On 2021-07-07 11:07 p.m., David Fifield wrote:
I was looking at https://snowflake-broker.torproject.net/debug just now, and saw:
current snowflakes available: 317 standalone proxies: 216 browser proxies: 0 webext proxies: 101 unknown proxies: 0 NAT Types available: restricted: 278 unrestricted: 2 unknown: 37
About 2/3 of proxies are standalone, which is more than I would have supposed. Has there been word getting out about how to run one, or something?
The snowflake metrics (looking at proxy counts each day by unique IP) indeed show an increase in the number of standalone proxies, but it's not quite 2/3. I've attached a plot of the number of standalone proxies for the last few months and it looks like it jumped suddenly in May and June to around 2-3k. Comparing this with total proxy counts that have jumped up to 10k, it looks like around 1/4 of our proxies are now standalone.
The higher poll rate relative to the metrics could be explained by the fact that each standalone proxy by default polls for 10 clients, and at a higher rate than web-based proxies, so the debug numbers will always look higher than the actual metrics.
I am still surprised by the sudden increase in standalone proxies, and that we have so many unique IPs. We have done a few things to make it easier to run one: - Jacobo's ansible playbook - our community documentation improvements - Docker container-based set up But none of these to me suggest that we could jump up to 2k uniquesnowflakes in a month.
More realistically, I think this might be due to misconfigured Orbot proxies. I just had a look at the Orbot source code, because I remembered them mentioning they wanted to allow users to use snowflake as a Tor PT and behave as a proxy:
https://github.com/guardianproject/orbot/blob/920a4e30a6624bc79eeef252a30cf9...
The IptProxy source code uses a patchset on the Go proxy code and it looks like they aren't changing the proxy type reported to the broker:
https://github.com/tladesignz/IPtProxy/blob/master/snowflake.patch
So my guess is these standalone proxies are from Orbot users, which would also explain why many of them also have restricted NATs as meskio pointed out :) I'll reach out them about it since I have a draft email about other IptProxy work in progress.
Cecylia