[tor-bugs] #13727 [BridgeDB]: BridgeDB should not distribute Tor Browser's default bridges

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Nov 10 20:36:14 UTC 2014 

#13727: BridgeDB should not distribute Tor Browser's default bridges
--------------------------+----------------------------------------
     Reporter:  isis      |      Owner:  isis
         Type:  defect    |     Status:  needs_information
     Priority:  normal    |  Milestone:
    Component:  BridgeDB  |    Version:
   Resolution:            |   Keywords:  bridgedb-dist, tbb-bridges
Actual Points:            |  Parent ID:
       Points:            |
--------------------------+----------------------------------------
Changes (by isis):

 * status:  new => needs_information


Comment:

 The technical implementation of this could be as simple/kludgey as
 creating a list of fingerprints of all bridges which have ever been TB-
 default bridges, and, should BridgeDB come across one of these
 fingerprints either while parsing or distributing, skip it.

 The nicer, but more difficult, way to do this seems to be to implement
 something like #4026 and create a `torbrowser` bridge pool in BridgeDB
 which is never distributed, or a little-t tor modification to add a
 `BridgeDistribution [https|email|tbdefault|any|none]` line to server-
 descriptors as described in #13504:

 Replying to [ticket:13504 isis]:
 > […]
 >
 > Additionally, if bridge operators wish to give us metrics but are firmly
 against their bridges being distributed by BridgeDB, I can either:
 >
 >   1. Create a `torbrowser` bridge pool in BridgeDB, which is never
 distributed.
 >
 >      This would only be a short-term doesn't-require-little-t-tor-
 patches hack. I don't really want to do this. However, if the bridge
 operators for Tor Browser bundle bridges ''really'' don't want to be
 distributed by BridgeDB, I am willing to do it.
 >
 >   2. Add a torrc option, `BridgeDistribution [https|email|any|none]`,
 [https://lists.torproject.org/pipermail/tor-dev/2014-October/007614.html
 as described on the mailing list] and BridgeDB patches to disable
 distribution for bridges whose descriptors say `BridgeDistribution none`.
 >
 >      This would allow bridge operators to provide metrics without being
 publicly distributed by BridgeDB, and would likely only effect bridges
 running tor-0.2.6.x.
 >
 >      The default would be `BridgeDistribution any`, which would allow
 BridgeDB to choose how your bridge is distributed.
 >
 >      Using `BridgeDistribution [https|email]` would allow a bridge
 operator to override BridgeDB's decision.
 >
 >      Using `BridgeDistribution none` would instruct BridgeDB to either
 toss out your bridge's descriptor rather than putting them into the
 databases (or adding them to the `'unallocated'` pool, depending on how we
 wish to implement this).
 >

 So, now we should probably decide which of these options (or others that
 someone else comes up with) that we want to do.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13727#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list