Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Trac Trac
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Service Desk
    • Milestones
  • Packages and registries
    • Packages and registries
    • Container Registry
    • Model experiments
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • Legacy
  • TracTrac
  • Issues
  • #28496

Consider dropping yahoo from the bridgedb email domains

As I understand it, right now bridgedb will respond to email bridge requests from three domains: riseup, gmail, and yahoo.

We chose those three originally since they all seemed to have pretty good sybil protection for account creation.

But I bet yahoo has fallen behind the other two on its account creation protections.

We should explore how much use we're seeing from each of the three domains we allow, just to get a handle on the current situation. But even if we see a lot of use, that doesn't mean it's used by a lot of users, since high activity could also indicate high use by an enumerating attacker.

But we might also see little use from yahoo, in which case this is an easier call.

And then we should consider disabling the yahoo part.

(We might also want to add a few more domains -- and for that we should first look at what countries (a) need non-default bridges, and (b) censor the bridges.torproject.org website. And then open separate tickets.)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking