Moat/circumvention/map violate the documentation by provide bridge_strings

Moat/circumvention/map violate the documentation by provide bridge_strings
https://bridges.torproject.org/moat/circumvention/map
The documentation says:

The fields are the same as for /circumvention/settings but the map doesn’t provide bridge_strings

https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/doc/moat.md#circumventionmap
Just in case this is a bug, altough seem these provided bridge_strings is suitable to be public bridges, but they are not built-in.
if they are not built-in, why public them?
if public them, why don’t make them as built-in bridges?(this useful if Moat’s reflector CDN block domain fronting traffic or stop work for whatever reason, e.g. built-in SQS and AMP rendezvous bridges for Snowflake, or another meek-CDN).

1 Like

You are right, the documentation is wrong. The original idea was to not provide them, but soon we found out that we do need to provide them sometimes for specific countries.

And yes, we only put there public bridges. They are not marked as built-in because Tor Browser does ignore bridge_strings when they are marked as built-in. So is more of a hack, I’m sorry.

I’ll update that documentation. Thank you for finding it.

2 Likes

Let me know if the wording makes any sense.

1 Like

If some public bridge_strings are working for specific country only(for example some front domains work for specific country only), I think we should have one local version of “map”, just as the “built-in” bridges but user can select by country, so user don’t get confusion.

This is more or less what happens currently in Tor Browser. When Tor connection fails Connect Assist do request from circumvention settings the configuraiton for the user country (detected from the IP address), but users can select manually their country.

Users don’t see this map, only developers of applications using tor.

Seem I cannot select those public bridges as select built-in bridges(mouse click without wait for fail).
Also one local version of “map” can save some CDN costs, if local version failed(timeout or user feels uncomfortable), requests from moat.
Also one local version of “map” useful when built-in moat stop work but those bridges still working(SQS Snowflake, AMP Snowflake, meek-anotherCDN. and so on).

I don’t mean require user to manually views the map json file, I mean make it as the connection assist, but internal first try to use built-in local map json file rather than direct request from moat.