Opened 4 months ago

Last modified 6 weeks ago

#28496 assigned enhancement

Consider dropping yahoo from the bridgedb email domains

Reported by: arma Owned by: dgoulet
Priority: Medium Milestone:
Component: Obfuscation/BridgeDB Version:
Severity: Normal Keywords: bridgedb
Cc: Actual Points:
Parent ID: Points: 1
Reviewer: Sponsor: Sponsor19

Description

As I understand it, right now bridgedb will respond to email bridge requests from three domains: riseup, gmail, and yahoo.

We chose those three originally since they all seemed to have pretty good sybil protection for account creation.

But I bet yahoo has fallen behind the other two on its account creation protections.

We should explore how much use we're seeing from each of the three domains we allow, just to get a handle on the current situation. But even if we see a lot of use, that doesn't mean it's used by a lot of users, since high activity could also indicate high use by an enumerating attacker.

But we might also see little use from yahoo, in which case this is an easier call.

And then we should consider disabling the yahoo part.

(We might also want to add a few more domains -- and for that we should first look at what countries (a) need non-default bridges, and (b) censor the bridges.torproject.org website. And then open separate tickets.)

Child Tickets

Change History (3)

comment:1 Changed 3 months ago by gaba

Keywords: bridgedb added

comment:2 Changed 2 months ago by gaba

Owner: sysrqb deleted
Points: 1
Status: newassigned

comment:3 Changed 6 weeks ago by dgoulet

Owner: set to dgoulet
Note: See TracTickets for help on using tickets.