Lunar transcribed 2.1K bytes:
isis:
PS: why are we still shipping obfs2 bridges?!
tl;dr: Because we have them.
The protocol is known to be broken and fingerprintable. That's something we know. Not users. If BridgeDB is giving them out, then it must be that it's ok to use, right?
It still works to get past many corporate/university firewalls, from what I understand. And the UI clearly says that "obfs3" is recommended. It even defaults to giving "obfs3" if you ask for transports. You'd have to specifically request "obfs2" to get them.
We can't just make Tor Browser stop accepting obfs2 because some people are using obfs2 bridges right now. But we shouldn't add more people to the set of users of a broken protocol.
Obfs3 is also "broken", it's just that we haven't yet seen a DPI box do it IRL. If you want me to only hand out the holy grail, I'm never going to hand anything out.