Opened 2 years ago

#17626 new defect

BridgeDB's email distributor doesn't work if the "get help" text is quoted

Reported by: isis Owned by: isis
Priority: Medium Milestone:
Component: Obfuscation/BridgeDB Version:
Severity: Normal Keywords: bridgedb-email ux bridgedb-ux
Cc: dcf, isis Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Linda and David have been doing studies of user behaviours in laboratory censored environments. One user did:

  1. Sent "get bridges" in the subject line with a blank body. Didn't work because the body was blank. Got a reply with the help message.
  2. Replied to the help message, typing "get bridges" into the body. Didn't work because Gmail quoted the help reply below the "get bridges" line.
  3. Sent a brand new fresh email with a blank subject and "get bridges" in the body. It worked that time.

For #1, I am not sure what to do. The bots which try to scrape BridgeDB usually try use the subject line and have a blank body, and that was the original reason for ignoring the subject line. The second reason is that we require DKIM for the email providers we accept (mail.riseup.net, mail.yahoo.com, gmail.com), and while a provider can configure DKIM signing for the "Subject:" header, it is generally only the case that "From:", "To:", and "CC:" are signed. If we were to use the "Subject:" line when it's not DKIM-signed, we would be allowing any server handling the email en route to modify it, potentially doing things like giving the user a different type of bridges than they actually wanted, or attempting in some way to get the user blocked without them getting any bridges.

For #2, if this is default Gmail behaviour, then BridgeDB certainly should not be forcing users to learn that they must erase the auto-quoted help text. This part is definitely bad UX and therefor a bug.

Child Tickets

Change History (0)

Note: See TracTickets for help on using tickets.