> Because we need an adequately popular provider that makes it hard to > generate lots of addresses. Otherwise an attacker could make millions > of addresses and "be" millions of different people asking for bridges.
I know this is the reason, but there are still captchas, right? Also, I think this list needs to be expanded. > (Also, it recently became clear that it would be useful for people to > access this provider via https, rather than http, so a network adversary > can't just sniff the bridge addresses off the Internet when the user > reads her mail. I'm not sure if gmail is safe against this recent adversary, regardless of the protocol. -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
