[tor-bugs] #31252 [Circumvention/BridgeDB]: Equip BridgeDB with anti-bot mechanism
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Aug 16 18:28:46 UTC 2019
#31252: Equip BridgeDB with anti-bot mechanism
------------------------------------+-----------------------------
Reporter: phw | Owner: phw
Type: enhancement | Status: merge_ready
Priority: Medium | Milestone:
Component: Circumvention/BridgeDB | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points: 4
Reviewer: cohosh | Sponsor:
------------------------------------+-----------------------------
Comment (by phw):
Replying to [comment:2 cohosh]:
> This looks good to me. Do we need to add this to the
[https://gitweb.torproject.org/torspec.git/tree/bridgedb-spec.txt
specification]?
[[br]]
We probably should. The spec seems in dire need of an overhaul. I filed
#31426 for this.
[[br]]
> I'm interested in how the decisions on what headers to blacklist will be
made. Since the files are meant to not be public, is there some process we
go through to add new things to the blacklist or ensure that we're not
introducing too many false positives here?
[[br]]
Hmm, good question. I suggest that we bring up the overall approach in our
weekly meeting (i.e., that we start using regular expressions to look for
bot requests) and coordinate the specific regular expressions among
ourselves, in private. Does this sound reasonable? Do we have a better
idea?
[[br]]
> The idea of giving out a decoy bridge is very nice. It would be
interesting to see where/when this bridge gets blocked.
[[br]]
Yes, I intend to set up a private bridge for this purpose.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31252#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list