Opened 16 months ago

Last modified 9 months ago

#23344 new enhancement

Show country of temporary bridge used in snowflake just like with the obfs4 PT in the Torbutton

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: snowflake
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Currently it looks like,

-----
| @ |
-----
 |----------------------------------------------------------------------------
 | New Identity                   Ctrl+Shift+U | Tor circuit for this site   |
 | New Tor Circuit for this Site  Ctrl+Shift+L | (gitlab.com)                |
 | --------------------------------------------| o This browser              |
 | Tor Network Settings...                     | o Bridge: snowflake         |
 | Tor Network Settings...                     | o Russia (xx.xx.xx.xx)      |
 | --------------------------------------------| o Panama (xx.xx.xx.xx)      |
 | Check for Tor Browser Update...             | o Internet                  |
 |                                             |                             |
 -----------------------------------------------------------------------------

How it should be,

-----
| @ |
-----
 |----------------------------------------------------------------------------
 | New Identity                   Ctrl+Shift+U | Tor circuit for this site   |
 | New Tor Circuit for this Site  Ctrl+Shift+L | (gitlab.com)                |
 | --------------------------------------------| o This browser              |
 | Tor Network Settings...                     | o Bridge: snowflake (Italy) |
 | Tor Network Settings...                     | o Russia (xx.xx.xx.xx)      |
 | --------------------------------------------| o Panama (xx.xx.xx.xx)      |
 | Check for Tor Browser Update...             | o Internet                  |
 |                                             |                             |
 -----------------------------------------------------------------------------

Just like with obfs4 for example.

This will also better reflect the nature of snowflake to the lambda user as a temporary bridges PT.

Child Tickets

Change History (5)

comment:1 Changed 16 months ago by cypherpunks

Keywords: snowflake added

comment:2 Changed 16 months ago by yawning

This isn't possible with the current PT design as the only IP address/port information available to the browser (and the tor daemon for that matter) is the address that's supplied as part of the Bridge config directive (0.0.3.0:1).

Changing this will require extending the PT interface with accompanying changes to the Tor control protocol in addition to the browser and snowflake client changes.

comment:3 in reply to:  2 ; Changed 16 months ago by cypherpunks

Replying to yawning:

This isn't possible with the current PT design as the only IP address/port information available to the browser (and the tor daemon for that matter) is the address that's supplied as part of the Bridge config directive (0.0.3.0:1).

Changing this will require extending the PT interface with accompanying changes to the Tor control protocol in addition to the browser and snowflake client changes.

So probably-bad-idea I assume? Should I close this ticket then if the costs of making this possible are too high for infinitesimal unnecessary results?

Last edited 16 months ago by cypherpunks (previous) (diff)

comment:4 in reply to:  3 Changed 16 months ago by yawning

Replying to cypherpunks:

Replying to yawning:

This isn't possible with the current PT design as the only IP address/port information available to the browser (and the tor daemon for that matter) is the address that's supplied as part of the Bridge config directive (0.0.3.0:1).

Changing this will require extending the PT interface with accompanying changes to the Tor control protocol in addition to the browser and snowflake client changes.

So probably-bad-idea I assume? Should I close this ticket then if the costs of making this possible are too high for infinitesimal unnecessary results?

I don't think it's a bad idea, because it's not. I just wanted to document that it would be a lot of work touching multiple components, that isn't currently planned.

The PT interface should handle designs where the Bridge directive is essentially meaningless better than it currently does, but PTs that work that way didn't exist till well after the PT design was done. There's been a few attempts at redoing the PT interface to be "better", AFAIK none of the redesign efforts really addressed this either.

comment:5 Changed 9 months ago by dcf

If it worked, it wouldn't really look like this:

  • Bridge: snowflake (Italy)
  • Russia (xx.xx.xx.xx)
  • Panama (xx.xx.xx.xx)
  • Internet

The snowflake proxy is an extra hop before the bridge. The bridge itself doesn't move (that's why it can have a static fingerprint). So let's say the bridge is in Mexico, then it would look like this:

  • Pre-bridge proxy: snowflake (Italy)
  • Bridge: snowflake (Mexico)
  • Russia (xx.xx.xx.xx)
  • Panama (xx.xx.xx.xx)
  • Internet

It would be an interesting thing to visualize. Though like yawning said, the PT architecture doesn't support anything like this. tor treats the transport plugin as an opaque pipe, and the transport plugin doesn't even have a way to report ancillary information like this.

Going further, the question of "what snowflake proxy am I using?" isn't well defined. For example, the transport plugin could be using two snowflake proxies simultaneously, and multiplexing traffic for the same circuit across both of them. (We don't support that now, but nothing precludes it.)

Last edited 9 months ago by dcf (previous) (diff)
Note: See TracTickets for help on using tickets.