Delivery-Date: Fri, 25 Jul 2014 19:27:09 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 9B4591E0A74
	for <archiver@seul.org>; Fri, 25 Jul 2014 19:27:07 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 21B0520E02;
	Fri, 25 Jul 2014 23:27:06 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 9914F300C8
 for <tor-talk@lists.torproject.org>; Fri, 25 Jul 2014 23:20:35 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id GqrPTkLqrPGj for <tor-talk@lists.torproject.org>;
 Fri, 25 Jul 2014 23:20:35 +0000 (UTC)
Received: from patternsinthevoid.net (greyarea.patternsinthevoid.net
 [106.187.37.158])
 by eugeni.torproject.org (Postfix) with ESMTP id E350E2E758
 for <tor-talk@lists.torproject.org>; Fri, 25 Jul 2014 23:20:34 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by patternsinthevoid.net (Postfix) with ESMTP id 9163D3A1414
 for <tor-talk@lists.torproject.org>; Fri, 25 Jul 2014 23:20:29 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at patternsinthevoid.net
Received: from patternsinthevoid.net ([127.0.0.1])
 by localhost (greyarea.patternsinthevoid.net [127.0.0.1]) (amavisd-new,
 port 10024)
 with ESMTP id Ax8lFKdo704Q for <tor-talk@lists.torproject.org>;
 Fri, 25 Jul 2014 23:20:09 +0000 (UTC)
Date: Fri, 25 Jul 2014 23:19:53 +0000
From: isis <isis@torproject.org>
To: tor-talk@lists.torproject.org
Message-ID: <20140725231953.GR7899@patternsinthevoid.net>
References: <53D16B7A.6000100@cpunk.us> <20140724203626.GS7408@moria.seul.org>
 <53D177B8.4010306@riseup.net>
MIME-Version: 1.0
In-Reply-To: <53D177B8.4010306@riseup.net>
X-GPG-Public-Key-URL: https://blog.patternsinthevoid.net/isis.txt
X-Louis-Lingg: In this hope do I say to you I despise you. I despise your
 order, your laws, your force-propped authority. Hang me for it!
Subject: Re: [tor-talk] Why does requesting for bridges by email require a
 Yahoo or Gmail address?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============2197664254714124341=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============2197664254714124341==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="7kD9y3RnPUgTZee0"
Content-Disposition: inline


--7kD9y3RnPUgTZee0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Mirimir transcribed 1.5K bytes:
> On 07/24/2014 02:36 PM, Roger Dingledine wrote:
> > On Thu, Jul 24, 2014 at 03:24:26PM -0500, Cypher wrote:
> >> In light of the last year of disclosures by Edward Snowden, why is Tor
> >> requiring that I establish an account with an email provider that is
> >> completely out of my control and has a general history of complying wi=
th
> >> law enforcement data requests? Why those two providers specically?
> >=20
> > Because we need an adequately popular provider that makes it hard to
> > generate lots of addresses. Otherwise an attacker could make millions
> > of addresses and "be" millions of different people asking for bridges.
> >=20
> > https://svn.torproject.org/svn/projects/design-paper/blocking.html#tth_=
sEc7.4
>=20
> That totally makes sense.
>=20
> > (Also, it recently became clear that it would be useful for people to
> > access this provider via https, rather than http, so a network adversary
> > can't just sniff the bridge addresses off the Internet when the user
> > reads her mail. And it would also be nice to not use providers that turn
> > their entire email databases over to the adversary, even unwittingly.
> > Lots of adversaries and lots of goals to manage at once here.)
> >=20
> > --Roger
>=20
> Right, and with HTTPS, users' ISPs (and their friends) can't even see
> that bridges are being provided. Does the bridge database talk directly
> with Google and Yahoo mail servers, to prevent possible XKeyScore snoopin=
g?

In addition to requiring that an email provider enforce some base difficulty
level for obtaining new accounts, BridgeDB requires that a provider must ha=
ve:

 1) TLS enabled for both their SMTP and webmail/IMAP/POP interfaces. Using =
TLS
    when sending and receiving to/from the provider from BridgeDB is
    required. [0]
 2) Verifiable DKIM signatures on the user's outgoing emails.=20

I've long been in favour of removing Yahoo from the accepted providers. [1]
However, we've decided not to do that for the sake of people who have alrea=
dy
followed BridgeDB's instructions and obtained Yahoo email addresses, and we=
've
opted for a different solution instead. [2]

I'm also strongly in favour of adding Riseup! to the list of acceptable
providers, as I believe that their account security, commitment to their
users, unwillingness to hand over logs, and difficulty of account creation =
to
be orders of magnitude better than any other email provider out there. I'm
currently working with the Riseup! birds to get (2) enabled so that we can =
do
this. [3]

[0]: https://trac.torproject.org/projects/tor/ticket/10989
[1]: https://trac.torproject.org/projects/tor/ticket/11140
[2]: https://trac.torproject.org/projects/tor/ticket/11330
[3]: https://trac.torproject.org/projects/tor/ticket/11139

--=20
 =E2=99=A5=E2=92=B6 isis agora lovecruft
_________________________________________________________
GPG: 4096R/A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt

--7kD9y3RnPUgTZee0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQMhBAEBCgELBQJT0uYZBYMB4TOAVhSAAAAAACUAKGlzaXMrc2lnbnN1YmtleUBw
YXR0ZXJuc2ludGhldm9pZC5uZXRGQzYzQUE1Q0QxOTM4NjlDMzIzNzE0NUE1QzE3
Nzc2RTI3RjdFODRESxSAAAAAABoAKGlzaXNAcGF0dGVybnNpbnRoZXZvaWQubmV0
MEE2QTU4QTE0QjU5NDZBQkRFMThFMjA3QTNBREI2N0EyQ0RCOEIzNS4aaHR0cHM6
Ly9ibG9nLnBhdHRlcm5zaW50aGV2b2lkLm5ldC9wb2xpY3kudHh0LJhodHRwczov
L2Jsb2cucGF0dGVybnNpbnRoZXZvaWQubmV0L2lzaXMudHh0AAoJEFwXd24n9+hN
T+kP/A6gT9P4Eknko1tW58gfZZMcrkrLoi9uxebE3pLyR1/dbINbIIG9yfzwAvon
l1JY0/6LiM6QR6p7Jfdeljzt0vr0oEz86jZX05ksAZbWd8w1LCAux//rLVEKLc0B
+8UlKbCjn7+BFzHm1MRoCaYxJPwKYneCtQIBSsfP7Pa2IMdED2MTZO2YrP1c2m27
Rl1W8TV6QpVKJBDMu3z94daIB4//C6EldNfj2/GC5FudEYk52NkY+rRxeIUpUMqU
bhyiRrC/mNKQiMJme4P3yssneMitsJsidf76yjZg+55p636yoFMIGYRS/lVoJJZP
irEaAfBOuNfhsu6eFQM0cKKEar6jhHW9D9/nGJdFW6eONbRLJGwN2ewRH4d4bHCA
Xn+JlCVoAO0rzcVt0RTYhZzJBIL06K6mm9SbCm695eMFmIJ8NuuEwMMX+caYzC/3
A6LsAkeZNWJoqvZtXeD6wYt/MB918EHBZ1Vkvg5bRIbK4zCNl02Zy6IkKQP7fpsb
P0Lod/yytfX2S8oAba1Kcw826meCbOMJJMS8luhDuFFSXsMo1M5o147vFiy8o5Tc
ErpIV0yyAp/xbApsQH6FKTZl9eRXaesWFEXes9U7s+eexi/+mrYlXY1WWtSOD+r4
WBgouAD6FT63sKTG5xrf5fVS3E26IYytXflrnhdIOgvHHqLJ
=QMrj
-----END PGP SIGNATURE-----

--7kD9y3RnPUgTZee0--

--===============2197664254714124341==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============2197664254714124341==--

