[tbb-bugs] #23136 [Applications/Tor Launcher]: moat integration (fetch bridges for the user)

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Feb 27 03:03:00 UTC 2018

#23136: moat integration (fetch bridges for the user)
 Reporter:  mcs                        |          Owner:  brade
     Type:  defect                     |         Status:  needs_review
 Priority:  Very High                  |      Milestone:
Component:  Applications/Tor Launcher  |        Version:
 Severity:  Normal                     |     Resolution:
 Keywords:  TorBrowserTeam201802R      |  Actual Points:
Parent ID:  #24689                     |         Points:
 Reviewer:                             |        Sponsor:  Sponsor4

Comment (by mcs):

 Replying to [comment:49 gk]:
 > 1) If I've been using meek just once in a session (could have been days
 or weeks ago I guess) and then try to request bridges I am getting the
 cryptic error mentioned in comment:40.

 Good catch. It seems that Kathy and I were so focused on the "first run"
 experience that we overlooked this scenario. The bad news is that I don't
 think it is easy to fix. The way meek is currently used inside Tor Browser
 does not allow for the possibility of two independent meek clients running
 at the same time (they want to share the meek-http-helper browser profile,
 which will not work). Kathy and I see a few ways to fix this:
 a) Use a separate browser profile for the meek browser when it is used for
 Moat (this requires a fix for #12716 and possibly other things inside
 b) Give up on using the secondary browser and use meek-client to
 obfs4proxy's meek_lite mode for Moat. This has the downside that the TLS
 fingerprint will not match Firefox's when doing Moat).
 c) Modify Tor Launcher to kill the tor daemon before using Moat. But this
 might have undesirable side effects because some other part of the browser
 may be using the Tor network (e.g., for a file download). Also, while Tor
 Launcher knows how to restart tor if it is killed, it might be difficult
 to make sure we kill and restart tor in a robust fashion when we are in
 the middle of configuring settings.
 Kathy and I are currently in favor of pursuing a) but could be convinced
 to do something else.

 > 2) Worse than 1): If I request bridges but then don't close the dialog
 but switch to use meek-{amazon,azure} havoc is breaking loose: my tor
 daemon is shut down, I get multiple error messages a la the one in
 comment:40 and after closing Tor Browser I need to manually kill meek-*

 We are able to reproduce this now but have not determined the root cause
 yet. It may just be a race that occurs while the Moat processes are
 shutting down and the other meek ones are starting up, in which case the
 solution for 1) should also fix this problem.

 > 3) If I have bridges fetched I might want to change my mind and enter a
 custom bridge. However, I trigger one of the sanity checks for the bridge
 entry (Is it really an IP-address? etc.). Upon failure I want to go back
 and select the just fetched bridges. But now I am suddenly re-requesting
 them. I think the better behavior would be to only re-request them if I
 really had configured the custom bridge properly (like we do when
 selecting and *using* one of the default bridges). See 4) for a related
 but more general point.

 We included code to discard the BridgeDB bridges (obtained via Moat) if
 you click Connect and are not using them. But it would probably be more
 consistent to keep them around but not use them in the scenario you
 described; that way users can change their mind without much penalty.

 > 4) I noticed more than once while testing (to my surprise, even though
 that one was declining over time) that the moat radio button is behaving
 quite differently than the other two: It's immediately doing things, i.e.
 requesting bridges while the other two options are allowing you to select
 between different options or to enter own details. I can see why we did
 this in case the user has no bridges fetched yet and wants to have those.
 But still this option seems to run counter to the model we use for the
 whole remaining dialog: select an option and click "OK" so the thing the
 text of the radiobutton says gets done. Moreover, I fear that by
 accidentally selecting this option a user might leak network traffic they
 don't want to, let alone that we add unnecessary traffic/other costs for
 BridgeDB. So, at least after the user got some bridges (and even used
 them?) we could change that behavior?

 Since you think there is potential for confusion and some risk of a
 network leak, we should change the UI to require a second click.

 > How about renaming the text to something like "Use a BridgeDB bridge" or
 something and then showing the available bridges with the "Request a New
 Bridge" when the option is selected? Sure, this would be one click more to
 get bridges from BridgeDB, at least for the first time, but I think given
 my points above I am inclined to say that's okay. (However, I might need a
 refresher on why we thought we should design it the way it is right now,
 if we did that.)

 I think the only reason it works how it does right now is that we were
 trying to stay faithful to Linda's design, which tried hard to reduce the
 number of clicks needed (by removing the wizard and generally streamlining
 things). But let's require the second click. Kathy and I have two
 questions though:
 a) What do you mean by "then showing the available bridges?" Do you mean
 offering a choice of bridge types (e.g., obfs3, obsf4) or do you mean
 showing bridges that the user has already obtained?
 b) What text should we use for the radio button label? Introducing
 "BridgeDB" without explaining it does not seem ideal, although the current
 design is somewhat cryptic as well. And it would be nice to keep the word
 "Request" because it avoids making the user think they need some knowledge
 ahead of time to use the middle radio button. Anyway, Kathy and I will see
 what we come up with for the label.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23136#comment:55>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list