wiki:doc/Snowflake

Snowflake

Overview

Snowflake is a pluggable transport that proxies traffic through temporary proxies using WebRTC, a peer-to-peer protocol with built-in NAT punching. It aims to work kind of like flash proxy, but without flash proxy's problems with NAT.

Work in progress.

[tor-dev] Introducing Snowflake (webrtc pt)
https://lists.torproject.org/pipermail/tor-dev/2016-January/010310.html

User graph: https://metrics.torproject.org/userstats-bridge-transport.html?transport=snowflake.

Evaluation at PluggableTransports/SnowFlakeEvaluation.

欢迎测试 Tor 浏览器的新网桥 (目前仅支持 Mac OS X 与 Linux) (due to #22782)

How to run a Snowflake proxy

Option 1 (web browser)

  1. Go to https://keroserene.net/snowflake/options.html and click the Yes button to opt in to being a proxy.
  2. Go to https://keroserene.net/snowflake/snowflake.html and watch the status messages.

Option 2 (standalone)

  1. Get the #Source code.
  2. cd proxy-go
    go get
    go build
    ./proxy-go
    

Source code

https://gitweb.torproject.org/pluggable-transports/snowflake.git

The following should result in a 100% bootstrap over WebRTC:

git clone https://git.torproject.org/pluggable-transports/snowflake.git
cd snowflake/client
go get
go build
tor -f torrc

Integration with Tor Browser

(Work in progress.)

The integration of Snowflake into Tor Browser is being tracked at ticket #19001. Here is a guide on getting started. For background reading, see doc/TorBrowser/Hacking, doc/TorBrowser/BuildingWithGitian, and gitian/README.build.

You need to start with an installation of Ubuntu (probably 14.04 is the best bet). You can also build on Debian (e.g. stretch), but dcf had trouble in the make-base-vm stage and had to run that stage on Ubuntu (the rest worked on Debian).

Clone gitian-builder and dcf's branch of tor-browser-bundle. The gitian-builder and tor-browser-bundle directories need to be siblings.

git clone -b tor-browser-builder-4 https://git.torproject.org/builders/gitian-builder.git
git clone https://git.torproject.org/builders/tor-browser-bundle.git
cd tor-browser-bundle
git remote add dcf https://git.torproject.org/user/dcf/tor-browser-bundle.git
git fetch dcf
git checkout -b snowflake --track dcf/snowflake

Enter the tor-browser-bundle/gitian directory and repeatedly run the script check-prerequisites.sh, doing what it says until it stops complaining. It's going to ask you to install a bunch of packages, perhaps create groups, and install a patched python-vm-builder program.

cd tor-browser-bundle/gitian
./check-prerequisites.sh

Now make the prep-alpha target. This will build the base VMs the first time you run it, and will take a long time. It will also download all the source files, which will also take a long time. TORSOCKS= causes the downloads to not use Tor.

make prep-alpha TORSOCKS=

Then to kick the whole thing off, do this:

make build-alpha

Making the build-alpha target, rather than just alpha, enables you to restart the build where it left off after a failure. Making just alpha will cause the whole process to start from scratch, discarding everything except the base VMs—you usually don't want to do that.

While the build is running, it will seem like nothing's happening. You can see what's happening by tailing the log files gitian-builder/var/install.log and gitian-builder/var/build.log.

Currently the build only works for linux. After building the linux bundles, it will fail somewhere in the middle of windows. An alternative to make build-alpha that only builds the linux bundles is ./mkbundle-linux.sh versions.alpha (see the build-alpha target in tor-browser-bundle/gitian/Makefile).

When the build is finished you will have a newly created directory named after the Tor Browser version number, containing tar.xz and other files. Intermediate results appear in gitian-builder/inputs, alongside downloaded source files. The intermediate result files have names that include "gbuilt", e.g. pluggable-transports-linux32-gbuilt.zip.

Current problems you will run into:

  • If you run into ssh: connect to host localhost port 2223: Connection refused, this means qemu failed to start due to lack of RAM. You may encounter this if you try to build on a droplet that's too small.

WebRTC fingerprintability

Notes at Snowflake/Fingerprinting.

Tickets

See also: https://github.com/keroserene/snowflake/issues https://github.com/keroserene/go-webrtc/issues

Ticket Summary Status Owner Keywords Priority
#19001 Tor Browser with Snowflake new Very High
#19026 Remove local LAN address ICE candidates new Medium
#19315 Include libwebrtc license files in bundle new Medium
#19409 make a deb of snowflake and get into Debian new Medium
#19569 DataChannel-only libwebrtc new arlolra Medium
#20813 Start producing snowflakes new High
#21304 Sanitize snowflake.log new Medium
#21305 Client gets into an unrecoverable connect / close loop new Medium
#21312 snowflake-client is pegged at 100% cpu assigned arlolra High
#21314 snowflake-client needs to stop using my network when I'm not giving it requests new Medium
#21315 publish some realtime stats from the broker? new Medium
#22718 OpenWebRTC? new Low
#22782 Change domain front for snowflake to something that isn't blocked new Medium
#22874 Standalone broker (independent of App Engine) assigned cmm32 High
#22945 End-to-end confidentiality for Snowflake client registrations new Medium
#23257 Snowflake doesn't connect on the CalVisitor network new Medium
#23344 Show country of temporary bridge used in snowflake just like with the obfs4 PT in the Torbutton new tbb-team snowflake Medium
#23345 Update transports.html in tb-manual.tp.o to include the snowflake PT new phoul snowflake Medium
#23356 proxy-go starts using 100% CPU when network is disconnected new Medium
#23742 Make a snowflake package and distribute it new Medium
#23749 Snowflake-client potentially suffers from memory leaks new High
#23780 Tor repeatedly tells me that "Your Guard is failing an extremely large amount of circuits" when using snowflake new Medium
#23888 Creating a Snowflake WebExtension addon new Medium
#23947 Move Snowflake proxy page somewhere devs can write new Medium
#24203 Snowflake can't be configured to run with system tor because of AppArmor new snowflake Medium

Last modified 5 weeks ago Last modified on Oct 16, 2017, 9:28:37 PM