Skip to content
Snippets Groups Projects

BridgeDB

Last edited by Alexander Færøy

Overview

BridgeDB is the core of the Tor bridge backend. It provides for various pools in doling out bridge relays on user request via SMTP, HTTPS, instant messaging, and a few reserved pools given out by hand to real-world physical networks. The code repository is at https://gitweb.torproject.org/bridgedb.git.

TODO List

(Sponsor D, deliverable 21 for Sep 30)

  • Write a BridgeDB specification (#1606 (moved)).
  • Add code that will make it possible to request bridges for a certain country like so by email: bridges+zh@torproject.org or by HTTP: https://bridges.torproject.org/zh (#1607 (moved)).
  • If we know a certain bridge is blocked in a certain country, don’t give out that bridge to that country (#1608 (moved) and #1837 (moved)).
  • Add code that will give out bridges in a localized way (gettext). For that, put all messages in need for translation in one file (#1609 (moved)).
  • Design algorithm to rotate available bridges over time (#1839 (moved)).
  • Turn mail requests into ’subscriptions’: People mail ’subscribe bridges’ to us, we put them in a database and send them bridges periodically. To not send emails to users that long have forgotten about their subscription, make them re-subscribe periodically by putting a ”Reply to this mail or you won’t get any more bridges” text somewhere in a mail we send them with fresh bridges (#1610 (moved)).
  • Increase the "reserved" share of bridges (#1611 (moved)).
  • Group reserved bridges into buckets for people, write those buckets to files on request (so that those files can be used by Roger or $foo to give to trusted people) (#1612 (moved)).
  • i18n bridgedb (#1613 (moved)).
  • Drop email-to-bridge mappings after N days.
  • Bump up epoch length a lot.
  • Test DB migration code.
  • Drop email persistence.
  • Rate-limit email replies (#1860 (moved)).
  • Stop looking for "get bridges" in emails.
  • Clean email backend periodically
  • List only one bridge per /16 per reply.
  • It keeps corrupting its database, causing Roger to delete the old database and undermine this whole give-the-same-answer-each-time design (#1098 (moved)).
  • Send back an email even if there aren't any bridges
  • Check dkim headers for sanity.
  • Make the 'magic word' for the email configurable, case-tolerant, HTML-tolerant, and punctuation-tolerant
    • for bonus points, make it Base64-tolerant
  • Make all the rest of the email options configurable.
  • Bug: the email handler gets really upset when the email doesn't have a message-id header in it.
  • When we hit the end of a period, forget the email address history.
  • When sending bridges to an email address in the history, check for liveness.
  • Make bounces go to the right address.
  • Make address sent in "mail from" command configurable. Actually, configure it.
  • Make the bridge list you get back include at least one non-443 bridge. It turns out sometimes 443 isn't all it's cracked up to be.

Not now:

  • Check that the incoming IP address of an email is sane.
  • Check more email headers for sanity.

Later:

  • Document stuff better
  • Better area division logic
  • Make all proxies get stuck in their own area.
  • Implement slightly nicer logging
  • Add CAPTCHAs (ugh, this doesn't stop anything, do we have to?) (#1836 (moved))
  • Decent template for the web interface
  • Decent template for mail interface
  • Implement a 'help' command ~~ * Reload configuration on signup; not just bridges.~~
  • Reply with locale support.
  • Check host option in HTTP.

Tickets for [milestone:"BridgeDB Upgrades Phase 1"] TicketQuery(component=Circumvention/BridgeDB&milestone=BridgeDB Upgrades Phase 1)

Comments

    Please register or sign in to add a comment.