[anti-censorship-team] Second draft of Turbo Tunnel Snowflake packages

David Fifield david at bamsoftware.com
Mon Feb 24 18:09:46 UTC 2020


Here are second-draft Tor Browser packages with Turbo Tunnel–enabled
Snowflake. These fix most of the problems I experienced with the first
draft. You still run the risk of being assigned a slow proxy, the
frequent disconnections and occasional CPU spikes should be fixed.
https://bugs.torproject.org/33336#comment:17 summarizes the changes.

https://people.torproject.org/~dcf/pt-bundle/tor-browser-snowflake-turbotunnel-kcp-9.5a5-20200223/
https://people.torproject.org/~dcf/pt-bundle/tor-browser-snowflake-turbotunnel-quic-9.5a5-20200223/

There are two packages because we are testing two options for the inner
tunnel layer. You can choose either one, or download both and compare
them. To enable Snowflake the first time you run one, do this:
 * Click "Configure"
 * Click "Tor is censored in my country"
 * Click "Select a built-in bridge"
 * Select "snowflake" from the menu
How to enable Snowflake if the browser is already running:
 * Go to about:preferences#tor (open the Preferences menu then click Tor
   on the left side)
 * Look at the "Bridges" section
 * Click "Use a bridge"
 * Click "Select a built-in bridge"
 * Select "snowflake" from the menu
If you are curious about what's happening, you can see the Snowflake log
in the file Browser/TorBrowser/Data/Tor/pt_state/snowflake-client.log.
	tail -F Browser/TorBrowser/Data/Tor/pt_state/snowflake-client.log

These packages are experimental and are not meant to be used
permanently. They are configured so that after 2020-04-23, they will
auto-update to the latest alpha release of Tor Browser, and lose their
Turbo Tunnel capabilities.

The name Turbo Tunnel refers to a design that keeps your session alive
even if a network connection temporarily stops working. In Snowflake, it
allows a client to transition across temporary Snowflake proxies.


== How to run multiple browsers at once ==

If you want to run both browsers at the same time, or run them at the
some time as your usual Tor Browser, you have to make them use different
ports to avoid conflicts. The default ports are 9150 and 9151. What I
did is rename the "tor-browser_en-US" directory so I could have two of
them:
	tar xf tor-browser-snowflake-turbotunnel-kcp-9.5a5-20200223/tor-browser-linux64-9.5a5_en-US.tar.xz
	mv tor-browser_en-US tor-browser_en-US_kcp
	tar xf tor-browser-snowflake-turbotunnel-quic-9.5a5-20200223/tor-browser-linux64-9.5a5_en-US.tar.xz
	mv tor-browser_en-US tor-browser_en-US_quic
Then you can run each one with different ports:
	cd tor-browser_en-US_kcp
	TOR_SOCKS_PORT=9250 TOR_CONTROL_PORT=9251 ./start-tor-browser.desktop
	cd ../tor-browser_en-US_quic
	TOR_SOCKS_PORT=9350 TOR_CONTROL_PORT=9351 ./start-tor-browser.desktop
You may also want to go to the Customize... menu and choose different
themes (light/dark) to visually distinguish them.


== How to interpret log messages ==

BrokerChannel Response: 504 Gateway Timeout
	This means the broker couldn't find a proxy for you. It's a
	temporary error and the client will try again in 10 seconds.
BrokerChannel Response: 200 OK
	This means that you got matched up with a proxy, but it doesn't
	necessarily mean the proxy works yet.
Traffic Bytes (in|out): 0 | 972 -- (0 OnMessages, 8 Sends)
	If the number on the left stays at 0, it means the proxy isn't
	working (you're sending but not receiving anything). If 30
	second pass without receiving anything, the client will abandon
	that proxy and contact the broker to get another one.
Traffic Bytes (in|out): 52457 | 7270 -- (47 OnMessages, 75 Sends)
	When you start getting numbers like this, your proxy is working.
WebRTC: No messages received for 30s -- closing stale connection
	This means the proxy stopped working (or never worked) and the
	client will try another one.
WebRTC: At capacity [1/1] Retrying in 10s...
	This is normal and means that the client has its desired number
	of proxies (1).


More information about the anti-censorship-team mailing list