Need better instructions for requesting bridges via email

For bridges obtained via email by emailing bridges@ it's not clear how/where to request bridges via email.

E.g the bridges.tpo website simply says to email bridges@ to get bridges

Emailing that address gives you a number of commands but doesn't specify where to send the commands (email subject, body...) I tried both and wasn't able to get it to work.

It also specifies that you can combine commands but it doesn't give any examples or indication of how to do so.

This was raised by a user and I also couldn't figure it out after trying for about 5 minutes :/

Trac:
Parent Ticket: #31279 (closed)

added actualpoints::1 anti-censorship-roadmap-2020Q1 component::circumvention/bridgedb owner::phw parent::31279 points::1 priority::medium resolution::fixed reviewer::cohosh s30-o22a2 severity::normal sponsor::30 status::closed type::defect ux-team labels

P.s I finally figured out that the body content has to be empty apart from the command... (previously I was just replying to the original email, keeping the conversation history in the body)

Yes, requesting bridges is painful right now. I suggested a usable solution for it in #30456 (moved).

Replying to pili:

P.s I finally figured out that the body content has to be empty apart from the command... (previously I was just replying to the original email, keeping the conversation history in the body)

This issue is documented over in #17626 (moved).

I agree that we need to overhaul the email distribution method. It took me a while too, to first figure out how it works, which is bad. Fixing the instructions on bridges.torproject.org is something we can do easily. How about we change it to the following:

Another way to get bridges is to send an email to bridges@torproject.org. Leave the email subject empty and write "get bridges" in the email body for normal bridges or "get transport obfs4" for an obfuscated bridge. Please note that you must send the email using an address from one of the following email providers: Riseup or Gmail.

Trac:
Cc: antonela to antonela, phw

Trac:
Parent: N/A to #31279 (closed)

Trac:
Keywords: N/A deleted, s30-o22a2 added

Trac:
Keywords: N/A deleted, anti-censorship-roadmap-2020Q1 added

Replying to phw:

I agree that we need to overhaul the email distribution method. It took me a while too, to first figure out how it works, which is bad. Fixing the instructions on bridges.torproject.org is something we can do easily. How about we change it to the following:

Another way to get bridges is to send an email to bridges@torproject.org. Leave the email subject empty and write "get bridges" in the email body for normal bridges or "get transport obfs4" for an obfuscated bridge. Please note that you must send the email using an address from one of the following email providers: Riseup or Gmail.

I just deployed this fix as part of #31427 (moved). Ticket #17626 (moved) is also fixed, so what's left is to improve BridgeDB's email instructions. They currently say:

Hey, identityfunction! Welcome to BridgeDB!



COMMANDs: (combine COMMANDs to specify multiple options simultaneously)
  get bridges            Request vanilla bridges.
  get transport [TYPE]   Request a Pluggable Transport by TYPE.
  get help               Displays this message.
  get key                Get a copy of BridgeDB's public GnuPG key.
  get ipv6               Request IPv6 bridges.

Currently supported transport TYPEs:
  fte
  obfs3
  obfs4
  scramblesuit


BridgeDB can provide bridges with several types of Pluggable Transports[0],
which can help obfuscate your connections to the Tor Network, making it more
difficult for anyone watching your internet traffic to determine that you are
using Tor.

Some bridges with IPv6 addresses are also available, though some Pluggable
Transports aren't IPv6 compatible.

Additionally, BridgeDB has plenty of plain-ol'-vanilla bridges - without any
Pluggable Transports - which maybe doesn't sound as cool, but they can still
help to circumvent internet censorship in many cases.

[0]: https://www.torproject.org/docs/pluggable-transports.html

 --
 <3 BridgeDB

I suggest that BridgeDB should respond with obfs4 bridges even if the email request is invalid:

Here are your obfs4 bridges:

 obfs4 1.2.3.4:1234 ...
 obfs4 4.3.2.1:4321 ...

Add these bridges to your Tor Browser by opening your browser
preferences, clicking on "Tor", and then adding them to the "Provide a
bridge" field.

If these bridges are not what you need, respond to this email with one
of the following commands in the message body:

  get bridges           (Request "vanilla" Tor bridges.)
  get transport TYPE    (Request a different obfuscation type. Replace
                         TYPE with obfs3, obfs4, or scramblesuit.)
  get ipv6              (Request IPv6 bridges.)

What do you think? How can we make it better?

Trac:
Status: new to needs_review

Nice! I think we should ask antonela to look over this as well. I like the changes. Some comments:

• The idea to provide bridges on failure is really nice. I like how you've structured that email.

• Are we still handing out FTE or scramblesuit bridges? From what i remember, we removed default FTE bridges from Tor Browser awhile ago. I guess the same could be asked of obfs3. If we only care about handing out obfs4, there's some simplification that can be done with the instructions here.

• Should we have more text explaining that you issue the commands by replying to or sending a new email?

Trac:
Status: needs_review to needs_information

I suggest that BridgeDB should respond with obfs4 bridges even if the email request is invalid

Careful with responding to invalid input: it can enable some kinds of attacks.

I can't think of any attacks that are easier than "just send another, correctly-formatted email". But there can sometimes be risks with email forwarding, or mailing lists.

As far as the text itself goes, the following words are ambiguous:

• vanilla
• several
• plain-ol'-vanilla
• cool

We should replace them with simpler English words, to help people who don't use our dialect of English.

When rephrasing the email response, let's keep in mind that we're retiring obfs3, scramblesuit, and fte (see #33299 (moved)).

Trac:
Cc: antonela, phw to antonela, phw, cohosh

Replying to cohosh:

• Are we still handing out FTE or scramblesuit bridges? From what i remember, we removed default FTE bridges from Tor Browser awhile ago. I guess the same could be asked of obfs3. If we only care about handing out obfs4, there's some simplification that can be done with the instructions here.

Since #33299 (moved) we no longer are. At this point, the only PT is obfs4.

• Should we have more text explaining that you issue the commands by replying to or sending a new email?

Hmm, doesn't the email already say that? Please let me know if you would like to rephrase it. Here's my latest iteration:

Here are your obfs4 bridges:

 obfs4 1.2.3.4:1234 ...
 obfs4 4.3.2.1:4321 ...

Add these bridges to your Tor Browser by opening your browser
preferences, clicking on "Tor", and then adding them to the "Provide a
bridge" field.

If these bridges are not what you need, reply to this email with one of
the following commands in the message body:

  get transport TYPE    (Request obfuscated bridges. Replace
                         TYPE with "obfs4".)
  get bridges           (Request unobfuscated Tor bridges.)
  get ipv6              (Request IPv6 bridges.)

I also replaced "vanilla" with "unobfuscated" as per teor's suggestion.

Trac:
Status: needs_information to needs_review

Replying to teor:

I suggest that BridgeDB should respond with obfs4 bridges even if the email request is invalid

Careful with responding to invalid input: it can enable some kinds of attacks.

I can't think of any attacks that are easier than "just send another, correctly-formatted email". But there can sometimes be risks with email forwarding, or mailing lists.

BridgeDB already is responding to invalid emails with help instructions. I think the benefits of this behaviour (it helps confused users) outweighs the harm you mentioned – at least so far.

Trac:
Reviewer: N/A to cohosh

Replying to phw:

Replying to cohosh:

• Should we have more text explaining that you issue the commands by replying to or sending a new email?

Hmm, doesn't the email already say that? Please let me know if you would like to rephrase it. Here's my latest iteration: {{{ Here are your obfs4 bridges:

obfs4 1.2.3.4:1234 ... obfs4 4.3.2.1:4321 ...

Add these bridges to your Tor Browser by opening your browser preferences, clicking on "Tor", and then adding them to the "Provide a bridge" field.

If these bridges are not what you need, reply to this email with one of the following commands in the message body:

get transport TYPE (Request obfuscated bridges. Replace TYPE with "obfs4".) get bridges (Request unobfuscated Tor bridges.) get ipv6 (Request IPv6 bridges.) }}}

I also replaced "vanilla" with "unobfuscated" as per teor's suggestion.

Oh, you're right! This looks good to me. The only other piece of feedback is something that came up in a similar GetTor ticket: #23226 (moved) to make clear in the email text that this is an automated response.

Trac:
Status: needs_review to merge_ready

I'm changing the status back to 'assigned' because I have yet to write the code. :)

Trac:
Points: N/A to 1
Status: merge_ready to assigned
Owner: sysrqb to phw

I have a fix in my defect/30941 branch. Here's what the code does:

• Respond with obfs4 (or whatever is configured in DEFAULT_TRANSPORT) bridges if the user's request is invalid or empty.
• Remove the help email (which you would previously get after sending an invalid request or a request that contains "get help") because we no longer need it.
• Simplify the automatic response as discussed above in this ticket.
• Make it clear that the email response is automatically generated as cohosh suggested.

Here's what BridgeDB's new email response will look like:

[This is an automated email.  Please do not reply.]

Here are your bridges:

obfs4 1.1.1.1:1111 ...
obfs4 2.2.2.2:2222 ...

Add these bridges to your Tor Browser by opening your browser
preferences, clicking on "Tor", and then adding them to the "Provide a
bridge" field.

If these bridges are not what you need, reply to this email with one of
the following commands in the message body:

  get bridges            (Request unobfuscated Tor bridges.)
  get ipv6               (Request IPv6 bridges.)
  get transport TYPE     (Request obfuscated bridges. Replace TYPE with 'obfs4'.)
  get key                (Get a copy of BridgeDB's public GnuPG key.)

Note that "get key" is still supported but we will get rid of this functionality in #17548 (moved).

Trac:
Status: assigned to needs_review

This looks great!

Trac:
Status: needs_review to merge_ready

Thanks, merged into develop.

While inspecting BridgeDB's logs, I noticed that the autoresponder breaks when dealing with a quoted response from Gmail's web interface. I filed #33835 (moved) to get that fixed.

Trac:
Actualpoints: N/A to 1
Resolution: N/A to fixed
Status: merge_ready to closed

Roger suggested to abandon the concept of transport TYPEs for now because we only offer obfs4 anyway. I addressed his suggestion in commit 208b49c and deployed the fix. BridgeDB's email response now looks as follows:

[This is an automated email.]

Here are your bridges:

  obfs4 ...
  obfs4 ...

Add these bridges to your Tor Browser by opening your browser
preferences, clicking on "Tor", and then adding them to the "Provide a
bridge" field.

If these bridges are not what you need, reply to this email with one of
the following commands in the message body:

  get bridges            (Request unobfuscated Tor bridges.)
  get ipv6               (Request IPv6 bridges.)
  get transport obfs4    (Request obfs4 obfuscated bridges.)
  get key                (Get a copy of BridgeDB's public GnuPG key.)

closed

changed time estimate to 8h

added 8h of time spent

mentioned in issue #31528 (moved)

mentioned in issue #33299 (moved)

mentioned in issue #31279 (closed)

moved to tpo/anti-censorship/bridgedb#30941 (closed)