Update builtin bridges from Circumvention Settings API
Right now to update the builtin bridges we need to make a Tor Browser release, it would be nice if TB automatically updates them using Circumvention Settings API.
There are two concerns I have about it:
- Users will not be happy with TB making a call to an external API without giving some consent about it.
- We don't want to make easier for censors to notice you are using Tor because of that.
I think it makes sense to update when we do other connections to moat (Connect Assist, captcha bridges, ...), I assume user has already consent to do a request to the API on those cases and having an extra connection over the domain fronting should not make it more noticeable than it already is. We could store when was the last time we had updated them, and don't update them is they are fresh (maybe 24h is a good freshness).
An extra that would be nice is to ask the user if they want to refresh the builtin bridges when they click on Settings to Select a Built-In Bridge. I think we should only ask if bridges hasn't being refreshed for a while (maybe 7days). The confirmation popup could have a check box with 'remember that option' or something like that, so the following times they enable builtin bridges we refresh or not without asking (if the bridges hasn't being refreshed in 7days).