Opened 7 years ago

Closed 6 years ago

#5655 closed task (duplicate)

Request to add gatech.edu to bridge email whitelist

Reported by: SamWhited Owned by:
Priority: Low Milestone:
Component: Circumvention/BridgeDB Version:
Severity: Keywords: bridge, email, gatech
Cc: phobos, arma, sam@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When requesting bridge addresses via the email system, it only accepts emails from gmail.com, yahoo.com, and mit.edu.

I would like to request that gatech.edu be added to the white list. We have a large number of international students, and many of them are from countries that disallow access to US media networks. Having an easy way to get bridge relays would benefit these students, who may otherwise not be able to access U.S. media, and other web services (Twitter, gmail, etc.) from their home countries.

(Ticket opened after discussion on tor-talk mailing list, RE "Tor Public Bridge Email")

Child Tickets

Change History (6)

comment:1 Changed 7 years ago by nickm

Component: Tor BridgeBridgeDB

comment:2 Changed 7 years ago by arma

mit.edu is only there by accident. I was using it for testing. Nobody was supposed to know -- it was not until somebody else added a feature to publish it that everybody noticed.

The goal here is to make sure that it's at least as hard to get an address at that domain as it is to get one at gmail.

So we should probably remove yahoo from the list too.

Can one gatech student/staff make an unlimited set of gatech addresses? If so, that's not so good.

Also, if the goal is to help people in China, China has already over-run this bridge distribution strategy (via gmail and yahoo accounts). So what you should really want is a separate distribution bucket, with its own bridges. Which sounds like a fine thing, except we don't have any developers working on this sort of thing.

Maybe you want to pick up bridgedb and help?

comment:3 Changed 7 years ago by phobos

Cc: phobos arma added; andrew@… removed

with this logic, we should remove gmail too.

Maybe we should simply allow anything with valid dkim headers.

comment:4 in reply to:  3 Changed 7 years ago by arma

Replying to phobos:

with this logic, we should remove gmail too.

And shut down this distribution strategy? Maybe. Still works for non-China users.

Maybe we should simply allow anything with valid dkim headers.

No, you misunderstand. Checking dkim is useful for gettor, so we make it harder to let people make us mailbomb innocent people.

Checking dkim for bridgedb isn't the main goal. It's only to make it harder to let people make us send bridges to innocent people. dkim itself isn't providing the security in the bridgedb case. It's the uniqueness of the gmail usernames that is.

comment:5 in reply to:  2 ; Changed 7 years ago by SamWhited

Cc: sam@… added

Oops, forgot about this issue. Back now.

Replying to arma:

The goal here is to make sure that it's at least as hard to get an address at that domain as it is to get one at gmail.
...
Can one gatech student/staff make an unlimited set of gatech addresses? If so, that's not so good.

The answer to this is "yes and no." Each student has a single address that can't be changed, and they can create unlimited alias' (but only one every 30 days I think). The answer would be to just accept mail from the mail.gatech.edu domain (the one each student only gets one of). The alias' (@gatech.edu) don't matter.

Also, if the goal is to help people in China, China has already over-run this bridge distribution strategy (via gmail and yahoo accounts). So what you should really want is a separate distribution bucket, with its own bridges. Which sounds like a fine thing, except we don't have any developers working on this sort of thing.

Maybe you want to pick up bridgedb and help?

Good point (China was perhaps a bad example). I'd like to get involved with the Tor Project from a development standpoint; perhaps I'll take a look at this if I can find the time (not likely to happen at the moment; most of my OSS work has petered out lately, but you never know).

comment:6 in reply to:  5 Changed 6 years ago by isis

Resolution: duplicate
Status: newclosed

Replying to SamWhited:

Oops, forgot about this issue. Back now.

No worries. :)

Replying to arma:

The goal here is to make sure that it's at least as hard to get an address at that domain as it is to get one at gmail.
...
Can one gatech student/staff make an unlimited set of gatech addresses? If so, that's not so good.

The answer to this is "yes and no." Each student has a single address that can't be changed, and they can create unlimited alias' (but only one every 30 days I think). The answer would be to just accept mail from the mail.gatech.edu domain (the one each student only gets one of). The alias' (@gatech.edu) don't matter.

I´m marking this ticket as a duplicate of #1562, which is more general. I added this info there.

Also, if the goal is to help people in China, China has already over-run this bridge distribution strategy (via gmail and yahoo accounts). So what you should really want is a separate distribution bucket, with its own bridges. Which sounds like a fine thing, except we don't have any developers working on this sort of thing.

Maybe you want to pick up bridgedb and help?

Good point (China was perhaps a bad example). I'd like to get involved with the Tor Project from a development standpoint; perhaps I'll take a look at this if I can find the time (not likely to happen at the moment; most of my OSS work has petered out lately, but you never know).

Note: See TracTickets for help on using tickets.