[tor-bugs] #28015 [Applications/Tor Browser]: Brainstorm improved ux for orgs that want to give bridges to their people

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Mar 12 12:59:55 UTC 2019 

#28015: Brainstorm improved ux for orgs that want to give bridges to their people
-----------------------------------------------+---------------------------
 Reporter:  arma                               |          Owner:  tbb-team
     Type:  defect                             |         Status:  new
 Priority:  Medium                             |      Milestone:
Component:  Applications/Tor Browser           |        Version:
 Severity:  Normal                             |     Resolution:
 Keywords:  ux-team, education, documentation  |  Actual Points:
Parent ID:                                     |         Points:
 Reviewer:                                     |        Sponsor:  Sponsor19
-----------------------------------------------+---------------------------

Comment (by eighthave):

 == Network Traffic

 The different URL formats can directly cause network traffic.  If a user
 clicks on an HTTP link with a valid domain name, that will go to a
 browser, and try to load a page.  Any URL format could indirectly cause
 network traffic, e.g. an app could accept a `bridge:` URL and then send
 the traffic itself to the network.  That is out of scope here, since there
 is nothing we can do about it within the URL format and the code that
 generates and accepts these URLs.

 https://bridges.torproject.org is the one format as laid out in #15035,
 that can cause network traffic.  We do have a little control over what
 data is sent to the network:


 ** "Query String" (everything after {{{?}}})**

 *
 https://bridges.torproject.org/FD9DAEE45A2FDF70D462914A75ADE99A29957920?transport=obfs4&ip=104.224.78.19&port=443&cert=LSOd9qOffpIFM4az%2Bueou7sY0eQRAsI%2FjoW4QgCl/LSDo2ecQzAQHNu281oAivLDZuTQNA
 &iat-mode=0
 * the browser always sends the Query String to ''bridges.torproject.org''


 **"Fragment"  (everything after {{{#}}})**

 *
 https://bridges.torproject.org/#FD9DAEE45A2FDF70D462914A75ADE99A29957920?transport=obfs4&ip=104.224.78.19&port=443&cert=LSOd9qOffpIFM4az%2Bueou7sY0eQRAsI%2FjoW4QgCl/LSDo2ecQzAQHNu281oAivLDZuTQNA
 &iat-mode=0
 * the browser does not send the Fragment to ''bridges.torproject.org'' by
 default
 * one line of Javascript from the server can fetch the Fragment and send
 it to the server
 * if the browser has Javascript disabled, the Fragment cannot be sent to
 the server

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28015#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list