[tor-bugs] #17626 [BridgeDB]: BridgeDB's email distributor doesn't work if the "get help" text is quoted

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Nov 17 16:20:11 UTC 2015 

#17626: BridgeDB's email distributor doesn't work if the "get help" text is quoted
--------------------------+-------------------------------------------
     Reporter:  isis      |      Owner:  isis
         Type:  defect    |     Status:  new
     Priority:  Medium    |  Milestone:
    Component:  BridgeDB  |    Version:
     Severity:  Normal    |   Keywords:  bridgedb-email ux bridgedb-ux
Actual Points:            |  Parent ID:
       Points:            |    Sponsor:
--------------------------+-------------------------------------------
 Linda and David have been doing studies of user behaviours in laboratory
 censored environments. One user did:

 > 1. Sent "get bridges" in the subject line with a blank body. Didn't
 >    work because the body was blank. Got a reply with the help message.
 > 2. Replied to the help message, typing "get bridges" into the body.
 >    Didn't work because Gmail quoted the help reply below the "get
 >    bridges" line.
 > 3. Sent a brand new fresh email with a blank subject and "get bridges"
 >    in the body. It worked that time.

 For !#1, I am not sure what to do. The bots which try to scrape BridgeDB
 usually try use the subject line and have a blank body, and that was the
 original reason for ignoring the subject line. The second reason is that
 we require DKIM for the email providers we accept (mail.riseup.net,
 mail.yahoo.com, gmail.com), and while a provider can configure DKIM
 signing for the "Subject:" header, it is generally only the case that
 "From:", "To:", and "CC:" are signed.  If we were to use the "Subject:"
 line when it's not DKIM-signed, we would be allowing any server handling
 the email en route to modify it, potentially doing things like giving the
 user a different type of bridges than they actually wanted, or attempting
 in some way to get the user blocked without them getting any bridges.

 For !#2, if this is default Gmail behaviour, then BridgeDB certainly
 should not be forcing users to learn that they must erase the auto-quoted
 help text. This part is definitely bad UX and therefor a bug.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17626>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list