wiki:doc/Snowflake

Snowflake

Overview

Snowflake is a pluggable transport that proxies traffic through temporary proxies using WebRTC, a peer-to-peer protocol with built-in NAT punching. It aims to work kind of like flash proxy, but without flash proxy's problems with NAT.

Work in progress.

User graph: https://metrics.torproject.org/userstats-bridge-transport.html?transport=snowflake.

Evaluation at PluggableTransports/SnowFlakeEvaluation.

欢迎测试 Tor 浏览器的新网桥 (目前仅支持 Mac OS X 与 Linux) (#22782 has been fixed, it needs to be retested now)

How to run a Snowflake proxy

Option 1 (web browser)

In a browser where WebRTC is enabled:

  1. Go to https://snowflake.torproject.org/options and click the Yes button to opt in to being a proxy.
  2. Go to https://snowflake.torproject.org/snowflake and watch the status messages. You shouldn't close that page if you want to remain a snowflake bridge.

Updated screenshot of snowflake.html

Note: the Snowflake proxy code lives at snowflake.torproject.org. It formerly lived at keroserene.net/snowflake, but as of 2018-04-16 that location isn't being maintained and points to no-longer-used infrastructure. See comment:7:ticket:22874.

Option 2 (standalone)

  1. Get the #Source code.
  2. cd proxy-go
    go get
    go build
    ./proxy-go
    

Source code

https://gitweb.torproject.org/pluggable-transports/snowflake.git

The following should result in a 100% bootstrap over WebRTC:

git clone https://git.torproject.org/pluggable-transports/snowflake.git
cd snowflake/client
go get
go build
tor -f torrc

Integration with Tor Browser

2018-03-07: This section needs to be rewritten to be for the newer rbm-based build system. In particular, you should be able to just do make alpha in tor-browser-build.git.

The integration of Snowflake into Tor Browser is being tracked at ticket #19001. Here is a guide on getting started. For background reading, see doc/TorBrowser/Hacking, doc/TorBrowser/BuildingWithGitian, and gitian/README.build.

You need to start with an installation of Ubuntu (probably 14.04 is the best bet). You can also build on Debian (e.g. stretch), but dcf had trouble in the make-base-vm stage and had to run that stage on Ubuntu (the rest worked on Debian).

Clone gitian-builder and dcf's branch of tor-browser-bundle. The gitian-builder and tor-browser-bundle directories need to be siblings.

git clone -b tor-browser-builder-4 https://git.torproject.org/builders/gitian-builder.git
git clone https://git.torproject.org/builders/tor-browser-bundle.git
cd tor-browser-bundle
git remote add dcf https://git.torproject.org/user/dcf/tor-browser-bundle.git
git fetch dcf
git checkout -b snowflake --track dcf/snowflake

Enter the tor-browser-bundle/gitian directory and repeatedly run the script check-prerequisites.sh, doing what it says until it stops complaining. It's going to ask you to install a bunch of packages, perhaps create groups, and install a patched python-vm-builder program.

cd tor-browser-bundle/gitian
./check-prerequisites.sh

Now make the prep-alpha target. This will build the base VMs the first time you run it, and will take a long time. It will also download all the source files, which will also take a long time. TORSOCKS= causes the downloads to not use Tor.

make prep-alpha TORSOCKS=

Then to kick the whole thing off, do this:

make build-alpha

Making the build-alpha target, rather than just alpha, enables you to restart the build where it left off after a failure. Making just alpha will cause the whole process to start from scratch, discarding everything except the base VMs—you usually don't want to do that.

While the build is running, it will seem like nothing's happening. You can see what's happening by tailing the log files gitian-builder/var/install.log and gitian-builder/var/build.log.

Currently the build only works for linux. After building the linux bundles, it will fail somewhere in the middle of windows. An alternative to make build-alpha that only builds the linux bundles is ./mkbundle-linux.sh versions.alpha (see the build-alpha target in tor-browser-bundle/gitian/Makefile).

When the build is finished you will have a newly created directory named after the Tor Browser version number, containing tar.xz and other files. Intermediate results appear in gitian-builder/inputs, alongside downloaded source files. The intermediate result files have names that include "gbuilt", e.g. pluggable-transports-linux32-gbuilt.zip.

Current problems you will run into:

  • If you run into ssh: connect to host localhost port 2223: Connection refused, this means qemu failed to start due to lack of RAM. You may encounter this if you try to build on a droplet that's too small.

WebRTC fingerprintability

Notes at Snowflake/Fingerprinting.

Tickets

See also: https://github.com/keroserene/go-webrtc/issues

(Same query, including closed tickets)

Ticket Summary Status Owner Keywords Priority
#19001 Tor Browser with Snowflake new Very High
#19026 Remove local LAN address ICE candidates new Medium
#19315 Include libwebrtc license files in bundle new starter Medium
#19409 Make a deb of snowflake and get into Debian new High
#19569 DataChannel-only libwebrtc new arlolra Medium
#20813 Start producing snowflakes new High
#21304 Sanitize snowflake.log new starter Medium
#21305 Client gets into an unrecoverable connect / close loop new Medium
#21314 snowflake-client needs to stop using my network when I'm not giving it requests new Medium
#21315 publish some realtime stats from the broker? new Medium
#22718 OpenWebRTC? new Low
#22945 End-to-end confidentiality for Snowflake client registrations new Medium
#23257 Snowflake doesn't connect on the CalVisitor network new Medium
#23344 Show country of temporary bridge used in snowflake just like with the obfs4 PT in the Torbutton new tbb-team snowflake Medium
#23888 Creating a Snowflake WebExtension addon new Medium
#24465 Snowflake broken if no libatomic on host needs_review tbb-team snowflake, tbb-rbm, TorBrowserTeam201809 Medium
#25429 Need something better than client's `checkForStaleness` new Medium
#25483 Windows reproducible build of snowflake assigned sukhbir TorBrowserTeam201805 High
#25591 Pass ICE server information from Broker to WebRTC Client new Medium
#25593 Broker needs better resilience against DoS new Medium
#25594 Broker: investigate non-domain-fronting secure client / proxy registrations new Medium
#25595 Test suite for Snowflake on various NAT topologies new Medium
#25596 Configure TURN servers for the proxy and/or client new Medium
#25598 Let the broker inform proxies how often to poll new starter Medium
#25599 SOCKS4 failure message new Medium
#25601 Multiplex - one snowflake proxy should be able to support multiple clients new Medium
#25681 Defend against flooding of the broker by low bandwidth snowflakes new Medium
#25688 proxy-go is still deadlocking occasionally new Low
#25722 Put an opt-in button on the main snowflake page new ux-team Medium
#25723 Multiplex - one client splits traffic across multiple proxies new Low
#25874 DNS-based rendezvous for Snowflake new Medium
#25966 Report on Tor in the UAE (and question about Snowflake) new dcf snowflake Very Low
#25985 Snowflake rendezvous using AMP cache needs_revision Medium
#26092 Split broker into components new Low
#26151 Snowflake rendezvous using Amazon SQS new Medium
#26348 Guard against large reads new easy Medium
#26783 Snowflake statistics appear to be broken from something plus mid-June new Medium
#27385 https://snowflake.torproject.org/embed is confusing new snowflake, ux-team High
#27827 Reproducibility issue of the snowflake osx64 build new Medium

Last modified 4 months ago Last modified on May 13, 2018, 10:30:29 AM

Attachments (4)

Download all attachments as: .zip