Snowflake is a pluggable transport that proxies traffic through temporary proxies using WebRTC, a peer-to-peer protocol with built-in NAT punching. It aims to work kind of like flash proxy, but without flash proxy's problems with NAT.
Work in progress.
[tor-dev] Introducing Snowflake (webrtc pt)
Evaluation at PluggableTransports/SnowFlakeEvaluation.
The following should result in a 100% bootstrap over WebRTC:
git clone https://git.torproject.org/pluggable-transports/snowflake.git cd snowflake/client go get go build tor -f torrc
Integration with Tor Browser
(Work in progress.)
The integration of Snowflake into Tor Browser is being tracked at ticket #19001. Here is a guide on getting started. For background reading, see doc/TorBrowser/Hacking, doc/TorBrowser/BuildingWithGitian, and gitian/README.build.
You need to start with an installation of Ubuntu (probably 14.04 is the best bet). You can also build on Debian (e.g. stretch), but dcf had trouble in the make-base-vm stage and had to run that stage on Ubuntu (the rest worked on Debian).
Clone gitian-builder and dcf's branch of tor-browser-bundle. The gitian-builder and tor-browser-bundle directories need to be siblings.
git clone -b tor-browser-builder-4 https://git.torproject.org/builders/gitian-builder.git git clone https://git.torproject.org/builders/tor-browser-bundle.git cd tor-browser-bundle git remote add dcf https://git.torproject.org/user/dcf/tor-browser-bundle.git git fetch dcf git checkout -b snowflake --track dcf/snowflake
Increase the disk space available to the base VMs. Gitian creates clean "base" VMs once, early in the build process, that are reused in following runs. The Snowflake build needs extra disk space. Find the two occurrences of 15360 in gitian-builder/bin/make-base-vm and change them to 25600.
Enter the tor-browser-bundle/gitian directory and repeatedly run the script check-prerequisites.sh, doing what it says until it stops complaining. It's going to ask you to install a bunch of packages, perhaps create groups, and install a patched python-vm-builder program.
cd tor-browser-bundle/gitian ./check-prerequisites.sh
Then install some additional packages that aren't in check-prerequisites.sh yet:
apt-get install curl pkg-config libgtk2.0-dev libglib2.0-dev
Now make the prep-alpha target. This will build the base VMs the first time you run it, and will take a long time. It will also download all the source files, which will also take a long time. TORSOCKS= causes the downloads to not use Tor.
make prep-alpha TORSOCKS=
Then to kick the whole thing off, do this:
Making the build-alpha target, rather than just alpha, enables you to restart the build where it left off after a failure. Making just alpha will cause the whole process to start from scratch, discarding everything except the base VMs—you usually don't want to do that.
While the build is running, it will seem like nothing's happening. You can see what's happening by tailing the log files gitian-builder/var/install.log and gitian-builder/var/build.log.
Currently the build only works for linux. After building the linux bundles, it will fail somewhere in the middle of windows. An alternative to make build-alpha that only builds the linux bundles is ./mkbundle-linux.sh versions.alpha (see the build-alpha target in tor-browser-bundle/gitian/Makefile).
When the build is finished you will have a newly created directory named after the Tor Browser version number, containing tar.xz and other files. Intermediate results appear in gitian-builder/inputs, alongside downloaded source files. The intermediate result files have names that include "gbuilt", e.g. pluggable-transports-linux32-gbuilt.zip.
Current problems you will run into:
- If you run into ssh: connect to host localhost port 2223: Connection refused, this means qemu failed to start due to lack of RAM. You may encounter this if you try to build on a droplet that's too small.
Notes at Snowflake/Fingerprinting.
|#18628||Devise some way for the browser proxy to forward metadata to the bridge before the OR data||new||Medium|
|#18654||Use TLS WebSockets (wss://) for proxy-to-server communication||needs_review||snowflake, cupcake||High|
|#19001||Tor Browser with Snowflake||new||Medium|
|#19026||Remove local LAN address ICE candidates||new||Medium|
|#19315||Include libwebrtc license files in bundle||new||Medium|
|#19409||make a deb of snowflake and get into Debian||new||Medium|
|#20813||Start producing snowflakes||new||High|
|#21305||Client gets into an unrecoverable connect / close loop||new||Medium|
|#21312||snowflake-client is pegged at 100% cpu||new||Medium|
|#21314||snowflake-client needs to stop using my network when I'm not giving it requests||new||Medium|
|#21315||publish some realtime stats from the broker?||new||Medium|
|#21748||Snowflake breaks nightly builds as of March 15||assigned||arlolra||High|