Opened 4 years ago

Last modified 6 days ago

#17626 needs_review defect

BridgeDB's email distributor doesn't work if the "get help" text is quoted

Reported by: isis Owned by: phw
Priority: Medium Milestone:
Component: Circumvention/BridgeDB Version:
Severity: Normal Keywords: bridgedb-email, ux, bridgedb-ux, anti-censorship-roadmap-august
Cc: dcf, isis, antonela Actual Points:
Parent ID: #31279 Points: 3
Reviewer: cohosh Sponsor: Sponsor30-must

Description

Linda and David have been doing studies of user behaviours in laboratory censored environments. One user did:

  1. Sent "get bridges" in the subject line with a blank body. Didn't work because the body was blank. Got a reply with the help message.
  2. Replied to the help message, typing "get bridges" into the body. Didn't work because Gmail quoted the help reply below the "get bridges" line.
  3. Sent a brand new fresh email with a blank subject and "get bridges" in the body. It worked that time.

For #1, I am not sure what to do. The bots which try to scrape BridgeDB usually try use the subject line and have a blank body, and that was the original reason for ignoring the subject line. The second reason is that we require DKIM for the email providers we accept (mail.riseup.net, mail.yahoo.com, gmail.com), and while a provider can configure DKIM signing for the "Subject:" header, it is generally only the case that "From:", "To:", and "CC:" are signed. If we were to use the "Subject:" line when it's not DKIM-signed, we would be allowing any server handling the email en route to modify it, potentially doing things like giving the user a different type of bridges than they actually wanted, or attempting in some way to get the user blocked without them getting any bridges.

For #2, if this is default Gmail behaviour, then BridgeDB certainly should not be forcing users to learn that they must erase the auto-quoted help text. This part is definitely bad UX and therefor a bug.

Child Tickets

Change History (8)

comment:1 Changed 7 months ago by gaba

Cc: antonela added
Owner: isis deleted
Points: 3
Sponsor: Sponsor19
Status: newassigned

comment:2 Changed 3 months ago by gaba

Keywords: ex-sponsor-19 added

Adding the keyword to mark everything that didn't fit into the time for sponsor 19.

comment:3 Changed 3 months ago by phw

Sponsor: Sponsor19Sponsor30-must

Moving from Sponsor 19 to Sponsor 30.

comment:4 Changed 6 weeks ago by gaba

Keywords: anti-censorship-roadmap-august added; ex-sponsor-19 removed

comment:5 Changed 3 weeks ago by phw

Parent ID: #31268

comment:6 Changed 3 weeks ago by phw

Parent ID: #31268#31279

comment:7 Changed 6 days ago by phw

Owner: set to phw

comment:8 Changed 6 days ago by phw

Reviewer: cohosh
Status: assignedneeds_review

I took a stab at problem 2 by making BridgeDB ignore commands if they're quoted. Is this a reasonable fix?

I'm not sure how to address problem 1. It may be worth taking a look at recent logs to get an idea of how much of a UX obstacle this is.

Note: See TracTickets for help on using tickets.