Delivery-Date: Sun, 27 Jul 2014 12:11:59 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id C84DF1E02C2
	for <archiver@seul.org>; Sun, 27 Jul 2014 12:11:57 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 88C772FC7A;
	Sun, 27 Jul 2014 16:11:55 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id E8ABB2D154
 for <tor-talk@lists.torproject.org>; Sun, 27 Jul 2014 16:00:59 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id oVdHMLelIqDo for <tor-talk@lists.torproject.org>;
 Sun, 27 Jul 2014 16:00:59 +0000 (UTC)
Received: from mail-wi0-x236.google.com (mail-wi0-x236.google.com
 [IPv6:2a00:1450:400c:c05::236])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 883582C427
 for <tor-talk@lists.torproject.org>; Sun, 27 Jul 2014 16:00:59 +0000 (UTC)
Received: by mail-wi0-f182.google.com with SMTP id d1so3211387wiv.9
 for <tor-talk@lists.torproject.org>; Sun, 27 Jul 2014 09:00:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=from:date:to:subject:message-id:references:mime-version
 :content-type:content-disposition:in-reply-to:user-agent;
 bh=bTZu8xlHO6n0hHuokF+CxK5oAMo5Tty0fzcHX2RSUYc=;
 b=vqkc5F5vzNGGemqwGFwrUrucvIsLncVN0TA5iuk4umgb062cMvkn3zQSvAotLeK7yy
 B/Z609/4tgpqazjmHDoscajmjokn+6jX0xFJ8CAoTg1R2UbwtU1kgbbD13hMLKYd6YI6
 j4KulmZhUWixVSOctB1/2bMpQnFtQotmGJ+iqn50yuq5DiOZQMHCACBRFVmalwKbOvPq
 40zQToemE97I8m8DPopnZ1BXoe62uLC4fvqWZKxpSzphU8qW8fajFPw6mXmC7ogRyTKY
 y1AsbnA+SRsaPH37f0eAYd2i6h/7LRQ7SsTURxyn4EE6Leh8spBZl5qEM0slxKDZ+zXS
 xOCQ==
X-Received: by 10.194.239.135 with SMTP id vs7mr40192385wjc.70.1406476856160; 
 Sun, 27 Jul 2014 09:00:56 -0700 (PDT)
Received: from localhost (exit2.telostor.ca. [62.210.74.186])
 by mx.google.com with ESMTPSA id fe5sm4114441wjc.12.2014.07.27.09.00.54
 for <tor-talk@lists.torproject.org>
 (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Sun, 27 Jul 2014 09:00:55 -0700 (PDT)
From: Matthew Finkel <matthew.finkel@gmail.com>
X-Google-Original-From: Matthew Finkel <Matthew.Finkel@gmail.com>
Date: Sun, 27 Jul 2014 16:00:49 +0000
To: tor-talk@lists.torproject.org
Message-ID: <20140727160046.GA29192@localhost>
References: <53D16B7A.6000100@cpunk.us> <20140724203626.GS7408@moria.seul.org>
 <53D177B8.4010306@riseup.net>
 <20140725231953.GR7899@patternsinthevoid.net>
 <CAD2Ti28Ed0jtRmTWxd3FNiA52xMfJbwdFTy+JBVJ=MqDkr8HiA@mail.gmail.com>
 <53D355B3.2060800@riseup.net>
 <0f0bde22-6ca2-4cb2-9219-937e754ee3c1@email.android.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <0f0bde22-6ca2-4cb2-9219-937e754ee3c1@email.android.com>
User-Agent: Mutt/1.5.20 (2009-06-14)
Subject: Re: [tor-talk] Why does requesting for bridges by email require a
 Yahoo or Gmail address?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Sun, Jul 27, 2014 at 02:09:52AM -0400, The Caped Wonderwoman wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> The difficulty of obtaining a Riseup account may be prohibitive for a lot of people, especially if they need a bridge quickly for whatever reason. Anecdotally, I requested one under a different identity over a week ago and have yet to hear back. In some situations, that's an eternity, and while I'm sure it would go more quickly with an invite, that presupposes knowing someone who has one to offer.
> 

An important point, that I don't think was mentioned previously, is that
Riseup cannot be a substitute for gmail and yahoo mail. The latter
are two service providers which place very few restrictions on the
users. Riseup, on the other hand, only accepts people who either
honestly have similar political and social ideals or they lie. Granted,
if an adversary is trying to surveil or track users then they probably
won't have any problem with deception and lying during the application
process. However, this does raise the bar for entry into retrieving
the specific bridges which are only distributed to riseup users.

> As a side note, I'm always slightly surprised by how few mentions Zoho gets. They're nowhere near perfect, but compared to Google, Yahoo, and such, at least they don't mine your email for targeted advertising, they have a business model where the user is the customer, and their privacy policy is readable and honest ("we'll log your IP and fingerprint your browser to see where you go and what you do on our site, but we won't read your mail or follow you around the Internet"). http://www.zoho.com/privacy.html
> 

I hadn't heard of them. The account creation process seems simple,
sadly the captchas are not very difficult, either. I'm not saying
they're not usable, only that this seems like an easy target for
powerful adversaries. They also have offices in the US and China,
which could cause other problems.

Before we start whitelisting many new email providers, we should
define exactly which criterion we are looking for and what
percentage of the bridges we should allocate to the provider based
on which criteria they meet. We need a system that is usable by the
masses but also one that doesn't render the majority of the system
useless because someone/something was able to enumerate most of the
bridges.

> 
> On July 26, 2014 3:16:03 AM EDT, Mirimir <mirimir@riseup.net> wrote:
> >On 07/25/2014 11:31 PM, grarpamp wrote:
> >
> ><SNIP>
> >
> >> Do we underestimate the social net in oppressed that gives
> >> them awareness of tor, and to obtain binary and share bridge
> >> info in the first place?
> >
> >Maybe we do. But what about carelessness, poor judgment and the
> >prevalence of informers? Wouldn't it be better to have a system that
> >protected bridges by design?
> >
> >> Or that oppressor will not burn $cheap govt SIM and IP army
> >> to get and block bridges from gmail to @getbridges?
> >
> >Right. Requiring hard-to-get email addresses does make it harder to get
> >bridge IPs. But who does that impact the most, potential users or
> >adversaries? Is there relevant evidence?
> >
> >> This is difficult.
> >
> >Indeed.
> >
> >Please excuse the repetition, but DNS-based fast flux (Proximax) with
> >selection-based dropping of domain names associated with bridge
> >blocking
> >is the best possibility that I've seen. Rather than trying to prevent
> >adversaries from joining the system, it recursively isolates based on
> >behavior.
> >
> ><SNIP>
> >--
> >tor-talk mailing list - tor-talk@lists.torproject.org
> >To unsubscribe or change other settings go to
> >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> 
> - --
> Sent from my Android device with K-9 Mail. Please excuse my brevity. And the cape.
> -----BEGIN PGP SIGNATURE-----
> Version: APG v1.1.1
> 
> iQJMBAEBCgA2BQJT1JewLxxDYXBlZCBXb25kZXJ3b21hbiA8Y2FwZWRfd29uZGVy
> d29tYW5Aem9oby5jb20+AAoJEBgm0LqZNaXf6wkP/Ap8j0gJ1drQ/vywryb09lPb
> tFqS1X4yFq6Drf5188DAl588SXUyTHEfYimXeNMEIjmg2Q013BrnOPY6BdLl/wPe
> 0aIiqo+iiLtuqZL+eihivPfTOThO3zjY7ZKC6AhEZf2yO8fbinome38KSZ5ToNoV
> EJcwmrL97HFQVE8Ik6JVmTmsG1San1g8I6DhxdkN/hkWy6aBt2iGdypCWe0vez2O
> YwtKdoCc5PmAKVvnszeOHutcg6FVQ8o+sJLXZU04lq3FLH1RbR5I8+r9EEa+TuZ+
> D8A5vfS4xeUFDmMpF6khOVK6ddjnsJwSc1PxY6Eqvzokg7Q8lyNxy+H8aD9WMpaK
> gG6bx1AH9YqxB1GCx924zimA+XwgYdFCv/fwmF6QdoLmLnqWUEYd8FJmjJlDsgCq
> Z4f3HflzfQTehh2Q6uB/KzcDhreOXQrFSlpvO4keb5iDRjqOh4cbrFdUZFMLN/+j
> Ny2maBjrQFl8P5Boh5vLQiQlYnWPiQH4B+Ycsy942eoTY8sUL8e0psGYBCXx+I+H
> qe4DityZ73pV6pvfX18kWv9aejML1hFri5dZX2v2Z5HVNftdTA6cXEZynrMd8kO8
> WBGnkWyiwYUO65UeK5vycdUKQ2sLd0pCnYhKKfzK6q4W+bdFtXPnnOcHXCtpaWGu
> VM50oYhzhQOO/kZTr2BO
> =A/UT
> -----END PGP SIGNATURE-----
> 
> 
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

