BridgeDB should not distribute Tor Browser's default bridges
From #13504 (moved), we started distributing, in Tor Browser as the sets of 'default' bridges, only bridges which report their descriptors to the BridgeAuthority, causing those descriptors to eventually be sent through BridgeDB to the Metrics servers. This was done to obtain more accurate Metrics on bridge usage, since it is believed that most bridge users are currently using the default bridges.
Robert Ransom points out that we don't want BridgeDB to distribute these default Tor Browser bridges. The reasons are similar to why we don't want to initialise/use multiple types of PTs at the same time in Tor Browser: Using a TB-default bridge, presumedly mixed in with other non-TB-default bridges obtained from BridgeDB, would signal to anyone watching for use of the TB-default bridges that the other addresses are Tor bridges, thus potentially endangering:
- the user, Alice, who was accidentally given the TB-default bridge by BridgeDB, because she may now find that all her bridges are suddenly blocked,
- Alice's other bridges, which are at increased risk of being blocked by whoever is watching Alice,
- and the other users of Alice's other bridges.