[tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed May 8 17:37:25 UTC 2019


#30368: Run some tests to check reachability of snowflake proxies
-----------------------------------+--------------------------
 Reporter:  cohosh                 |          Owner:  cohosh
     Type:  task                   |         Status:  assigned
 Priority:  Medium                 |      Milestone:
Component:  Obfuscation/Snowflake  |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:                         |  Actual Points:
Parent ID:                         |         Points:
 Reviewer:                         |        Sponsor:
-----------------------------------+--------------------------

Comment (by dcf):

 Replying to [comment:6 cohosh]:
 > Hm, fwiw, when I was doing manual checks around the time the ticket was
 filed the snowflake.bamsoftware.com proxy-go instances were reliable and
 reachable from the US but definitely not from the VPS in China. At the
 same time, the additional proxy-go instances I set up on another server
 was definitely reachable from both places.

 I believe you. That's good evidence that there ''is'' some sort of
 targeted blocking. It seems to be less severe, at least, since May 3
 according to the tests. We don't have tests from beforehand to know
 whether it used to be equally unreliable.

 > What do you mean by success rate here? The other proxy I set up is
 reachable 100% of the time (in that it bootstraps past the 10% that all
 snowflake connections automatically bootstrap to).

 I know that anything past 10% means the IP of the proxy was reachable, but
 mentally I'm not quite thinking of a less than complete bootstrap as
 complete "success" because to a user it looks like failure. E.g. in
 comment:16:ticket:30350 the user got to 75% after 13 seconds but then no
 further progress. So I'm thinking of it in kind of a "works/doesn't work"
 way, and in that way, snowflake-bridge and snowflake-cohosh seem to have
 roughly equal utility according to the data so far. While we know that the
 GFW sometimes fails open and allows access to blocked IP addresses, this
 doesn't look like that because the success rate is too high.

 Or maybe there really ''is'' some kind of protocol detection happening,
 once the WebRTC DataChannel is connected, and it's not simple IP blocking.
 That would be consistent with the evidence. I would not expect it as a
 first step of blocking, but certainly my intuition has been wrong before.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30368#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list