I run a bridge from a "semi-static" home internet account, where the address is dynamically assigned but only changes when either the ISP or my hardware router goes down and forces a reconnect, which only happens maybe once every several months. I've read in a few places that Tor bridges with dynamic IP addresses are just as useful as those with static addresses, even if their address changes pretty often, because the bridge user's client will use the bridge's fingerprint to look up its current address and port from the bridge authority if it fails to connect. How certain are we that this is actually happening? It's not the behavior I'm seeing here. My IP address has changed maybe 3 times in the last year, once for an ISP outage after a storm, and for a couple of hardware router firmware updates on my end. In each case, my bridge's traffic plummeted back to essentially nil, with a long slow regrowth over several weeks (or months!) as the new address slowly propagated around to a new set of users. I like to monitor the "Who has used my bridge?" status from Vidalia, and I get a real heartwarming glow when I see places like Syria and Iran showing up regularly. I've had a nice steady clientele keeping my bridge pretty busy for the past few months, and then yesterday I needed to do a firmware update, and *pfft* all my clients are gone again and I'm back to square one. Sigh. What's worse, I then picture that hypothetical Syrian civil rights dissident who's come to rely on my bridge always being there, suddenly being stranded without a connection and needing to scramble to find another one. Unnecessarily, as I was back up in minutes, just with a new address. It's pretty clear that the mechanism for clients to refresh their bridge's addresses is there, but I'm doubting that it's actually working right. I can think of two main failure modes: either the fingerprint isn't being distributed (or entered), leaving the user with just the current IP address and port with no way to query the bridge authority for an update. Or it's being entered, but not actually used by the client. For the first, BridgeDB does distribute the fingerprints, but I note that the docs/bridges.html.en page mentions that it's optional, but then doesn't say anything about what it's good for or why you should include it, so I wonder if many users just don't bother, especially if they need to query BridgeDB from a different PC than they run their own copy of TBB on and can't easily copy & paste the whole thing. Also, it seems the email responder channel doesn't even give out the fingerprints at all, leaving all those users automatically without updates. I don't know the distribution split between BridgeDB site queries and email queries, so it's hard to guess the impact of that lack, but it seems like something that could be easily fixed regardless. Probably more critical though, is the second option. Why would the fingerprint not be used if it was entered? Maybe some key option got disabled somehow? If I'm reading the torrc manual right, there's an option called UpdateBridgesFromAuthority that controls exactly this behavior... and it defaults to off. And to see how it ends up being set in the actual TBB, I installed that and checked its torrc, and it's not in there either, so apparently it stays disabled. "Well, there's your problem..." So am I missing something, or has this feature somehow fallen through the cracks and ended up accidentally disabled for the vast majority of all bridge users? It seems like this must be having a pretty serious impact on overall bridge usage, as I was under the impression that a big percentage of bridges are run off of dynamic address accounts, and many of those will be changing addresses more often than mine, maybe as frequently as daily in the worst cases. And every time they do, they lose their entire clientele and have to restart the long, slow ramp up to a new user base again from scratch. This kind of forced, pointless churn can't possibly be good for the network. How many bridge operators are we losing every year because they never see significant traffic due to changing IP addresses too often? And if they ask about it, they're just told, "Sure, dynamic IP is fine, just be patient and they will come." And what's the impact on the bridge users of having their bridge connections going bad so much more often than they should? I think simply getting a bridge address might be a risk exposure for many of these people, and making them do it more often could be dangerous for them. Or maybe I'm just totally misreading this, and my own experiences of losing all my bridge clients on each change aren't typical, but are due to some other unknown singular issue. How about you other bridge providers, how many of you are on dynamic IP addresses, and have you noticed a similar huge drop in traffic after a change, or does your traffic seem to snap back pretty quickly as it should?