|
|
|
{{{
|
|
|
|
BridgeDB session
|
|
|
|
================
|
|
|
|
|
|
|
|
Goals: Learn the current state of BridgeDB and what the next steps might be.
|
|
|
|
|
|
|
|
Roger and Matt starts out explaining what BridgeDB was and what it is with focus
|
|
|
|
on the history of BridgeDB: "distribute access to Tor relays to the Good Guys in
|
|
|
|
areas where Tor is censored".
|
|
|
|
|
|
|
|
You can get bridges using, for example, email (gmail, riseup, yahoo), via a
|
|
|
|
website, social network(s), and other possible strategies.
|
|
|
|
|
|
|
|
Matt explains about the new interface to getting bridges directly in the Tor
|
|
|
|
Browser with the help of moat(?)
|
|
|
|
|
|
|
|
BridgeDB is run on TPO infrastructure. No redundancy right now.
|
|
|
|
|
|
|
|
The Bridge Authority receives the new bridges, which are then submitted to the
|
|
|
|
BridgeDB and metrics.
|
|
|
|
|
|
|
|
Roger explains about a mechanism where you have to attack the system where you
|
|
|
|
cannot learn about bridges there was available yesterday.
|
|
|
|
|
|
|
|
Roger explains about the situation with China with OBFS4.
|
|
|
|
|
|
|
|
Gman999 explains about the new Bridge Authority: scripts, the setup, running on
|
|
|
|
BSD, lack of documentation. Exception reporting: example, why is there N% fewer
|
|
|
|
users at a certain point in time.
|
|
|
|
|
|
|
|
We lack redundancy for Bridge Authorities: one strategy could be each bridge
|
|
|
|
submits to each BA, the other strategy is they submit to a certain set of of the
|
|
|
|
BA's.
|
|
|
|
|
|
|
|
Is BridgeDB ready to serve something like Snowflake? Snowfalke does not use
|
|
|
|
BridgeDB or the Bridge Authority.
|
|
|
|
|
|
|
|
Moat/Snowflake uses domain fronting right now to "meet in the middle".
|
|
|
|
|
|
|
|
Do we have a plan for when Azure is disabling domain fronting?
|
|
|
|
- Use Google's DNS via HTTPS (possibly via domain fronting?)
|
|
|
|
- Use SQS from Amazon: two-way queue where you can do requests and send
|
|
|
|
responses.
|
|
|
|
|
|
|
|
gman999 talks about validation of data being submitted from BA to BridgeDB.
|
|
|
|
|
|
|
|
Chelsea goes over some of the cloud technology that exists for different types
|
|
|
|
of architectures one can do where you avoid servers, but can
|
|
|
|
process/receive/send data.
|
|
|
|
|
|
|
|
A concern is expressed about being locked into specific vendors in the cloud
|
|
|
|
industry.
|
|
|
|
|
|
|
|
Action items:
|
|
|
|
|
|
|
|
- We do not currently have stats about which mechanism people use to get the
|
|
|
|
bridges.
|
|
|
|
- There is not enough bridges.
|
|
|
|
- Sometimes BridgeDB breaks and nobody notices.
|
|
|
|
- We lack distribution strategies.
|
|
|
|
- We lack specification(s) around the BridgeDB ecosystem.
|
|
|
|
- We lack PT ideas.
|
|
|
|
- Create ticket for BridgeDB to not display the ordinary ORPort for the China
|
|
|
|
case.
|
|
|
|
- Create tickets that can help orgs like Human Rights China to hand out bridges.
|
|
|
|
- There is currently no mirror or no mechanism for mirroring
|
|
|
|
bridges.torproject.org (possibly via a proxy?) - needs documentation.
|
|
|
|
- Create ticket for network team to submit to bridge auth via .onion
|
|
|
|
|
|
|
|
Items where we could be better:
|
|
|
|
- People aren't aware of the bridges system, but the browser integration helps.
|
|
|
|
}}} |
|
|
|
\ No newline at end of file |
