Hi all - 

My apologies if everyone is already aware of this: I wanted to share a new paper I came across this morning out of China this past week that suggests low-cost identification methods for snowflake traffic. One of their detection mechanisms is by identifying the STUN DNS lookups, so I thought it was relevant to this discussion, but they also propose using other features of the DTLS handshake for identification. 

I'm a little surprised this was published, but better to know now than have to reverse engineer later I suppose.

Best,
Kevin



On Jan 3, 2023, at 8:53 AM, Nathan of Guardian <nathan@guardianproject.info> wrote:



On Dec 31, 2022, at 12:28 PM, Cecylia Bocovich <cohosh@torproject.org> wrote:

On 12/27/22 15:41, John Selbie wrote:
Thank you Cecylia.  I think this is a good plan.  I like the idea of stun.stunprotocol.org <http://stun.stunprotocol.org> being "in the rotation" for these nodes.  Just not the "exclusive default" unless a user manually configures it that way.  Does that work for you?

Sounds good. Here's the issue where we're tracking the changes: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40241

It could be a few weeks until you see the traffic drop. Snowflake is distributed and there are a variety of update channels we have to push changes to. For the client traffic, we're dependent on the Tor Browser release schedule.


We’ll take a look at some of the questions around DNS cacheing and stun server rotation in the mobile IPtProxy library and Orbot use of Snowflake this week.

Best,
  Nathan
_______________________________________________
anti-censorship-team mailing list
anti-censorship-team@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/anti-censorship-team