I have several important questions about the way you provide bridges and one logical feature request coming out from one of these questions. This all related to Russian censorship sircumvention but is also necessary for all other Tor users from restricted areas.
- Why you don’t implement a captcha mechanism on your bridges.torproject.org page, where people request bridge addresses??? Almost a year all bridges that I get from that page are blocked in Russia. I only able to use one old bridge that I got a long time ago and it still works. It’s obviously that they most likely use some automatic mechanism collecting all your bridges from that site ‘cause it even has no simple captcha… Why can’t you implement a complex captcha, let alone a simple captcha as such? Why do you just let them collect all your bridges without any obstacles? So consider it as my feature request.
- About your Telegram bot, providing bridges. Are you really sure that your bridges couldn’t be replaced with some malicious bridges there? In contrast to website bridges, all Telegram bridges work and I ask myself why. If they want all bridges to be blocked then why they can’t collect and block all bridges from the Telegram? It’s already common knowledge that Telegram cooperates with Russian intelligence agencies, at a minimum, and is directly controlled by them, at a maximum. So why can’t they do anything about the bridges there? Or they just want you to think so? Who owns the Telegram bot? - Telegram. So why can’t they quietly replace your bridges there with their malicious ones? Is there anything that gives you confidence that they do not do this?
- Your mechanism for providing bridges via email. It’s already few days since I requested bridges using my gmail and all these two days it returns me an error message that your server refuses connection and it can’t deliver my mail. What’s going on? This could be the only reliable and trustful mechanism for providing bridges, and even it doesn’t work…
- And why only gmail and riseup? Yes, I undersand security side of the question, but why only these two? Ok, it’s undersandable why gmail, but riseup… It’s very difficult to get one for free. Why not add protonmail, for example? It’s not easy to get this one for free too, but not as difficult as riseup. And really, who among us actually has riseup? I’m sure not many.