#30895 closed defect (wontfix)

meek-cloudflare: Tunnel via Cloudflare Argo.

Reported by: cypherpunks Owned by: dcf
Priority: Medium Milestone:
Component: Circumvention/meek Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Child Tickets

Change History (5)

comment:1 Changed 16 months ago by cypherpunks

It was mentioned by Adam Chalmers‏ who created Free plan of Argo tunnel.

comment:2 Changed 16 months ago by nickm

Component: - Select a componentCircumvention/meek
Owner: set to dcf

comment:3 Changed 16 months ago by cypherpunks

While CloudFlare is anti-privacy company this 'cloudflare meek' is useful from censored countries because the government can't block CloudFlare IP address.
If the government block CloudFlare it will block many other websites

comment:4 Changed 16 months ago by dcf

One problem with using Argo is that the cloudflared daemon isn't free software. The license says e.g. "You may examine source code, if provided to you, solely for the limited purpose of evaluating the Software for security flaws."

Another problem is that the connection to the Argo middlebox, according to the blog post, is TLS to "a random subdomain of trycloudflare.com." That means whatever subdomain it uses must be packaged in software, distributed to users, etc., which means that a censor can learn it as well and block it by examining the SNI field. The old solution would be to use domain fronting, but domain fronting only works if it's HTTP inside the TLS, and I don't see an indication that Argo tunnels using HTTP. So this may have to wait for ESNI.

comment:5 Changed 14 months ago by dcf

Resolution: wontfix
Status: newclosed
Note: See TracTickets for help on using tickets.