[tor-bugs] #30579 [Circumvention/Snowflake]: Add more STUN servers to the default snowflake configuration in Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Nov 20 21:24:45 UTC 2019 

#30579: Add more STUN servers to the default snowflake configuration in Tor Browser
-------------------------------------------------+-------------------------
 Reporter:  cohosh                               |          Owner:  cohosh
     Type:  defect                               |         Status:
                                                 |  needs_information
 Priority:  Medium                               |      Milestone:
Component:  Circumvention/Snowflake              |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  stun, anti-censorship-roadmap-       |  Actual Points:
  october                                        |
Parent ID:  #31281                               |         Points:  1
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor30-can
-------------------------------------------------+-------------------------
Changes (by cohosh):

 * status:  assigned => needs_information


Comment:

 Here are some lists of public servers:
 - https://gist.github.com/zziuni/3741933
 - https://gist.github.com/mondain/b0ec1cf5f60ae726202e
 - https://www.voip-info.org/stun/
 - EmerCoin is some cryptocurrency/blockchain project that
 [https://emercoin.com/en/news/global-changes-in-emercoin-blockchain-
 segwit-tx-optimizer-stun-and-13-more-updates uses STUN] and they maintain
 their own
 [https://github.com/emercoin/emercoin/blob/8808770b98248b0174dc3d6f8c70965e13f17396/src/stun.cpp#L59
 list].

 Some possibly useful candidates:
 - `stun.services.mozilla.org`

  Mozilla's stun server is an obvious candidate, but I just checked it and
 it appears to not be working. I found this ticket while investigating:
 https://bugzilla.mozilla.org/show_bug.cgi?id=1143827
 - `stun.gotye.com.cn`

   This appears to work. Looks like a new video/messaging/gaming service.
 See http://www.gotye.com.cn/
 - `stun.stunprotocol.org`

  Idk, it's a .org domain and it works.

 The most useful list seems to be from the
 [https://github.com/emercoin/emercoin/blob/8808770b98248b0174dc3d6f8c70965e13f17396/src/stun.cpp#L59
 coin project]. I'd suggest referencing it again in the future and looking
 at STUN servers with TLDs in whichever region has blocked the ones we
 currently have in Snowflake (I
 [https://web.archive.org/web/20191120211855/https://github.com/emercoin/emercoin/blob/8808770b98248b0174dc3d6f8c70965e13f17396/src/stun.cpp
 saved a current snapshot] at archive.org just in case)

 I suppose there's some risk here with choosing a random service. Snowflake
 clients leak their IP address to whichever server we choose. Perhaps a
 better route is to have the broker perform this step over the domain
 fronted connection (#25591)?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30579#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list