BridgeDB e-mails should be encrypted when possible
View options
Looks like the opposition is using BridgeDB e-mails to enumerate bridges:
/**
* Database Tor bridge information extracted from confirmation emails.
*/
fingerprint('anonymizer/tor/bridge/email') =
email_address('bridges@torproject.org')
and email_body('https://bridges.torproject.org/' : c++
extractors: {{
bridges[] = /bridge\s([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}):?([0-9]{2,4}?[^0-9])/;
}}
init: {{
xks::undefine_name("anonymizer/tor/torbridges/emailconfirmation");
}}
main: {{
static const std::string SCHEMA_OLD = "tor_bridges";
static const std::string SCHEMA_NEW = "tor_routers";
static const std::string FLAGS = "Bridge";
if (bridges) {
for (size_t i=0; i < bridges.size(); ++i) {
std::string address = bridges[i][0] + ":" + bridges[i][1];
DB[SCHEMA_OLD]["tor_bridge"] = address;
DB.apply();
DB[SCHEMA_NEW]["tor_ip"] = bridges[i][0];
DB[SCHEMA_NEW]["tor_port_or"] = bridges[i][1];
DB[SCHEMA_NEW]["tor_flags"] = FLAGS;
DB.apply();
}
xks::fire_fingerprint("anonymizer/tor/directory/bridge");
}
return true;
}});
// END_DEFINITION(from http://daserste.ndr.de/panorama/xkeyscorerules100.txt)
There should be a way users requesting bridges can supply a PGP key to which the response should be encrypted.