Opened 5 years ago

Last modified 12 months ago

#10802 needs_information enhancement

Getting bridges only for port 80,443

Reported by: torland Owned by: isis
Priority: Medium Milestone:
Component: Obfuscation/BridgeDB Version:
Severity: Normal Keywords: bridgedb-ui
Cc: sysrqb, io@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I am running TBB behind a corporate proxy that only allows traffic to port 80 and 443. When I get new bridges from https://bridges.torproject.org they are mostly running on ports that are blocked for me. It would be good to have a checkbox "80,443" on the page that would allow to only get bridges with port 80, 443.

Thanks,

Torland

Child Tickets

Change History (11)

comment:1 Changed 5 years ago by sysrqb

I think this sounds like a good idea to add onto #9127. However, if you want these ports, you will need to make sure you don't select a pluggable transport due to #7875.

comment:2 Changed 5 years ago by sysrqb

But, also to add to this, we do try to return at least one bridge that listens on port 80 or 443 within each response. Sometimes this doesn't happen, in practice, though.

comment:3 Changed 5 years ago by torland

Thanks. I am not using pluggable transport at the moment, but generally it is an issue. I noticed that I mostly get back one bridge with 80/443. It made it much easier, because of #10809.

comment:4 Changed 4 years ago by isis

Keywords: bridgedb-ui added

comment:5 Changed 4 years ago by isis

Owner: set to isis
Status: newassigned

So… the issue that sysrqb pointed out, if I understood correctly, was that if we add a little checkbox that says "I have a restrictive firewall which only allows ports 80 and/or 443!" and they also select a Pluggable Transport that might not have very many or any bridges running on those ports, e.g. obfs3, then the little checkbox won't work: the client will just get obfs3 bridges which are on random ports, not on port 443 or 80.

Also, as sysrqb pointed out, the way that BridgeDB is currently configured (for all distributors, for all clients, for everything) is to try really hard to make sure that at least one of the bridges given to every client is on port 443. We could add a system-wide configuration that forces one of the other bridges to be on port 80, but this would mean that all the other bridges on random ports wouldn't get used as much.

We now also have TBB default bridges (many of which should work for users behind fascist corporate firewalls).

Because of all this, I'm not currently convinced that this ticket warrants the extra development and maintenance… but I might still be convinced.

comment:6 Changed 4 years ago by isis

Status: assignedneeds_information

comment:7 Changed 4 years ago by isis

Cc: sysrqb added

comment:8 Changed 4 years ago by maxxer

Cc: io@… added

comment:9 Changed 4 years ago by maxxer

I'm behind a very restrictive fw which does DPI (so I *need* to use obfs3 or any other pluggable transport) and blocks non standard ports.
In the past I had the luck to obtain a bridge on port 80, now this is apparently not responding anymore and the other two I have are on high ports, thus unreachable to me.

Being able to obtain at least one bridge on 80/443 would really help.

comment:10 in reply to:  9 Changed 4 years ago by isis

Replying to maxxer:

I'm behind a very restrictive fw which does DPI (so I *need* to use obfs3 or any other pluggable transport) and blocks non standard ports.
In the past I had the luck to obtain a bridge on port 80, now this is apparently not responding anymore and the other two I have are on high ports, thus unreachable to me.

Being able to obtain at least one bridge on 80/443 would really help.


That is already implemented, as described above. This ticket is about getting bridges only on ports 80 and 443.

comment:11 Changed 12 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.