Opened 7 weeks ago

#31873 new project

Create new bridge distribution mechanisms

Reported by: phw Owned by:
Priority: High Milestone:
Component: Circumvention/BridgeDB Version:
Severity: Normal Keywords: s30-o23a1
Cc: phw Actual Points:
Parent ID: #31280 Points: 20
Reviewer: Sponsor: Sponsor30-can

Description

BridgeDB currently has three bridge distribution mechanisms: Email, HTTPS, and moat. Email is problematic because its interaction mechanism is complicated, not everyone has a Gmail or Riseup address, and it's easy to crawl. HTTPS is problematic because bridges.torproject.org is blocked in most places that matter and our CAPTCHA is good at keeping out users (#29695) but not so good at keeping out bots (#31252). Moat remains relatively useful because it uses domain fronting but it still relies on a CAPTCHA to fight off bots.

It's time to think about new and/or significantly improved bridge distribution methods. How can we get bridges into the hands of users while making it difficult for adversaries to get them all? How can we make BridgeDB's CAPTCHA more resistant against bots and easier for users?

Child Tickets

Change History (0)

Note: See TracTickets for help on using tickets.