[tor-relays] Snowflake PT

Mirimir mirimir at riseup.net
Thu Aug 23 01:22:01 UTC 2018


On 08/22/2018 05:41 PM, teor wrote:
> Hi,
> 
>> On 23 Aug 2018, at 10:16, Mirimir <mirimir at riseup.net> wrote:
>>
>> On 08/22/2018 04:17 PM, teor wrote:
>>> Hi,
>>>
>>> I don’t know about the current deployment plan for Snowflake, but I
>>> can point you to the relevant parts of the git repository:
>>>
>>>> On 22 Aug 2018, at 07:58, Nathaniel Suchy <me at lunorian.is> wrote:
>>>>
>>>> Tor Browser 8 Alpha includes the Snowflake PT as it comes near a final release, the adoption and usage of the Snowflake PT will continue to rise. I now have the following questions...
>>>>
>>>> 1) Will a command line tool like an obfs4proxy come out so those of us with infrastructure can run high capacity snowflake bridges.
>>>
>>> Like Meek, Snowflake is a 3-component transport:
>>>
>>> User -> Proxy -> Bridge
>>
>> I've read some of the Snowflake documentation. But I've found it
>> confusing.
> 
> The FAQ explains the different components:
> https://github.com/keroserene/snowflake#faq

Thanks. This in particular was helpful:

| 1. Volunteers visit websites which host the "snowflake" proxy.
| (just like flashproxy)

I don't recall seeing such a clear statement in other docs.

>> I vaguely recall that Snowflake came up in a recent Tor
>> browser install.
> 
> Yes, the *Snowflake client* is in the new Tor Browser alpha.
> 
>> And I vaguely recall that there was an option to act as
>> a Snowflake proxy, via WebRTC. Is that true?
> 
> Yes, volunteers on non-censored connections can run the *Snowflake proxy*.

Wait. From that quote, it's websites that are hosting the snowflake
proxy. So are "volunteers" running a snowflake script, which is hosted
on the proxy website?

> (Running a proxy in Tor Browser is not possible, because Tor Browser
> disables WebRTC.)

OK. Which is a good thing. Because it's an external IP leak.

>> And if so, what IP address
>> would be exposed? Would it be the IP address of the device running Tor
>> browser? That would be rather iffy. Almost like inviting users to run
>> relays, no? But perhaps I'm just confused.
> 
> The Snowflake client connects to the Snowflake proxy.
> 
> Snowflake uses the STUN WebRTC method, so clients and proxies discover
> each others’ external IP addresses.

The use of "clients and proxies" is confusing here. The proxy is hosted
on some website, so having its external IP address exposed isn't at all
problematic. But what I suspect is that it's clients and _volunteers_
that discover each others’ external IP addresses. So basically, the
snowflake script is circumventing the WebRTC block in Tor browser.

> If Snowflake used the TURN method, then the TURN server would discover
> both addresses:
> https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/client/rendezvous.go#n141

Sure. But the problem here, if I understand this correctly, is that
volunteers are sharing their external IP addresses with snowflake
clients. Is that correct?

And yes, I get that you say "volunteers on non-censored connections".
But "non-censored" doesn't mean non-monitored.

There really needs to be a prominent warning about this. Many people use
Tor for privacy and ~anonymity, not just for circumventing censorship.


More information about the tor-relays mailing list