RE: Distribution of bridge information
We already rate limit requests and what we serve from the bridge database. Captchas don't stop crawling, especially since it appears in China's case, they have people doing the crawling, not scripts. The main point is a machine is faster than human to crawl. Captchas don't stop crawling but reduces the time needed to gather the information. Moreover, using Captcha's may prevent the rise of generated block-lists everywhere, it's always easier (and tireless) to write a script than add manually top a list 3 IP addresses a day. _ Nouveau Windows 7 : Simplifiez votre PC ! Trouvez le PC qui vous convient. http://clk.atdmt.com/FRM/go/181574580/direct/01/
RE: Distribution of bridge information
I think we should implement a captcha ASAP on bridges.torproject.org. I don't know why it hasn't been done it's a big security hole for the whole network. Date: Mon, 2 Nov 2009 08:54:53 -0500 Subject: Distribution of bridge information From: ryand...@gmail.com To: or-t...@seul.org I was playing around with an idea of how to distribute bridge information on a mass scale without censor groups being able to automate the process of collecting and filtering the bridges. I came up with a pretty simple script that contacts bridges.torproject.org, grabs some bridge info, and obfuscates it using the same methods that CAPTCHA systems use to obfuscate images. Now people can read the bridge info, but machines can't(most of the time). I've put this together as a Wordpress plugin that is available at http://wordpress.org/extend/plugins/obfuscator/ What this plugin does is grab bridge information, cache it, and obfuscate it for display on your blog. Since that bridge information won't update for that IP, the plugin only contacts the site about once a day for new information. My goal here is to allow people everywhere to help distribute bridge information without increasing the chance it will be filtered. This will hopefully help people in firewalled countries be able to get on the Tor network a little easier. I'm interested in your thoughts and comments and criticisms. Is this a good idea? Do you think people will use it and it will be beneficial? Is it good but needs improvement? Also where else could bridge information be grabbed from(rss, twitter, etc)? Thanks for any comments! _ Nouveau! Découvrez le Windows phone Samsung Omnia II disponible chez SFR. http://clk.atdmt.com/FRM/go/175819072/direct/01/
Re: Distribution of bridge information
On Tue, Nov 3, 2009 at 4:08 AM, hgiuh ghj h106...@hotmail.com wrote: I think we should implement a captcha ASAP on bridges.torproject.org. I don't know why it hasn't been done it's a big security hole for the whole network. It will give the same 3 bridge IP's to the same requesting IP address for almost a whole day, so you only lose 3 addresses at a time. This could still be taken advantage of, especially by an organization controlling many IPs. I agree though, hopefully we can gather more, and better, algorithms to put in this library. Then build systems like this to help hide the bridge IPs. Nouveau! Découvrez le Windows phone Samsung Omnia II disponible chez SFR. Cliquez ici http://clk.atdmt.com/FRM/go/175819072/direct/01/
Re: Distribution of bridge information
On 11/03/2009 04:08 AM, hgiuh ghj wrote: I think we should implement a captcha ASAP on bridges.torproject.org. I don't know why it hasn't been done it's a big security hole for the whole network. We already rate limit requests and what we serve from the bridge database. Captchas don't stop crawling, especially since it appears in China's case, they have people doing the crawling, not scripts. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
