probeobserver, plus dynamic bridges, both need to upgrade to modern obfs4proxy
Shel tells me that our bridgestatus measurers are still using obfs4proxy 0.0.8, which means when they are probing a modern obfs4 bridge, they suffer from the compatibility issues in tpo/applications/tor-browser#40804 (closed) -- meaning that 75% of the connection attempts will fail.
This issue might explain why many of the bridgestatus probes take a long time before they connect.
It also could mean that our data so far are suspect, because we learned in the analysis of tpo/anti-censorship/team#92 (closed) that we rotate away from a bridge, and call it a blocking event, as soon as a connection to it fails from any country. So, Tor will try a few times to connect, but if it gets unlucky each time, we are calling the bridge blocked when actually we're just using an incompatible client to try to reach it.
So, I see two^Wthree activities here:
-
Upgrade the obfs4proxy on the client side to 0.0.14. -
Do a pass using dcf's bridge scanner to get a sense of how many of the target bridges are using the modern obfs4proxy vs how many are using the legacy one. That will help us understand how much of an impact this bug had on our data so far. -
Get the dynamic probe server-side code to switch its obfs4proxy version at the same time as we update the client.