Opened 5 weeks ago

Closed 4 weeks ago

#31154 closed enhancement (not a bug)

Ideas for hosting Tor Snowflake bridges with changing residential IP addresses?

Reported by: subscriptionblocker Owned by:
Priority: Medium Milestone:
Component: Circumvention/Snowflake Version:
Severity: Normal Keywords:
Cc: arlolra, cohosh, dcf, phw Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

https://snowflake.torproject.org/

Our residential IP address is fixed. Need to find some way to mix things up so we can become a real pain in the ass to authorities.

Eventually Snowflake show be pretty safe for hosters - since all that traffic dumps immediately into the Tor network without touching the donors hardware.

I know marketing types use services offering multiple residential IP addresses: https://rotatingproxies.com/?afmc=1g

So can anything be done to supercharge Snowflake?

Child Tickets

Change History (6)

comment:1 Changed 5 weeks ago by nickm

Component: Core TorCircumvention/Snowflake

comment:2 Changed 5 weeks ago by dcf

Cc: arlolra cohosh dcf phw added

comment:3 Changed 5 weeks ago by cohosh

Status: newneeds_information

I don't completely understand the details of this ticket, but it seems to be concerning the fact that we only have a single snowflake bridge, the domain of this bridge is hard-coded into snowflake proxies, and that the bridge has a fixed IP address that doesn't change?

There's a possibly related ticket to running more than one snowflake bridge: #28651

With respect to bridge(s) that have static, fixed IP addresses, can you state more clearly what kind of problem you are trying to solve? For example, from a censorship perspective, blocking the bridge IP address shouldn't cause problems for snowflake since clients connect through the bridge to proxies. If we're worried about a takedown request of the bridge by the jurisdiction in which it is located, I'm not sure how a rotating IP will solve that problem without also changing its jurisdiction (which might be helped by running more than one bridge)?

comment:4 in reply to:  3 ; Changed 5 weeks ago by cypherpunks

Replying to cohosh:

I don't completely understand the details of this ticket, but it seems to be concerning the fact that we only have a single snowflake bridge, the domain of this bridge is hard-coded into snowflake proxies, and that the bridge has a fixed IP address that doesn't change?

There's a possibly related ticket to running more than one snowflake bridge: #28651

With respect to bridge(s) that have static, fixed IP addresses, can you state more clearly what kind of problem you are trying to solve? For example, from a censorship perspective, blocking the bridge IP address shouldn't cause problems for snowflake since clients connect through the bridge to proxies. If we're worried about a takedown request of the bridge by the jurisdiction in which it is located, I'm not sure how a rotating IP will solve that problem without also changing its jurisdiction (which might be helped by running more than one bridge)?

He's talking about snowflake proxies and not the hardcoded bridge, he's looking for

Ideas for hosting Tor Snowflake proxies with changing residential IP addresses?

comment:5 in reply to:  4 Changed 5 weeks ago by cohosh

Replying to cypherpunks:

Replying to cohosh:
He's talking about snowflake proxies and not the hardcoded bridge, he's looking for

Ideas for hosting Tor Snowflake proxies with changing residential IP addresses?

Ah, so this is a place to collect specific ideas for how to deploy proxies on a single machine whose IP address changes

It should just work out of the box for snowflake proxies to be run on machines with dynamic IP addresses. The ICE candidate gathering happens each time a proxy receives a client offer, and so if the proxy's IP address has changed since the last time their local candidates should match the new IP without any changes on the software side.

Note also that if the webextension is used from a laptop, the snowflake will change IP addresses whenever the laptop is moved to a new area with a different AP.

Last edited 5 weeks ago by cohosh (previous) (diff)

comment:6 Changed 4 weeks ago by dcf

Resolution: not a bug
Status: needs_informationclosed

I think the short answer is: don't worry about making your IP address change. If you have a fixed residential IP address, just run a snowflake. If some censors find your IP address and block you, that's fine, there are other censors that won't block you, so you can still be useful. The model is based around the idea that snowflakes (individually) do not need to be hard to block.

And if you set something up so that your IP address does change, I don't think that will cause a problem with any other part of the system. Like cohosh says, each interaction with the broker will use whatever your current IP address happens to be.

Cross-linking the Reddit discussion: https://www.reddit.com/r/TOR/comments/ccsamd/ideas_for_hosting_tor_snowflake_bridges_with/

Note: See TracTickets for help on using tickets.