Opened 8 years ago

Closed 7 years ago

Last modified 7 years ago

#5481 closed project (fixed)

Deploy recaptcha support for https distribution strategy

Reported by: karsten Owned by: aagbsn
Priority: Medium Milestone:
Component: Circumvention/BridgeDB Version:
Severity: Keywords: SponsorF20121101
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

From org/sponsors/SponsorF/Year2: "13. bridgedb: Deploy recaptcha support for https distribution strategy. Right now our bridgedb service is getting bombarded by automated bridge requests, which look an awful lot like an adversary trying to enumerate all the bridges. If we stick a manual captcha step in, we force them to move forward at the arms race."

From talking to Aaron in December:

  1. We have recaptcha support merged into BridgeDB, but it is currently not enabled. (#1836)
  1. Two subtasks of this deliverable should be "Move bridges.tp.o to a Tor VM" and "Get aagbsn access to bridges.tp.o." (#2301)
  1. There is some question as to how Google will react to the recaptcha implementation. We should talk to Google people before enabling it. Aaron is going to talk to them, possibly after an introduction by Mike or Jake.

AFAIK, 2 is in progress and 3 and 1 have not been started.

Can we agree on some schedule when these substeps and the overall deliverable are expected to be done?

Optimistically assigning to the July milestone.

Child Tickets

TicketStatusOwnerSummaryComponent
#1836closednickmbridgedb captcha needs reviewCircumvention/BridgeDB
#2301closedaagbsnmigrate bridgedb to tor serverCircumvention/BridgeDB
#5492closedaagbsnTalk to Google recaptcha team about BridgeDB's recaptcha-proxying strategyCircumvention/BridgeDB
#5943closedaagbsnGet ReCaptcha API keys for bridges.torproject.orgCircumvention/BridgeDB

Change History (6)

comment:1 Changed 8 years ago by aagbsn

Owner: set to aagbsn
Status: newassigned

comment:2 Changed 7 years ago by karsten

Milestone: Sponsor F: July 1, 2012Sponsor F: November 1, 2012

Here's an update after talking to aagbsn: Google has recently said they're fine with us running the recaptcha-proxying strategy. The patch for using recaptcha is merged and we have API keys. The only thing that's left is changing a flag from false to true, which may happen in the next few days.

Moving to November milestone anyway, because July 1 already lies in the past. Also assigning to aagbsn.

comment:3 Changed 7 years ago by karsten

Keywords: SponsorF20121101 added
Milestone: Sponsor F: November 1, 2012

Switching from using milestones to keywords for sponsor deliverables. See #6365 for details.

comment:4 Changed 7 years ago by karsten

Looks like BridgeDB reCAPTCHA is deployed as of two days ago. Yay!

Does that mean we can close this ticket?

Also, what would be a good summary of 2 to 3 sentences wrapping up what was done for this sponsor F deliverable? That summary would be for the sponsor F year 2 page.

comment:5 Changed 7 years ago by aagbsn

Resolution: fixed
Status: assignedclosed

Yes! We can close the ticket.

A summary:

BridgeDB now uses reCAPTCHA to slow datamining attempts. We negotiated with Google to permit proxying reCAPTCHA API requests on behalf of our users to protect their privacy, and then enabled BridgeDB's reCAPTCHA support on https://bridges.torproject.org.

comment:6 Changed 7 years ago by karsten

Updated the sponsor F year 2 wiki page. Thanks!

Note: See TracTickets for help on using tickets.