Thanks for these thoughts, Tom. We can generate thousands of AWS or Azure no-caching CDN subdomains at almost no cost, so we do have that going for us.
I like the idea of using an Android system service of some kind, but a lot of that goes out the window for non-Google Android devices in China. Still, mobile push messaging services might also be a possibility there, at least as a way to distributed seed values.
I do have access from Orbot to Moat and the Snowflake broker working now via Cloudfront domains. We are considering best how to bundle these into our apps, load them at runtime, decode their obfuscated/encrypted format, and then pick one to use when the user needs it.
On 4/1/21 11:19 AM, Tom Ritter wrote:
A common technique for malware to find it's C&C server is to embed a seed into the binary, along with an algorithm that takes the seed and a time epoch (e.g. midnight every day or midnight every 4 days) to generate a new domain name to connect to. The algorithm and see are designed to be hard to reverse engineer. It's always possible though, and once one has done so, you can pre-generate (and block) the domain names into the future.
One mitigation for that is to distribute a bunch of seeds in the hope the adversary doesn't find all of them. (Does get expensive with domain names though.)
Another technique is to add in an unpredictable value into the generation algorithm alongside the seed and the time epoch. Something the adversary can't predict ahead of time like the closing price of a stock ticker or the tip of the bitcoin blockchain. The problem with that is that it requires the application to make a query to some service to retrieve that information and that query could be (a) blocked or (b) detected (unless anyone has any great ideas there[0]). If we had a reliable, unblockable, anonymous method of making a connection somewhere we wouldn't be in this mess ;)
-tom
[0] Maybe Android has something system-accessible like the last virus definition update from the Play store or something?
On Thu, 1 Apr 2021 at 13:26, Nathan of Guardian nathan@guardianproject.info wrote:
It seems like Azure Domain Fronting may already be going offline, according to some reports. Our own testing from US and EU show that it is still working for now.
That said, here is our plan for updating Orbot and Onion Browser in response to what may come at any moment:
- Move to Fastly for Snowflake and Moat as soon as they are ready.
Please keep us posted on this.
Remove Meek as a built-in option.
Promote "social distribution" of bridge URLs via links and QR codes
through communities that need them
- Work on setting up our own additional pool of CDN front addresses for
Moat and the Snowflake broker(s) that we can round-robin/cat-and-mouse through for both Snowflake and Moat. These would be compiled into our apps, or provided through some kind of S3/hard to block bootstrap URL.
- Continue our own work in mobile-specific bridge distribution (push
messages, SMS, chat bots, social etc) options we can employ in the future.
.... any other things to know, that we missed, that we are being naive about?
Thanks!
+n
anti-censorship-team mailing list anti-censorship-team@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/anti-censorship-team