to have > the same thing (collecting a heap of bridges) done via Mechanical Turk, > etc.?
I suspect that Google and Yahoo require cellphone text confirmation for multiple account attempts from a single IP address. There are workarounds, but there's more required than cheap labor. > On 07/24/2014 05:16 PM, Mirimir wrote: >> On 07/24/2014 02:36 PM, Roger Dingledine wrote: >>> On Thu, Jul 24, 2014 at 03:24:26PM -0500, Cypher wrote: >>>> In light of the last year of disclosures by Edward Snowden, why is Tor >>>> requiring that I establish an account with an email provider that is >>>> completely out of my control and has a general history of complying with >>>> law enforcement data requests? Why those two providers specically? >>> >>> Because we need an adequately popular provider that makes it hard to >>> generate lots of addresses. Otherwise an attacker could make millions >>> of addresses and "be" millions of different people asking for bridges. >>> >>> https://svn.torproject.org/svn/projects/design-paper/blocking.html#tth_sEc7.4 >> >> That totally makes sense. >> >>> (Also, it recently became clear that it would be useful for people to >>> access this provider via https, rather than http, so a network adversary >>> can't just sniff the bridge addresses off the Internet when the user >>> reads her mail. And it would also be nice to not use providers that turn >>> their entire email databases over to the adversary, even unwittingly. >>> Lots of adversaries and lots of goals to manage at once here.) >>> >>> --Roger >> >> Right, and with HTTPS, users' ISPs (and their friends) can't even see >> that bridges are being provided. Does the bridge database talk directly >> with Google and Yahoo mail servers, to prevent possible XKeyScore snooping? >> > > > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
