BridgeDB session ================ Goals: Learn the current state of BridgeDB and what the next steps might be. Roger and Matt starts out explaining what BridgeDB was and what it is with focus on the history of BridgeDB: "distribute access to Tor relays to the Good Guys in areas where Tor is censored". You can get bridges using, for example, email (gmail, riseup, yahoo), via a website, social network(s), and other possible strategies. Matt explains about the new interface to getting bridges directly in the Tor Browser with the help of moat(?) BridgeDB is run on TPO infrastructure. No redundancy right now. The Bridge Authority receives the new bridges, which are then submitted to the BridgeDB and metrics. Roger explains about a mechanism where you have to attack the system where you cannot learn about bridges there was available yesterday. Roger explains about the situation with China with OBFS4. Gman999 explains about the new Bridge Authority: scripts, the setup, running on BSD, lack of documentation. Exception reporting: example, why is there N% fewer users at a certain point in time. We lack redundancy for Bridge Authorities: one strategy could be each bridge submits to each BA, the other strategy is they submit to a certain set of of the BA's. Is BridgeDB ready to serve something like Snowflake? Snowfalke does not use BridgeDB or the Bridge Authority. Moat/Snowflake uses domain fronting right now to "meet in the middle". Do we have a plan for when Azure is disabling domain fronting? - Use Google's DNS via HTTPS (possibly via domain fronting?) - Use SQS from Amazon: two-way queue where you can do requests and send responses. gman999 talks about validation of data being submitted from BA to BridgeDB. Chelsea goes over some of the cloud technology that exists for different types of architectures one can do where you avoid servers, but can process/receive/send data. A concern is expressed about being locked into specific vendors in the cloud industry. Action items: - We do not currently have stats about which mechanism people use to get the bridges. - There is not enough bridges. - Sometimes BridgeDB breaks and nobody notices. - We lack distribution strategies. - We lack specification(s) around the BridgeDB ecosystem. - We lack PT ideas. - Create ticket for BridgeDB to not display the ordinary ORPort for the China case. - Create tickets that can help orgs like Human Rights China to hand out bridges. - There is currently no mirror or no mechanism for mirroring bridges.torproject.org (possibly via a proxy?) - needs documentation. - Create ticket for network team to submit to bridge auth via .onion Items where we could be better: - People aren't aware of the bridges system, but the browser integration helps.