[tor-bugs] #16671 [BridgeDB]: Design a new Bridge Distributor for Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Sep 23 03:23:13 UTC 2015


#16671: Design a new Bridge Distributor for Tor Browser
----------------------------+----------------------------------------------
     Reporter:  isis        |      Owner:  isis
         Type:              |     Status:  new
  enhancement               |  Milestone:
     Priority:  normal      |    Version:
    Component:  BridgeDB    |   Keywords:  bridgedb-dist, tor-browser-wants
   Resolution:              |  Parent ID:
Actual Points:              |
       Points:              |
----------------------------+----------------------------------------------

Comment (by elypter):

 a few opinions

 Replying to [ticket:16671 isis]:
 >   * Should all points on the Distributor's hashring be reachable at a
 given time (i.e., should there be some feasible way, at any given point in
 time, to receive any and every Bridge allocated to the Distributor)?
 >   * Or should the Distributor's hashring rotate per time period?  Or
 should it have sub-hashrings which rotate in and out of commission?
 dont provide all bridges at the same time even for different ips. if an
 adversary is enumerating all available bridges for one time and they are
 blocked immediately then bridgedb would have a chance to react and not all
 bridges will be blocked from one second to the other so some people in a
 country will still be able to communicate.

 >   * Should it attempt to balance the distribution of clients to Bridges,
 so that a (few) Bridge(s) at a time aren't hit with tons of new clients?
 rotation should be faster when more people who could need bridges are
 using tor. for example rotate faster during the afternoon and evening time
 in china.
 ipranges from countries who need bridges should get more bridges assigned

 >   * Should it treat users coming from the domain front as separate from
 those coming from elsewhere?  (Is is even possible for clients to come
 from elsewhere?  Can clients use Tor to reach this distributor?  Can Tor
 Browser connect directly to BridgeDB, not through the domain front? See
 #16650)
 if the distributor detects access that is not possible to come from a
 normal user then its either an adversary or a developer. either hand out
 no bridges, fake bridges or a very small set of bridges.

 >   * If we're going to do autoprobing, should it still give out a maximum
 of three Bridges per request?  More?  Less?
 even if its not impassable barrier there should at least be a captcha so
 an adversary at least has to do some coding or manual work. there should
 also be rate limiting. if there is a rate limit then it would be better to
 only give out 1 bridge at a smaller interval.
 hand out wrong bridges when the captcha is wrong so an algorithm cannot
 learn.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16671#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list