Opened 13 months ago

Last modified 5 months ago

#31873 new project

Create new bridge distribution mechanisms

Reported by: phw Owned by:
Priority: High Milestone:
Component: Circumvention/BridgeDB Version:
Severity: Normal Keywords: s30-o23a1, anti-censorship-roadmap-2020
Cc: phw, cohosh Actual Points:
Parent ID: #31280 Points: 20
Reviewer: Sponsor: Sponsor30-must

Description

BridgeDB currently has three bridge distribution mechanisms: Email, HTTPS, and moat. Email is problematic because its interaction mechanism is complicated, not everyone has a Gmail or Riseup address, and it's easy to crawl. HTTPS is problematic because bridges.torproject.org is blocked in most places that matter and our CAPTCHA is good at keeping out users (#29695) but not so good at keeping out bots (#31252). Moat remains relatively useful because it uses domain fronting but it still relies on a CAPTCHA to fight off bots.

It's time to think about new and/or significantly improved bridge distribution methods. How can we get bridges into the hands of users while making it difficult for adversaries to get them all? How can we make BridgeDB's CAPTCHA more resistant against bots and easier for users?

Child Tickets

Change History (10)

comment:1 Changed 10 months ago by sigvids

Shadowsocks(R) and V2Ray proxy servers are openly distributed in Telegram groups.

comment:2 in reply to:  1 Changed 10 months ago by phw

Replying to sigvids:

Shadowsocks(R) and V2Ray proxy servers are openly distributed in Telegram groups.


Are these groups free for anyone to join? If so, I worry that this is not sustainable. Once it becomes a popular distribution mechanism, censors will join these groups.

comment:3 Changed 10 months ago by sigvids

Yes, they are free and public.

The only explanation I can think of is suggested by the report "How China Detects and Blocks Shadowsocks." Blocking of SS/SSR is manual and discretionary. It's possibly that GFW operators choose to tolerate SS/SSR servers outside of politically sensitive periods.

I speculate that Tor is seen as foreign and more threatening, and therefore more resolutely and consistently blocked.

comment:4 Changed 10 months ago by sigvids

For #32781 "Investigate alternative method to share bridges and Tor Browser bundles based on social network protocols" and #31873 "Create new bridge distribution mechanisms":

There is a trade-off between publicity and privacy.

If the distribution of bridges is too public, the bridges become known to the censors.

If the distribution is too private, only insiders get to use them.

comment:5 in reply to:  3 Changed 10 months ago by phw

Replying to sigvids:

I speculate that Tor is seen as foreign and more threatening, and therefore more resolutely and consistently blocked.


I agree. New default bridges are blocked before they're even in Tor Browser – presumably because our adversaries read our bug tracker, which will make it very difficult to distribute bridges through public groups.

comment:6 Changed 9 months ago by cohosh

Cc: cohosh added

comment:7 Changed 9 months ago by gaba

Keywords: anti-censorship-roadmap-2020Q1 added

comment:8 Changed 6 months ago by gaba

Sponsor: Sponsor30-canSponsor30-must

comment:9 Changed 6 months ago by gaba

Keywords: anti-censorship-roadmap-2020 added; anti-censorship-roadmap-2020Q1 removed

No more Q1 for 2020.

comment:10 Changed 5 months ago by cohosh

cohosh cc'ing myself on sponsor 30 work

Note: See TracTickets for help on using tickets.