[tor-bugs] #31873 [Circumvention/BridgeDB]: Create new bridge distribution mechanisms
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Sep 26 22:42:26 UTC 2019
#31873: Create new bridge distribution mechanisms
----------------------------------------+-----------------------
Reporter: phw | Owner: (none)
Type: project | Status: new
Priority: High | Milestone:
Component: Circumvention/BridgeDB | Version:
Severity: Normal | Keywords: s30-o23a1
Actual Points: | Parent ID: #31280
Points: 20 | Reviewer:
Sponsor: Sponsor30-can |
----------------------------------------+-----------------------
BridgeDB currently has three bridge distribution mechanisms: Email, HTTPS,
and moat. Email is problematic because its interaction mechanism is
complicated, not everyone has a Gmail or Riseup address, and it's easy to
crawl. HTTPS is problematic because bridges.torproject.org is blocked in
most places that matter and our CAPTCHA is good at keeping out users
(#29695) but not so good at keeping out bots (#31252). Moat remains
relatively useful because it uses domain fronting but it still relies on a
CAPTCHA to fight off bots.
It's time to think about new and/or significantly improved bridge
distribution methods. How can we get bridges into the hands of users while
making it difficult for adversaries to get them all? How can we make
BridgeDB's CAPTCHA more resistant against bots and easier for users?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31873>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list