Opened 19 months ago

Last modified 5 days ago

#23888 assigned enhancement

Creating a Snowflake WebExtension addon

Reported by: oarel Owned by: arlolra
Priority: Medium Milestone:
Component: Circumvention/Snowflake Version:
Severity: Normal Keywords: ux-team tor-pt
Cc: oarel@…, dcf, arlolra, mcs, antonela, gaba, cohosh Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor19

Description

The idea is to create a WebExtension that allows one to become a Snowflake bridge by just installing it. That way it only suffices to install an extension and forget about it, unlike the approach of keeping a tab always open with the snowflake JS code.

Since it's based on WebExtensions it can be easily deployed for other browsers in their addon store.

I did try to make one myself but I don't have the expertise and time to debug all the problems that resulted. One of the important take aways that I learned in that process was that automatically loading scripts from external sites is prohibited and will result in the addon not passing the review in the addon store, so the snowflake.js and modernizr.js should be embedded with the addon. However, this would require modifying snowflake.js since when it's loaded locally it throws some typeError and doesn't show that there's some connection to snowflake.bamsoftware.com in the browser console. For debugging, to verify that the addon works as intended one may load it from about:debug and check about:networking in the DNS and WebSockets part.

For the implementation these resources should be loaded in the background to ensure a permanent state with this in the manifest.json,

"background": {
                "page": "pages/Snowflake.html"
        },

Child Tickets

Attachments (7)

concept1.jpg (957.6 KB) - added by antonela 5 months ago.
concept2.jpg (783.0 KB) - added by antonela 5 months ago.
00.png (39.4 KB) - added by antonela 5 months ago.
01.png (40.1 KB) - added by antonela 5 months ago.
00.01.png (42.3 KB) - added by antonela 5 months ago.
browser_extension.sketch (1.8 MB) - added by antonela 3 weeks ago.
snowflake-icon.zip (76.3 KB) - added by antonela 3 weeks ago.

Change History (30)

comment:1 Changed 19 months ago by arlolra

Cc: dcf arlolra added; dcf@… arlo@… removed

Thanks for your effort here. We've been discussing something like this in #20813

There's a fairly successful browser extension that's in the process (hopefully) of being converted to use snowflake in,
https://github.com/glamrock/cupcake/issues/24

comment:2 Changed 6 months ago by pili

Sponsor: Sponsor19

comment:3 Changed 5 months ago by antonela

Keywords: ux-team added

Added to ux-team roadmap

Changed 5 months ago by antonela

Attachment: concept1.jpg added

Changed 5 months ago by antonela

Attachment: concept2.jpg added

Changed 5 months ago by antonela

Attachment: 00.png added

Changed 5 months ago by antonela

Attachment: 01.png added

Changed 5 months ago by antonela

Attachment: 00.01.png added

comment:4 Changed 5 months ago by mcs

Cc: mcs added

comment:5 Changed 5 months ago by antonela

Hey, I hand-made some wireframes to explore some ideas around this web extension. With this web extension, users will have the option to enable/disable snowflake. You can see them here:

https://trac.torproject.org/projects/tor/raw-attachment/ticket/23888/concept1.jpg
https://trac.torproject.org/projects/tor/raw-attachment/ticket/23888/concept2.jpg

If this extension is a browserAction kind of extension, we should approach a toolbar button with a popup. If that is the case, also we should allow users to enable webRTC globally.

https://trac.torproject.org/projects/tor/raw-attachment/ticket/23888/00.png
https://trac.torproject.org/projects/tor/raw-attachment/ticket/23888/01.png

If the extension will work as a pageAction, then we may consider to include the extension icon at the right side of the URL Bar. Also, we should prompt the site preference doorhanger to allow users to enable webRTC for that tab.

https://trac.torproject.org/projects/tor/raw-attachment/ticket/23888/00.01.png

In both scenarios, I think we can keep this idea raised in #27385 about to having the rotational motion on the snowflake when it is running.

We could have Advanced Settings at the Extension Options page. There we can allow users to set some preferences about "how much of my bandwidth I want to give to snowflake" and another type of advanced network settings.


I think that showing the number of peers connected to the bridge is rewarding for the user who is enabling the bridge. I also know that it is not possible now, but we can keep this in mind for later.


I think the snowflake icon should work better at small sizes. If you like to have that icon idea, I'll give it another round of work to synthesize the lines when it works small.

Next step for me is iterate over this mockups. Once we have defined how this extension will work, I'll create a prototype to see how the userflow works.

Version 0, edited 5 months ago by antonela (next)

comment:6 Changed 5 months ago by saint

As arlolra mentioned, after some discussion and delays, snowflake is to be included in Cupcake as a replacement for flashproxy. There are other roadmap items, but those are pushed back pending funding. Cupcake has ~4000 users on Chrome, and a few dozen on Firefox (which needs to be rewritten).

Currently, when flashproxy is active, the cupcake becomes a happy cupcake with eyes and a mustache. I did a lot of user testing with movement and soft/subtle gradient shifts, but unfortunately they all proved too distracting to end-users. The mustache is just enough of a change to be noticeable but not enough to steal focus from page content. So for snowflake, a color change would probably work better than a rotation.

comment:7 Changed 5 months ago by saint

Discussion ongoing at $dayjob about potentially placing a Snowflake snippet onto one of our most popular sites. So if you wanted to turn the changes above into a smaller form factor for the website badge, that would look pretty great. 👍

comment:8 Changed 5 months ago by gaba

Keywords: tor-pt added

comment:9 Changed 5 months ago by gaba

Cc: antonela gaba added

comment:10 in reply to:  6 Changed 5 months ago by antonela

Replying to saint:

As arlolra mentioned, after some discussion and delays, snowflake is to be included in Cupcake as a replacement for flashproxy. There are other roadmap items, but those are pushed back pending funding. Cupcake has ~4000 users on Chrome, and a few dozen on Firefox (which needs to be rewritten).

Wow that's awesome!

So for snowflake, a color change would probably work better than a rotation.

Yes, the main idea is having both: When it is disabled is grey, when it is enabled is violet and when it is enabled with clients, then we can add the rotation.

comment:11 Changed 4 months ago by cohosh

Here are some links to MassBrowser, a project by a University of Massachusetts research group on Browser-based proxies. I don't think it's a web extension, but some of the features available to proxies (being able to decide how much bandwidth to provide, what kinds of exit traffic to support, etc.) would be interesting to look into as features for the web extension.

Website (looks like their cert is bad): https://massbrowser.cs.umass.edu/

Technical report: https://web.cs.umass.edu/publication/docs/2018/UM-CS-2018-005.pdf

  • the most relevant section is probably Content Whitelisting

Code: https://github.com/SPIN-UMass/MassBrowser

comment:12 Changed 4 weeks ago by arlolra

Owner: set to arlolra
Status: newassigned

comment:13 Changed 3 weeks ago by arlolra

Here's a branch that starts on this,
https://github.com/keroserene/snowflake/commits/webext

Changed 3 weeks ago by antonela

Attachment: browser_extension.sketch added

Changed 3 weeks ago by antonela

Attachment: snowflake-icon.zip added

comment:14 Changed 2 weeks ago by arlolra

Thanks for attaching those assets. I pushed a few more commits that make use of them to display the on/off state in the browser icon.

comment:15 in reply to:  13 ; Changed 2 weeks ago by cohosh

Replying to arlolra:

Here's a branch that starts on this,
https://github.com/keroserene/snowflake/commits/webext

I just started looking at #27385 as well. I noticed you're making changes in the /proxy directory of snowflake.git. Was the plan to tackle both this ticket and #27385 at once?

comment:16 in reply to:  15 ; Changed 2 weeks ago by arlolra

Replying to cohosh:

I just started looking at #27385 as well. I noticed you're making changes in the /proxy directory of snowflake.git. Was the plan to tackle both this ticket and #27385 at once?

No, I can look into that after if you want.

My plan was to reuse, wherever possible, the same code for both the badge and the webextension, which inevitably means some refactoring will touch other files in proxy/.

If you're going to do that simultaneously, maybe I should merge what I have so far and we can coordinate a tighter review timeline so there are less conflicts?

comment:17 Changed 13 days ago by dcf

It looks good so far. I like the refactoring changes. If it makes things easier re #27385, I'm fine with merging what's been changed so far.

I built the WebExtension by running cake.coffeescript webext in the proxy directory. Then I loaded it into Firefox by going to about:debugging, clicking "Load Temporary Add-on", and selecting manifest.json.

The browser console (Ctrl+Shift+J) shows a couple of warnings that I don't immediately know how to interpret, and also text showing that tmp.js isn't working to set the opt-in cookie.

1557301394666	addons.webextension.280b152ec6e19b8aec7a29eebdd1af8e61a85964@temporary-addon	WARN	Loading extension '280b152ec6e19b8aec7a29eebdd1af8e61a85964@temporary-addon': Reading manifest: Error processing background.persistent: Event pages are not currently supported. This will run as a persistent background page.
1557301394692	addons.webextension.280b152ec6e19b8aec7a29eebdd1af8e61a85964@temporary-addon	WARN	Please specify whether you want browser_style or not in your browser_action options.
Snowflake: == snowflake proxy ==
Snowflake: Not opted-in. Please click the badge to change options.
Snowflake: Currently not active.

It works for me in Chromium. I seem to remember that the cookie thing is one of the incompatibilities between Firefox and Chromium. I remember encountering this problem when I spent a little time trying to hack together a WebExtension, but I don't remember if I figured it out or not. One thing to try would be cookies.set with a url from runtime.getURL. Of course, if you're planning to refactor the opt-in so that the WebExtension doesn't even need a cookie to work, that's better.

comment:18 in reply to:  17 Changed 13 days ago by arlolra

Replying to dcf:

It looks good so far. I like the refactoring changes. If it makes things easier re #27385, I'm fine with merging what's been changed so far.

Ok, I merged the changes so far, ending in https://gitweb.torproject.org/pluggable-transports/snowflake.git/commit/?id=e7f3ade06827f6501333f986661ed7aa4277946e

Of course, if you're planning to refactor the opt-in so that the WebExtension doesn't even need a cookie to work, that's better.

Yes, that will be the next thing I do. Split up the initialization so that the badge/node/webextension build their own. Thetmp.js was just a hack to get things started.

comment:19 in reply to:  16 ; Changed 13 days ago by cohosh

Replying to arlolra:

Replying to cohosh:

I just started looking at #27385 as well. I noticed you're making changes in the /proxy directory of snowflake.git. Was the plan to tackle both this ticket and #27385 at once?

No, I can look into that after if you want.

My plan was to reuse, wherever possible, the same code for both the badge and the webextension, which inevitably means some refactoring will touch other files in proxy/.

If you're going to do that simultaneously, maybe I should merge what I have so far and we can coordinate a tighter review timeline so there are less conflicts?

Thanks for the merge! If you think you can make the changes for #27385 easily in a way that will match the WebExtension and it sounds like a fun task please feel free to do so. I can help out here but it will also take me longer to get up to speed with how the coffeescript proxy works.

There are other things like setting it up for localization that I can work on once the UI is set :)

Also in case you're interested: I set up a way to test the browser-based proxy in snowbox: https://github.com/cohosh/snowbox/commit/6775554566b71325b5716a4794529f5a686cc403
You probably already have a good setup but I found this useful for not having to install coffeescript on my host machine.

comment:20 Changed 13 days ago by cohosh

Cc: cohosh added

comment:21 in reply to:  19 ; Changed 13 days ago by arlolra

Replying to cohosh:

Thanks for the merge!

There's a bunch more refactoring again in that branch,
https://github.com/keroserene/snowflake/commits/webext

It's getting closer to a point where there's a cleaner separation between what's library code and what's necessary for each of the use cases.

If you think you can make the changes for #27385 easily in a way that will match the WebExtension and it sounds like a fun task please feel free to do so. I can help out here but it will also take me longer to get up to speed with how the coffeescript proxy works.

Ok, I'll try and tackle that next.

There are other things like setting it up for localization that I can work on once the UI is set :)

Also in case you're interested: I set up a way to test the browser-based proxy in snowbox: https://github.com/cohosh/snowbox/commit/6775554566b71325b5716a4794529f5a686cc403
You probably already have a good setup but I found this useful for not having to install coffeescript on my host machine.

Neat, I'll give it a look, thanks!

comment:22 in reply to:  21 ; Changed 5 days ago by cohosh

Replying to arlolra:

Replying to cohosh:

Thanks for the merge!

There's a bunch more refactoring again in that branch,
https://github.com/keroserene/snowflake/commits/webext

It's getting closer to a point where there's a cleaner separation between what's library code and what's necessary for each of the use cases.

Sorry this took so long, it looks good and I verified that the snowflake proxy still works as expected.

comment:23 in reply to:  22 Changed 5 days ago by arlolra

Replying to cohosh:

Sorry this took so long, it looks good and I verified that the snowflake proxy still works as expected.

No problem. I rebased and merged those patches.

Note: See TracTickets for help on using tickets.