wiki:doc/Snowflake

Snowflake

Overview

Snowflake is a pluggable transport that proxies traffic through temporary proxies using WebRTC, a peer-to-peer protocol with built-in NAT punching. It aims to work kind of like flash proxy, but without flash proxy's problems with NAT.

Work in progress.

User graph: https://metrics.torproject.org/userstats-bridge-transport.html?transport=snowflake.

Evaluation at PluggableTransports/SnowFlakeEvaluation.

欢迎测试 Tor 浏览器的新网桥 (目前仅支持 Mac OS X 与 Linux) (#22782 has been fixed, it needs to be retested now)

How to run a Snowflake proxy

Option 1 (web browser)

In a browser where WebRTC is enabled:

  1. Go to https://snowflake.torproject.org/options and click the Yes button to opt in to being a proxy.
  2. Go to https://snowflake.torproject.org/snowflake and watch the status messages. You shouldn't close that page if you want to remain a snowflake bridge.

Updated screenshot of snowflake.html

Note: the Snowflake proxy code lives at snowflake.torproject.org. It formerly lived at keroserene.net/snowflake, but as of 2018-04-16 that location isn't being maintained and points to no-longer-used infrastructure. See comment:7:ticket:22874.

Option 2 (standalone)

  1. First you will need to install and configure Go to build the standalone proxy-go code. If you are running Ubuntu or Debian, you can install Go by executing apt install golang. Otherwise visit https://golang.org/dl/. Once it is installed, set up your workspace and environment variables (more detailed instructions here: https://golang.org/doc/code.html#Workspaces).
    mkdir -p ~/go/src
    echo "export GOPATH=$HOME/go" >> ~/.bash_profile
    source ~/.bash_profile
    
  2. Clone the #Source code the src/ directory of your workspace.
    cd $GOPATH/src
    git clone https://git.torproject.org/pluggable-transports/snowflake.git
    
  3. Get the dependencies and build the source code.
    cd proxy-go
    go get
    go build
    
  4. For our fallback proxy-go instances on snowflake-broker, we manage proxy-go instances using runit. However, a simpler nohup command will also allow you to run an instance in the background. nohup ./proxy-go &

Source code

https://gitweb.torproject.org/pluggable-transports/snowflake.git

The following should result in a 100% bootstrap over WebRTC:

git clone https://git.torproject.org/pluggable-transports/snowflake.git
cd snowflake/client
go get
go build
tor -f torrc

Integration with Tor Browser

2018-11-30: Snowflake is included in alpha releases of Tor Browser for GNU/Linux and macOS. Not Windows yet.

Further integration of Snowflake into Tor Browser is being tracked at ticket #19001.

To build from source code, first see doc/TorBrowser/Hacking, doc/TorBrowser/BuildingWithGitian, and gitian/README.build. In the tor-browser-build directory, make alpha or make testbuild will result in browsers with included Snowflake.

WebRTC fingerprintability

Notes at Snowflake/Fingerprinting.

Tickets

Roadmap: https://storm.torproject.org/shared/OdNtwrtRrqklh76l4PfcngBbQFDbjv_jRroj0WeSY0B
See also: https://github.com/keroserene/go-webrtc/issues

(Same query, including closed tickets)

Ticket Summary Status Owner Keywords Priority
#19001 Tor Browser with Snowflake new ex-sponsor-19 Very High
#19026 Remove local LAN address ICE candidates new Medium
#19315 Include libwebrtc license files in bundle new starter Medium
#19409 Make a deb of snowflake and get into Debian new High
#19569 DataChannel-only libwebrtc new arlolra Medium
#20813 Start producing snowflakes new anti-censorship-roadmap High
#21314 snowflake-client needs to stop using my network when I'm not giving it requests new tor-pt, from-network-team-roadmap, ex-sponsor19, anti-censorship-roadmap Medium
#21315 publish some realtime stats from the broker? needs_review cohosh anti-censorship-roadmap Medium
#22945 End-to-end confidentiality for Snowflake client registrations new Medium
#23888 Creating a Snowflake WebExtension addon assigned arlolra ux-team, tor-pt, ex-sponsor-19,anti-censorship-roadmap Medium
#24465 Snowflake broken if no libatomic on host needs_revision tbb-team snowflake, tbb-rbm Medium
#25429 Need something better than client's `checkForStaleness` assigned cohosh ex-sponsor-19, anti-censorship-roadmap Medium
#25483 Windows reproducible build of snowflake accepted cohosh TorBrowserTeam201805, ex-sponsor-19, anti-censorship-roadmap High
#25591 Pass ICE server information from Broker to WebRTC Client new Medium
#25593 Broker needs better resilience against DoS new ex-sponsor-19 Medium
#25594 Broker: investigate non-domain-fronting secure client / proxy registrations new Medium
#25595 Test suite for Snowflake on various NAT topologies new anti-censorship-roadmap Medium
#25596 Configure TURN servers for the proxy and/or client new Medium
#25598 Let the broker inform proxies how often to poll new starter Medium
#25599 SOCKS4 failure message new Medium
#25601 Multiplex - one snowflake proxy should be able to support multiple clients new snowflake, tor-pt, ex-sponsor-19 Medium
#25681 Defend against flooding of the broker by low bandwidth snowflakes new anti-censorship-roadmap Medium
#25723 Multiplex - one client splits traffic across multiple proxies assigned dcf Low
#25874 DNS-based rendezvous for Snowflake new Medium
#25966 Report on Tor in the UAE (and question about Snowflake) new dcf snowflake Very Low
#25985 Snowflake rendezvous using AMP cache assigned dcf Medium
#26092 Split broker into components assigned dcf Low
#26151 Snowflake rendezvous using Amazon SQS new Medium
#27385 https://snowflake.torproject.org/embed is confusing new snowflake, ux-team, ex-sponsor-19 High
#28651 Prepare all pieces of the snowflake pipeline for a second snowflake bridge new anti-censorship-roadmap Medium
#28672 Android reproducible build of Snowflake needs_revision tbb-mobile, tbb-rbm, GeorgKoppen201904, ex-sponsor-19, TorBrowserTeam201906 Medium
#28726 Loosen restrictions on message sizes in WebSocket server new Medium
#28917 Delete the proxy opt-in cookie, don't set it to 0 new Medium
#28942 Evaluate pion WebRTC assigned cohosh ex-sponsor-19 Medium
#29125 Make websocket server tolerant of HTTP/2 new Medium
#29205 Look into using Firefox for the WebRTC implementation new ex-sponsor-19 Medium
#29206 New design for client -- proxy protocol for Snowflake needs_review cohosh ex-sponsor-19, anti-censorship-roadmap Medium
#29207 New design for broker -- proxy protocol for snowflakes assigned ahf snowflake, design, ex-sponsor-19, anti-censorship-roadmap Very High
#29245 Tor 0.4 eventually hits "Delaying directory fetches: No running bridges" after some period of inactivity with bridges new 040-regression, snowflake, 040-deferred-20190220, ex-sponsor-19 Medium
#29258 What is the IPv6 story with Snowflake new anti-censorship-roadmap Medium
#29259 Ensure high test coverage for Snowflake assigned cohosh ex-sponsor-19, anti-censorship-roadmap Medium
#29260 Should Snowflake proxies have a way to identify themselves to the broker assigned ahf ex-sponsor-19, anti-censorship-roadmap Medium
#29262 Look into the network layer of WebRTC new ex-sponsor-19 Medium
#29293 New Design for client -- broker protocol for Snowflake new snowflake, bridges, broker, ex-sponsor-19 High
#29734 Broker should receive country stats information from Proxy and Client merge_ready cohosh snowflake, geoip, stats Medium
#29736 Use WebSocket protocol to communicate between snowflake proxies and broker assigned ahf snowflake, websocket, ex-sponsor-19, anti-censorship-roadmap Medium
#29863 Add disk space monitoring for snowflake infrastructure merge_ready anti-censorship-roadmap, budget_needed Medium
#30310 Snowflake localization new l10n, snowflake Medium
#30350 Hello, in China, currently, Tor Browser 8.5a11 version can't connect to Tor network through Snowflake bridge. needs_information cohosh Medium
#30368 Run some tests to check reachability of snowflake proxies assigned cohosh anti-censorship-roadmap Medium
#30494 Crazy snowflake-client segfault new Medium
#30498 Proxy-go is receiving a lot of client timeouts new snowflake, ex-sponsor19 Medium
#30510 Share access to the Snowflake domain front CDN configuration new arlolra cohosh dcf phw Medium
#30579 Add more STUN servers to the default snowflake configuration in Tor Browser new snowflake, stun Medium
#30704 Plan for snowflake update versioning and backwards compatability new Medium
#30731 Publish post-sanitization broker logs needs_information Medium
#30830 Modify snowflake broker logs to make them easier to process for measurements new logs, stats Medium
#30867 Write proxy-go tests to cover existing implementation assigned cohosh tests, snowflake Medium
#30878 Set up snowbox to simulate censorship assigned cohosh ex-sponsor-19 Medium

Last modified 5 weeks ago Last modified on May 9, 2019, 6:18:19 PM

Attachments (4)

Download all attachments as: .zip