Version 1 (modified by ahf, 5 months ago) (diff)


BridgeDB session

Goals: Learn the current state of BridgeDB and what the next steps might be.

Roger and Matt starts out explaining what BridgeDB was and what it is with focus
on the history of BridgeDB: "distribute access to Tor relays to the Good Guys in
areas where Tor is censored".

You can get bridges using, for example, email (gmail, riseup, yahoo), via a
website, social network(s), and other possible strategies.

Matt explains about the new interface to getting bridges directly in the Tor
Browser with the help of moat(?)

BridgeDB is run on TPO infrastructure. No redundancy right now.

The Bridge Authority receives the new bridges, which are then submitted to the
BridgeDB and metrics.

Roger explains about a mechanism where you have to attack the system where you
cannot learn about bridges there was available yesterday.

Roger explains about the situation with China with OBFS4.

Gman999 explains about the new Bridge Authority: scripts, the setup, running on
BSD, lack of documentation. Exception reporting: example, why is there N% fewer
users at a certain point in time.

We lack redundancy for Bridge Authorities: one strategy could be each bridge
submits to each BA, the other strategy is they submit to a certain set of of the

Is BridgeDB ready to serve something like Snowflake? Snowfalke does not use
BridgeDB or the Bridge Authority.

Moat/Snowflake uses domain fronting right now to "meet in the middle".

Do we have a plan for when Azure is disabling domain fronting?
- Use Google's DNS via HTTPS (possibly via domain fronting?)
- Use SQS from Amazon: two-way queue where you can do requests and send

gman999 talks about validation of data being submitted from BA to BridgeDB.

Chelsea goes over some of the cloud technology that exists for different types
of architectures one can do where you avoid servers, but can
process/receive/send data.

A concern is expressed about being locked into specific vendors in the cloud

Action items:

- We do not currently have stats about which mechanism people use to get the
- There is not enough bridges.
- Sometimes BridgeDB breaks and nobody notices.
- We lack distribution strategies.
- We lack specification(s) around the BridgeDB ecosystem.
- We lack PT ideas.
- Create ticket for BridgeDB to not display the ordinary ORPort for the China
- Create tickets that can help orgs like Human Rights China to hand out bridges.
- There is currently no mirror or no mechanism for mirroring (possibly via a proxy?) - needs documentation.
- Create ticket for network team to submit to bridge auth via .onion

Items where we could be better:
- People aren't aware of the bridges system, but the browser integration helps.