Default bridges — whose IP addresses are hardcoded in the Tor Browser Bundle — carry 91.4% of all bridge clients globally in April 2016, and 86.1% in Iran and 69.2% in Syria. Because these addresses are trivially obtainable from the Tor Browser Bundle configuration files, a censor can block the vast majority of bridge users in a country at any time.
From 2017-matic-dissecting — Dissecting Tor Bridges: a Security Evaluation of Their Private and Public Infrastructures
· §V-E, Table II
· 2017
· Network and Distributed System Security
Implications
Retire or rotate default bridge IPs far more aggressively — the current model of hardcoding a static list in the browser bundle makes default bridges functionally equivalent to public relays from a censor's perspective.
Invest in scalable bridge distribution (BridgeDB improvements, private channels) so that non-default bridges can absorb the client load currently concentrated on the trivially-blockable default set.