GitLab

When UpdateBridgesFromAuthority is set to 1, Tor makes a direct connection to Tonga to fetch the bridge descriptor referenced in the configuration, as long as it includes the fingerprint. This happens before even trying the bridge directly, so we definitely leak to censors that a) we're a tor client, trying to use bridges; and b) that we'll soon connect to a real bridge IP:port. Back when Tonga wasn't blocked, this seemed fine, but now that we have adversaries that actually pick up on the Tor handshake or network behavior and send active probes, this seems like a poor idea.