Hi all -
My apologies if everyone is already aware of this: I wanted to share a new paper I came across this morning out of China this past week that suggests low-cost identification methods for snowflake traffic. One of their detection mechanisms is by identifying the STUN DNS lookups, so I thought it was relevant to this discussion, but they also propose using other features of the DTLS handshake for identification.
I'm a little surprised this was published, but better to know now than have to reverse engineer later I suppose.
Best,
Kevin
On Jan 3, 2023, at 8:53 AM, Nathan of Guardian <nathan@guardianproject.info> wrote:
On Dec 31, 2022, at 12:28 PM, Cecylia Bocovich <cohosh@torproject.org> wrote:
On 12/27/22 15:41, John Selbie wrote:
Thank you Cecylia. I think this is a good plan. I like the idea of stun.stunprotocol.org <http://stun.stunprotocol.org> being "in the rotation" for these nodes. Just not the "exclusive default" unless a user manually configures it that way. Does that work for you?
Sounds good. Here's the issue where we're tracking the changes: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40241
It could be a few weeks until you see the traffic drop. Snowflake is distributed and there are a variety of update channels we have to push changes to. For the client traffic, we're dependent on the Tor Browser release schedule.
We’ll take a look at some of the questions around DNS cacheing and stun server rotation in the mobile IPtProxy library and Orbot use of Snowflake this week.Best, Nathan_______________________________________________anti-censorship-team mailing listanti-censorship-team@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/anti-censorship-team