Opened 3 months ago

Last modified 3 months ago

#30872 new project

Test BridgeDB's distribution channels in controlled experiment

Reported by: phw Owned by: dcf
Priority: Medium Milestone:
Component: Circumvention/Censorship analysis Version:
Severity: Normal Keywords: gfw
Cc: cohosh, arma, gaba Actual Points:
Parent ID: Points: 3
Reviewer: Sponsor: Sponsor30-can

Description

As of June 2019, BridgeDB distributes bridges over HTTPS, email, and moat. We should find out which ones of these three distribution channels censors can break by injecting test bridges into all of them, and monitoring for how long these bridges continue to be reachable. For now, we should focus on China.

  1. Set up at least three bridges; one for each of our three distribution channels. The bridges can use the BridgeDistribution tor option to tell BridgeDB how they choose to be distributed.
  2. We may also want to disable the bridges' ORPort and use AssumeReachable to rule out the possibility that the censor found the bridge by discovering its ORPort somehow.
  3. Have a client in China continuously test these bridges at random times, so we can learn when (and if) they stop being reachable.
  4. Wait and keep an eye on the country code of clients who use these bridges. We shouldn't be collecting any more data because the bridges will be used by real users.

We probably want more than one bridge per distribution channel. For example, if our HTTPS bridge becomes blocked, we don't know for sure that the GFW is able to enumerate a large fraction of the HTTPS pool. Theoretically, a GFW engineer could have gotten the bridge after a single request to bridges.torproject.org. The more bridges we have, the more confident can we be in our results.

Also, we should understand how BridgeDB maintains its sub-hashrings per distribution channel.

Child Tickets

Change History (2)

comment:1 Changed 3 months ago by cohosh

Can we also do a finer-grained analysis? I'm not completely familiar with BridgeDB, but if we have any partitions within the three main distribution channels, perhaps we can record data on which partition bridges belong to as well. So for example, if bridges distributed to yahoo email addresses get blocked, but riseup email addresses don't, then that tells us something interesting.

comment:2 in reply to:  1 Changed 3 months ago by phw

Replying to cohosh:

Can we also do a finer-grained analysis? I'm not completely familiar with BridgeDB, but if we have any partitions within the three main distribution channels, perhaps we can record data on which partition bridges belong to as well. So for example, if bridges distributed to yahoo email addresses get blocked, but riseup email addresses don't, then that tells us something interesting.


Yes, that would be very helpful but will require some additional trickery. Off the top of my head, I don't know how BridgeDB handles this. I'll have to look into it.

Note: See TracTickets for help on using tickets.