Changes between Initial Version and Version 1 of org/meetings/2018MexicoCity/Notes/BridgeDB


Ignore:
Timestamp:
Sep 30, 2018, 7:30:59 PM (4 months ago)
Author:
ahf
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • org/meetings/2018MexicoCity/Notes/BridgeDB

    v1 v1  
     1{{{
     2BridgeDB session
     3================
     4
     5Goals: Learn the current state of BridgeDB and what the next steps might be.
     6
     7Roger and Matt starts out explaining what BridgeDB was and what it is with focus
     8on the history of BridgeDB: "distribute access to Tor relays to the Good Guys in
     9areas where Tor is censored".
     10
     11You can get bridges using, for example, email (gmail, riseup, yahoo), via a
     12website, social network(s), and other possible strategies.
     13
     14Matt explains about the new interface to getting bridges directly in the Tor
     15Browser with the help of moat(?)
     16
     17BridgeDB is run on TPO infrastructure. No redundancy right now.
     18
     19The Bridge Authority receives the new bridges, which are then submitted to the
     20BridgeDB and metrics.
     21
     22Roger explains about a mechanism where you have to attack the system where you
     23cannot learn about bridges there was available yesterday.
     24
     25Roger explains about the situation with China with OBFS4.
     26
     27Gman999 explains about the new Bridge Authority: scripts, the setup, running on
     28BSD, lack of documentation. Exception reporting: example, why is there N% fewer
     29users at a certain point in time.
     30
     31We lack redundancy for Bridge Authorities: one strategy could be each bridge
     32submits to each BA, the other strategy is they submit to a certain set of of the
     33BA's.
     34
     35Is BridgeDB ready to serve something like Snowflake? Snowfalke does not use
     36BridgeDB or the Bridge Authority.
     37
     38Moat/Snowflake uses domain fronting right now to "meet in the middle".
     39
     40Do we have a plan for when Azure is disabling domain fronting?
     41- Use Google's DNS via HTTPS (possibly via domain fronting?)
     42- Use SQS from Amazon: two-way queue where you can do requests and send
     43  responses.
     44
     45gman999 talks about validation of data being submitted from BA to BridgeDB.
     46
     47Chelsea goes over some of the cloud technology that exists for different types
     48of architectures one can do where you avoid servers, but can
     49process/receive/send data.
     50
     51A concern is expressed about being locked into specific vendors in the cloud
     52industry.
     53
     54Action items:
     55
     56- We do not currently have stats about which mechanism people use to get the
     57  bridges.
     58- There is not enough bridges.
     59- Sometimes BridgeDB breaks and nobody notices.
     60- We lack distribution strategies.
     61- We lack specification(s) around the BridgeDB ecosystem.
     62- We lack PT ideas.
     63- Create ticket for BridgeDB to not display the ordinary ORPort for the China
     64  case.
     65- Create tickets that can help orgs like Human Rights China to hand out bridges.
     66- There is currently no mirror or no mechanism for mirroring
     67  bridges.torproject.org (possibly via a proxy?) - needs documentation.
     68- Create ticket for network team to submit to bridge auth via .onion
     69
     70Items where we could be better:
     71- People aren't aware of the bridges system, but the browser integration helps.
     72}}}