Change UseBridges to prevent any access attempts of public tor network

In T(A)ILS (https://amnesia.boum.org) we want to enable a bridge-only mode (chosen at the boot menu, or at least before Tor starts) which ensures that the Tor network is never directly connected to. We figure some people don't want to disclose that they are using Tor for various reasons.

Hence we'd like to have an option that can be set in torrc that makes Tor only use bridges, but without it being necessary to specify a bridge in torrc -- the user should be able to do that through Vidalia at a later point, and then have Tor bootstrap as soon as a bridge has been set through the control port.

Here follows the discussion on #tor-dev which suggests that a change of the meaning of UseBridges might be the way:

(17:52:11) nickm: It seems like you may also want a "I am using bridges, even though I haven't configured any bridges yet" option (17:52:36) nickm: That seems much closer to what you are trying to achieve than "ReachableAddresses reject :" (17:53:14) nickm: You could even fake it, I bet, with something like Bridge 127.0.0.1:x, where x is an unused port. (17:53:17) anonym: yes, exactly (17:53:31) nickm: that's not a great solution, of course (17:56:30) anonym: a proper "EnforceBridges" or whatever would be best, yes. is that likely to get implemented if I file a feature request? (17:56:43) nickm: EnforceBridges is not really what you mean (17:56:57) nickm: Because Bridge settings are and should be enforced, always (17:57:10) nickm: You want "EnforceTheBridgesIHaventEvenToldYouAboutYet" (17:57:13) nickm: or something (17:57:18) anonym: hence my "or whatever" (17:58:10) nickm: hang on. (17:58:13) nickm: what about UseBridges 1 (17:58:32) nickm: ah. (17:58:53) nickm: if usebridges 1 is set, and you list no bridges, we reject the torrc (17:59:20) Sebastian: The value of the UseBridges config option is kind of debatable (17:59:44) nickm: Sebastian: you mean, if they specify a bridge, UseBridges should automatically turn on? (17:59:56) Sebastian: yes (17:59:56) nickm: or something else? (18:00:15) nickm: if we agreed on that, then this sounds like a fine value for a tristate, with "auto" being the default. (18:00:40) nickm: I don't know if our existing code does the right thing with UseBridges set but Bridges empty; changing this shouldn't be too hard though (18:00:42) anonym: and 1 being what was intended with "EnforceTheBridgesIHaventEvenToldYouAboutYet" (18:00:42) anonym: ? (18:00:52) nickm: anonym: hypothetically yes