[Tails-dev] Default bridges? [Was: Tails contributors meetin…

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Old-Topics: Re: [Tails-dev] Tails contributors meeting: Wednesday June 03
Subject: [Tails-dev] Default bridges? [Was: Tails contributors meeting: Wednesday June 03]
Hi,

sajolida wrote (04 Jun 2015 12:55:41 GMT) :
> « Provide default bridges
> -----------------------


> It was agreed that in the context of Tails, until we have Tor config
> persistence (#5461), too many users may use default bridges because
> it's too painful to input bridges addresses manually each time you
> boot. »


> You didn't make explicit the issues behind "too many users may use
> default bridges". Wouldn't those "default bridges" be able to deal with
> this number of users?


Probably they would be able to, but I don't know.

> I suppose that they are chosen to be reliable enough for Tor Browser
> users outside of Tails. And Tails users being 1% of Tor users [1] maybe
> that's no problem.


In practice, I would bet that you're probably right. Note that we lack
solid facts to back it up though. To draw any such conclusion from
these stats, we need two additional assumptions:

 1. Tor Browser users themselves represent a large proportion of all
    Tor users; I've no idea, but I suspect it's correct.
 2. The fraction of Tails users who would use default bridges is of
    the same order of magnitude as the fraction of Tor Browser users
    who use default bridges; given we haven't Tor config persistence,
    while Tor Browser has, the situation is quite different in that
    the incentive for users to use default bridges would be much
    higher, I believe, for Tails users. The ticket description itself
    states "This would also workaround partly the lack of persistence
    feature for Tor configuration" :)


Anyway, the meeting minutes don't make it clear, but this alone wasn't
the only reason why we decided to postpone this topic: security
reasons [1] weighted a lot IIRC, combined with the fact that no good
way to warn users (without scaring them needlessly, and without
teaching them to click through warnings) was proposed yet.

All in all, the whole thing seems hard, problems have been identified
3 months ago, and nobody has showed up to work on solutions since
then, so postponing felt the right thing to do (at least to me).

[1] https://labs.riseup.net/code/issues/8825#note-4

Cheers,
--
intrigeri