Cypher: > With the recent discussion about what your ISP can see when you use Tor, > I ended up on the Tor Bridges page. On that page is the following statement: > > "I need an alternative way of getting bridges! > > Another way to get bridges is to send an email to > [email protected]. Please note that you must send the email using > an address from one of the following email providers: Gmail or Yahoo." > > In light of the last year of disclosures by Edward Snowden, why is Tor > requiring that I establish an account with an email provider that is > completely out of my control and has a general history of complying with > law enforcement data requests? Why those two providers specically? > > Note to conspiracy theorists: I am NOT intimating that Tor is in cahoots > with the government in any way and that's why they're requiring Yahoo > and Gmail so don't bother going there. > > Can anyone shed some light on this? > > Thanks, > Cypher >
Because it's about different threat models and use cases. Usually bridges are used by countries that are "unfriendly" with US - for example China. US services gmail / yahoo won't cooperate with China. That may or may not be true, but for the use case at hand, that is simple censorship circumvention it works. On the other hand, your use case is interpreted by me as "I live in some western country (ex: US), recently read the news, that using the public Tor network will mark you as extremist in NSA database. Bad. Bridges hide Tor, no? So isn't it an oxymoron to ask for gmail / yahoo accounts then?" - Oxymoron on first sight, but there is none. Using private and obfuscated bridges alone doesn't provide strong guarantees of hiding the fact you are using Tor from your ISP. Quote [1] [2] Jacob Appelbaum: > Some pluggable transports may seek to obfuscate traffic or to morph it. However, they do not claim to hide that you are using Tor in all cases but rather in very specific cases. An example threat model includes a DPI device with limited time to make a classification choice - so the hiding is very specific to functionality and generally does not take into account endless data retention with retroactive policing. Cheers, Patrick [1] https://mailman.boum.org/pipermail/tails-dev/2013-April/002950.html [2] http://www.webcitation.org/6G67ltL45 -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
