GitLab

BridgeDB currently has three bridge distribution mechanisms: Email, HTTPS, and moat. Email is problematic because its interaction mechanism is complicated, not everyone has a Gmail or Riseup address, and it's easy to crawl. HTTPS is problematic because bridges.torproject.org is blocked in most places that matter and our CAPTCHA is good at keeping out users (legacy/trac#29695 (moved)) but not so good at keeping out bots (legacy/trac#31252 (moved)). Moat remains relatively useful because it uses domain fronting but it also relies on a CAPTCHA to fight off bots.

It's time to think about new and/or significantly improved bridge distribution methods. How can we get bridges into the hands of users while making it difficult for adversaries to get them all? How can we make BridgeDB's CAPTCHA more resistant against bots and easier for users?

The Salmon bridge distribution system (first presented in a PETS'16 paper) is promising. Let's use this issue to build a prototype and fill in the missing pieces to get Salmon deployed.