[tor-commits] [bridgedb/master] Don't insert bridges in NO_DISTRIBUTION_COUNTRIES into the hashrings.
isis at torproject.org
isis at torproject.org
Sat Mar 21 02:03:02 UTC 2015
commit f80033f8496b8cda8f032932c0200a7c8f7fe825
Author: Isis Lovecruft <isis at torproject.org>
Date: Sat Feb 21 23:05:32 2015 +0000
Don't insert bridges in NO_DISTRIBUTION_COUNTRIES into the hashrings.
When two-letter country codes are given in the bridgedb.conf option
NO_DISTRIBUTION_COUNTRIES, e.g.:
NO_DISTRIBUTION_COUNTRIES = ['IR', 'SY']
and a Bridge parsed from the descriptor files is found to be geolocated
in one of these countries, we skip adding that Bridge to the hashrings
entirely.
* FIXES #12843 https://bugs.torproject.org/12843
* TODO We could add these blacklisted Bridges to their own hashring of
Undistributables which are never to be distributed to real clients.
Potentially, we could distribute these Undistributables to
adversaries which are definitely not real clients, as a form of
supplying adversaries with decoys (see #12537). By doing so, we
would be handing an adversary which is probably some intelligence
agency's bridge enumeration program (e.g. part of the NSA and GCHQ's
HOMING TROLL and XKEYSCORE programmes) bridges which are run by
another intelligence agency (presumedly واجا (VAJA) and/or إدارة
الأمن العام) in order to gather information about the clients
connecting to them (presumedly hoping that someone from their
jurisdiction would use the bridge). Thus, in the best case scenario,
feeding each agency false (albeit trivially discoverable as false)
information on the other and — in the worst case scenario — simply
being an annoyance by breaking things for both parties.
However, the current organisation of the hashring structures is not
really amenable to adding hashrings for Undistributables — at least
not in any way that safely guarantees that they wouldn't end up in
some bucket or such intended for real clients (which would defeat the
whole purpose of this patch). Because of this concern, using
Undistributables as decoys is not yet feasible.
---
lib/bridgedb/Main.py | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/lib/bridgedb/Main.py b/lib/bridgedb/Main.py
index 9317760..d0698c0 100644
--- a/lib/bridgedb/Main.py
+++ b/lib/bridgedb/Main.py
@@ -198,10 +198,17 @@ def load(state, splitter, clear=False):
inserted = 0
logging.info("Inserting %d bridges into splitter..." % len(bridges))
for fingerprint, bridge in bridges.items():
- # We attempt to insert all bridges. If the bridge is not running, then
- # it is skipped during the insertion process.
- splitter.insert(bridge)
- inserted += 1
+ # Skip insertion of bridges which are geolocated to be in one of the
+ # NO_DISTRIBUTION_COUNTRIES, a.k.a. the countries we don't distribute
+ # bridges from:
+ if bridge.country in state.NO_DISTRIBUTION_COUNTRIES:
+ logging.warn("Not distributing Bridge %s %s:%s in country %s!" %
+ (bridge, bridge.address, bridge.orPort, bridge.country))
+ else:
+ # If the bridge is not running, then it is skipped during the
+ # insertion process.
+ splitter.insert(bridge)
+ inserted += 1
logging.info("Done inserting %d bridges into splitter." % inserted)
if state.COLLECT_TIMESTAMPS:
More information about the tor-commits
mailing list