[tor-bugs] #18329 [Tor]: Let bridges indicate when they don't want BridgeDB to distribute their address

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Feb 17 14:16:40 UTC 2016 

#18329: Let bridges indicate when they don't want BridgeDB to distribute their
address
-----------------------------+------------------------
     Reporter:  karsten      |      Owner:
         Type:  enhancement  |     Status:  new
     Priority:  Medium       |  Milestone:
    Component:  Tor          |    Version:
     Severity:  Normal       |   Keywords:  tor-bridge
Actual Points:               |  Parent ID:
       Points:               |    Sponsor:
-----------------------------+------------------------
 Right now, bridges can decide whether they want to be a public bridge that
 gets distributed via BridgeDB or a private bridge that only gets used by
 clients who learn its address via some other, private channel.  The
 default is that a bridge is a public bridges, unless it sets
 `PublishServerDescriptor 0` in its `torrc` file.  This works fine with
 respect to BridgeDB not distributing private bridges.  But a lesser known
 problem is that a bridge that doesn't publish its descriptor also does not
 contribute to bridge usage statistics on Metrics that are based on bridge
 extra-info descriptors.

 The major use case that comes to mind is a bundled bridge whose address is
 shipped together with Tor Browser or another application.  In the past we
 tried to remind operators of these bridges to also publish descriptors, so
 that their statistics are included on Metrics.  But it turns out that some
 censors, who carefully scrape bridge addresses from BridgeDB, do not
 extract bridge addresses from the various bundles.  Still, bundled bridges
 see a large number of bridge users and we should really include them in
 the statistics.

 Another use case could be private bridges that somebody sets up for
 themselves and their friends.  Maybe these operators would be fine
 contributing to the statistics if that doesn't automatically mean they
 need to share their bridge with other users.

 I think this feature is relatively easy to build.  We would need:

  - a new descriptor line "bridgedb off", or something even more intuitive
 and extensible, that tells BridgeDB that this bridge's address should not
 be distributed,
  - a new torrc option or extension of an existing option, maybe
 "PublishServerDescriptor bridge-auth" or, again, something more intuitive,
 to include the line above in the descriptor, and
  - an extension of BridgeDB to ignore bridges with this line when parsing
 descriptors.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18329>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list