Opened 5 years ago

Closed 4 years ago

#12843 closed defect (fixed)

Bridgedb shouldn't handout bridges from .ir and .sy

Reported by: mrphs Owned by: isis
Priority: Very High Milestone:
Component: Circumvention/BridgeDB Version:
Severity: Keywords: bridgedb-0.3.0, easy, isis2015Q1Q2, isisExB, isisExC
Cc: yawning, phw Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The public network in these countries is highly censored and the average non-gov-supported/non-suspicious internet connection a user can have is capped to 128kb/s (16KB/s) by authorities in ir.

I can't think of anything these bridges can offer to tor network and its users other than harm and unmasking attacks.

Hopefully, we'd come up with a plan to prevent malicious activity by these bridges in long-term, but for now, we should stop handing them out.

Child Tickets

Change History (8)

comment:1 Changed 5 years ago by yawning

Cc: yawning added

comment:2 Changed 5 years ago by asn

+1. This makes sense to me.

The lighter version would be to stop serving Iranian bridges to Iranian users but serve them normally to non-Iranian users. However, I don't think this is really worth it currently; if we start getting a big volume of Iranian bridges and it feels like we are wasting them, we can rethink this.

comment:3 Changed 5 years ago by phw

Cc: phw added

Preventing a country from participating in the network is always a strong political statement but I think it's justified here. Especially because we are already doing the same thing for relays as discussed in #4923.

comment:4 Changed 5 years ago by isis

Keywords: bridgedb-0.2.x easy added
Status: newaccepted

+1. I agree also.

I started working on this a tiny bit in my fix/12843-cc-spurning branch, but I only added the config option so far... There isn't any functionality yet, but adding it wouldn't be difficult (in case someone else wants to pick this up while I'm working on other things).

comment:5 Changed 5 years ago by isis

This is currently blocked on #9380 and #12872. I'm removing #12872 as a child ticket because Trac's handling of parent/child ticket relationships is jank.

Last edited 5 years ago by isis (previous) (diff)

comment:6 Changed 4 years ago by isis

Keywords: bridgedb-0.2.5 added

comment:7 Changed 4 years ago by isis

Keywords: isis2015Q1Q2 isisExB isisExC added

comment:8 Changed 4 years ago by isis

Keywords: bridgedb-0.3.0 added; bridgedb-0.2.x bridgedb-0.2.5 removed
Resolution: fixed
Status: acceptedclosed

There are patches which fix this in my fix/12843-cc-spurning_r2 branch. The primary changes are to add a NO_DISTRIBUTION_COUNTRIES list option to bridgedb.conf, and the following minor changes to the bridgedb.Main.load() function:

diff --git a/lib/bridgedb/Main.py b/lib/bridgedb/Main.py
index 9317760..d0698c0 100644
--- a/lib/bridgedb/Main.py
+++ b/lib/bridgedb/Main.py
@@ -198,10 +198,17 @@ def load(state, splitter, clear=False):
     inserted = 0
     logging.info("Inserting %d bridges into splitter..." % len(bridges))
     for fingerprint, bridge in bridges.items():
-        # We attempt to insert all bridges. If the bridge is not running, then
-        # it is skipped during the insertion process.
-        splitter.insert(bridge)
-        inserted += 1
+        # Skip insertion of bridges which are geolocated to be in one of the
+        # NO_DISTRIBUTION_COUNTRIES, a.k.a. the countries we don't distribute
+        # bridges from:
+        if bridge.country in state.NO_DISTRIBUTION_COUNTRIES:
+            logging.warn("Not distributing Bridge %s %s:%s in country %s!" %
+                         (bridge, bridge.address, bridge.orPort, bridge.country))
+        else:
+            # If the bridge is not running, then it is skipped during the
+            # insertion process.
+            splitter.insert(bridge)
+            inserted += 1
     logging.info("Done inserting %d bridges into splitter." % inserted)

     if state.COLLECT_TIMESTAMPS:

Because this patch uses bridge.country, it relies upon the changes in #12872 to add geolocation for Bridge ORAddresses and PTs. This patch doesn't look at the geolocation results for PT addresses, however, it blocks distribution of the entire bridge and all of its PTs if the main ORAddress is in one of NO_DISTRIBUTION_COUNTRIES.

Additionally, I added the lib/bridgedb/test/test_Main.py file with integration tests for about 60% of bridgedb.Main, which before had no tests at all. There is not yet, however, a specific regression test for this ticket to check that bridges from Iran and Syria are indeed blocked (mostly because I worry that the test would randomly break whenever the GeoIP database thinks an IP has been reallocated).

Note: See TracTickets for help on using tickets.