#25405: cannot use Moat if a meek bridge is configured
     Reporter:  mcs                        |      Owner:  brade
         Type:  defect                     |     Status:  new
     Priority:  Medium                     |  Milestone:
    Component:  Applications/Tor Launcher  |    Version:
     Severity:  Normal                     |   Keywords:
Actual Points:                             |  Parent ID:
       Points:                             |   Reviewer:
      Sponsor:  Sponsor4                   |
 If Tor Browser is configured to use a meek transport (e.g., meek-amazon or
 meek-azure), the Moat interface cannot be used to request bridges from
 BridgeDB. The root cause is that Tor Launcher's Moat implementation uses
 the same meek client programs and configuration as the built-in meek
 bridges use, which means when Moat starts up it starts an "invisible"
 firefox that tries to use the profile.meek-http-helper profile (which is
 already in use).

 Ideas for fixing this (from ticket:23136#comment:55):
 a) Use a separate browser profile for the meek browser when it is used for
 Moat (this requires a fix for #12716 and possibly other things inside
 b) Give up on using the secondary browser and use meek-client to
 obfs4proxy's meek_lite mode for Moat. This has the downside that the TLS
 fingerprint will not match Firefox's when doing Moat).
 c) Modify Tor Launcher to kill the tor daemon before using Moat. But this
 might have undesirable side effects because some other part of the browser
 may be using the Tor network (e.g., for a file download). Also, while Tor
 Launcher knows how to restart tor if it is killed, it might be difficult
 to make sure we kill and restart tor in a robust fashion when we are in
 the middle of configuring settings.

 Kathy and I are currently in favor of pursuing a) but could be convinced
 to do something else.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25405>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
tor-bugs mailing list

Reply via email to