Opened 4 years ago

Closed 5 months ago

Last modified 4 months ago

#17626 closed defect (fixed)

BridgeDB's email distributor doesn't work if the "get help" text is quoted

Reported by: isis Owned by: phw
Priority: Medium Milestone:
Component: Circumvention/BridgeDB Version:
Severity: Normal Keywords: bridgedb-email, ux, bridgedb-ux, anti-censorship-roadmap-august, s30-o22a3
Cc: dcf, isis, antonela Actual Points: 0.5
Parent ID: #31279 Points: 3
Reviewer: cohosh Sponsor: Sponsor30-must

Description

Linda and David have been doing studies of user behaviours in laboratory censored environments. One user did:

  1. Sent "get bridges" in the subject line with a blank body. Didn't work because the body was blank. Got a reply with the help message.
  2. Replied to the help message, typing "get bridges" into the body. Didn't work because Gmail quoted the help reply below the "get bridges" line.
  3. Sent a brand new fresh email with a blank subject and "get bridges" in the body. It worked that time.

For #1, I am not sure what to do. The bots which try to scrape BridgeDB usually try use the subject line and have a blank body, and that was the original reason for ignoring the subject line. The second reason is that we require DKIM for the email providers we accept (mail.riseup.net, mail.yahoo.com, gmail.com), and while a provider can configure DKIM signing for the "Subject:" header, it is generally only the case that "From:", "To:", and "CC:" are signed. If we were to use the "Subject:" line when it's not DKIM-signed, we would be allowing any server handling the email en route to modify it, potentially doing things like giving the user a different type of bridges than they actually wanted, or attempting in some way to get the user blocked without them getting any bridges.

For #2, if this is default Gmail behaviour, then BridgeDB certainly should not be forcing users to learn that they must erase the auto-quoted help text. This part is definitely bad UX and therefor a bug.

Child Tickets

Change History (11)

comment:1 Changed 12 months ago by gaba

Cc: antonela added
Owner: isis deleted
Points: 3
Sponsor: Sponsor19
Status: newassigned

comment:2 Changed 8 months ago by gaba

Keywords: ex-sponsor-19 added

Adding the keyword to mark everything that didn't fit into the time for sponsor 19.

comment:3 Changed 8 months ago by phw

Sponsor: Sponsor19Sponsor30-must

Moving from Sponsor 19 to Sponsor 30.

comment:4 Changed 6 months ago by gaba

Keywords: anti-censorship-roadmap-august added; ex-sponsor-19 removed

comment:5 Changed 6 months ago by phw

Parent ID: #31268

comment:6 Changed 6 months ago by phw

Parent ID: #31268#31279

comment:7 Changed 5 months ago by phw

Owner: set to phw

comment:8 Changed 5 months ago by phw

Reviewer: cohosh
Status: assignedneeds_review

I took a stab at problem 2 by making BridgeDB ignore commands if they're quoted. Is this a reasonable fix?

I'm not sure how to address problem 1. It may be worth taking a look at recent logs to get an idea of how much of a UX obstacle this is.

comment:9 Changed 5 months ago by cohosh

Status: needs_reviewmerge_ready

This fix looks reasonable to me.

In my investigations I found this site: https://bridges.torproject.org/options which doesn't have instructions about what to include in the body of the email (and also references frontdesk for questions).

comment:10 in reply to:  9 Changed 5 months ago by phw

Actual Points: 0.5
Resolution: fixed
Status: merge_readyclosed

Replying to cohosh:

This fix looks reasonable to me.


Thanks, merged into develop and deployed.

In my investigations I found this site: https://bridges.torproject.org/options which doesn't have instructions about what to include in the body of the email (and also references frontdesk for questions).


Good catch. Let's fix this in #31427, our BridgeDB smörgåsbord ticket.

comment:11 Changed 4 months ago by gaba

Keywords: s30-o22a3 added
Note: See TracTickets for help on using tickets.