[tor-bugs] #30941 [Circumvention/BridgeDB]: Need better instructions for requesting bridges via email
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Mar 26 01:12:21 UTC 2020
#30941: Need better instructions for requesting bridges via email
-------------------------------------------------+-------------------------
Reporter: pili | Owner: sysrqb
Type: defect | Status:
| needs_review
Priority: Medium | Milestone:
Component: Circumvention/BridgeDB | Version:
Severity: Normal | Resolution:
Keywords: ux-team, s30-o22a2, anti- | Actual Points:
censorship-roadmap-2020Q1 |
Parent ID: #31279 | Points:
Reviewer: | Sponsor:
| Sponsor30
-------------------------------------------------+-------------------------
Comment (by phw):
Replying to [comment:9 teor]:
> > I suggest that BridgeDB should respond with obfs4 bridges even if the
email request is invalid
>
> Careful with responding to invalid input: it can enable some kinds of
attacks.
>
> I can't think of any attacks that are easier than "just send another,
correctly-formatted email". But there can sometimes be risks with email
forwarding, or mailing lists.
[[br]]
BridgeDB already is responding to invalid emails with help instructions. I
think the benefits of this behaviour (it helps confused users) outweighs
the harm you mentioned – at least so far.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30941#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list