wiki:doc/Snowflake

Snowflake

Overview

Snowflake is a pluggable transport that proxies traffic through temporary proxies using WebRTC, a peer-to-peer protocol with built-in NAT punching. It aims to work kind of like flash proxy, but without flash proxy's problems with NAT.

Work in progress.

User graph: https://metrics.torproject.org/userstats-bridge-transport.html?transport=snowflake.

Evaluation at PluggableTransports/SnowFlakeEvaluation.

欢迎测试 Tor 浏览器的新网桥 (目前仅支持 Mac OS X 与 Linux) (#22782 has been fixed, it needs to be retested now)

How to run a Snowflake proxy

Option 1 (addon)

Firstly make sure you have WebRTC enabled. Then you can install this addon for Firefox or this one for Chrome which will let you become a Snowflake proxy. It can also inform you about how many people you have helped in the last 24 hours.

Option 2 (web browser)

In a browser where WebRTC is enabled:

  1. Go to https://snowflake.torproject.org/embed and toggle the button to opt in to being a proxy. You shouldn't close that page if you want to remain a snowflake bridge.

Option 3 (standalone)

  1. First you will need to install and configure Go to build the standalone proxy-go code. If you are running Ubuntu or Debian, you can install Go by executing apt install golang. Otherwise visit https://golang.org/dl/. Once it is installed, set up your workspace and environment variables (more detailed instructions here: https://golang.org/doc/code.html#Workspaces).
    mkdir -p ~/go/src
    echo "export GOPATH=$HOME/go" >> ~/.bash_profile
    source ~/.bash_profile
    
  2. Clone the #Source code the src/ directory of your workspace.
    cd $GOPATH/src
    git clone https://git.torproject.org/pluggable-transports/snowflake.git
    
  3. Get the dependencies and build the source code.
    cd snowflake
    cd proxy-go
    go get
    go build
    
  4. For our fallback proxy-go instances on snowflake-broker, we manage proxy-go instances using runit. However, a simpler nohup command will also allow you to run an instance in the background. nohup ./proxy-go &

Source code

https://gitweb.torproject.org/pluggable-transports/snowflake.git

The following should result in a 100% bootstrap over WebRTC:

git clone https://git.torproject.org/pluggable-transports/snowflake.git
cd snowflake/client
go get
go build
tor -f torrc

Integration with Tor Browser

2018-11-30: Snowflake is included in alpha releases of Tor Browser for GNU/Linux and macOS. Not Windows yet.

Further integration of Snowflake into Tor Browser is being tracked at ticket #19001.

To build from source code, first see doc/TorBrowser/Hacking, doc/TorBrowser/BuildingWithGitian, and gitian/README.build. In the tor-browser-build directory, make alpha or make testbuild will result in browsers with included Snowflake.

WebRTC fingerprintability

Notes at Snowflake/Fingerprinting.

Reporting bugs

If you encounter problems with Snowflake as a client or a proxy, please file a ticket using our bug tracker. To do so, you will have to create an account or log in using the shared cypherpunks account with password writecode.

Please try to be as descriptive as possible with your ticket and if possible include log messages that will help us reproduce the bug. Consider adding keywords snowflake-webextension or snowflake-client to let us know how which part of the Snowflake system is experiencing problems.

Tickets

Roadmap: https://storm.torproject.org/shared/OdNtwrtRrqklh76l4PfcngBbQFDbjv_jRroj0WeSY0B
See also: https://github.com/keroserene/go-webrtc/issues

(Same query, including closed tickets)

Ticket Summary Status Owner Keywords Priority
#19001 Tor Browser with Snowflake new anti-censorship-roadmap-october Very High
#19026 Remove local LAN address ICE candidates new Medium
#19409 Make a deb of snowflake and get into Debian new High
#19569 DataChannel-only libwebrtc new arlolra Medium
#21314 snowflake-client needs to stop using my network when I'm not giving it requests new tor-pt, from-network-team-roadmap, ex-sponsor19, anti-censorship-roadmap Medium
#22945 End-to-end confidentiality for Snowflake client registrations new Medium
#25429 Need something better than client's `checkForStaleness` assigned cohosh anti-censorship-roadmap-september Medium
#25591 Pass ICE server information from Broker to WebRTC Client new Medium
#25593 Broker needs better resilience against DoS new ex-sponsor-19 Medium
#25594 Broker: investigate non-domain-fronting secure client / proxy registrations new Medium
#25595 Test suite for Snowflake on various NAT topologies new anti-censorship-roadmap-september Medium
#25596 Configure TURN servers for the proxy and/or client new Medium
#25598 Let the broker inform proxies how often to poll needs_revision starter Medium
#25599 SOCKS4 failure message new Medium
#25601 Multiplex - one snowflake proxy should be able to support multiple clients new snowflake, tor-pt, anti-censorship-roadmap-september Medium
#25681 Defend against flooding of the broker by low bandwidth snowflakes new anti-censorship-roadmap Medium
#25723 Multiplex - one client splits traffic across multiple proxies assigned dcf Low
#25874 DNS-based rendezvous for Snowflake new Medium
#25966 Report on Tor in the UAE (and question about Snowflake) new dcf snowflake Very Low
#25985 Snowflake rendezvous using AMP cache assigned dcf Medium
#26092 Split broker into components assigned dcf Low
#26151 Snowflake rendezvous using Amazon SQS new Medium
#28651 Prepare all pieces of the snowflake pipeline for a second snowflake bridge new anti-censorship-roadmap Medium
#28672 Android reproducible build of Snowflake needs_revision tbb-mobile, tbb-rbm, GeorgKoppen201904, ex-sponsor-19, TorBrowserTeam201907, anti-censorship-roadmap-august, snowflake Medium
#28726 Loosen restrictions on message sizes in WebSocket server new Medium
#29125 Make websocket server tolerant of HTTP/2 new Medium
#29206 New design for client -- server protocol for Snowflake needs_review cohosh anti-censorship-roadmap-september Medium
#29207 New design for broker -- proxy protocol for snowflakes needs_review cohosh snowflake, design, ex-sponsor-19, anti-censorship-roadmap High
#29245 Tor 0.4 eventually hits "Delaying directory fetches: No running bridges" after some period of inactivity with bridges new 040-regression, snowflake, 040-deferred-20190220, network-team-roadmap-november Medium
#29258 What is the IPv6 story with Snowflake needs_information dcf anti-censorship-roadmap-august Medium
#29259 Ensure high test coverage for Snowflake assigned cohosh anti-censorship-roadmap-september Medium
#29260 Should Snowflake proxies have a way to identify themselves to the broker new Medium
#29293 New Design for client -- broker protocol for Snowflake new snowflake, bridges, broker, ex-sponsor-19 High
#29736 Use WebSocket protocol to communicate between snowflake proxies and broker assigned ahf snowflake, websocket, ex-sponsor-19, anti-censorship-roadmap Medium
#29863 Add disk space monitoring for snowflake infrastructure merge_ready anti-censorship-roadmap, budget_needed Medium
#30350 Hello, in China, currently, Tor Browser 8.5a11 version can't connect to Tor network through Snowflake bridge. needs_information cohosh Medium
#30368 Run some tests to check reachability of snowflake proxies accepted cohosh anti-censorship-roadmap Medium
#30498 Proxy-go is receiving a lot of client timeouts new snowflake, ex-sponsor19 Medium
#30510 Share access to the Snowflake domain front CDN configuration new Medium
#30579 Add more STUN servers to the default snowflake configuration in Tor Browser new stun, anti-censorship-roadmap-october Medium
#30704 Plan for snowflake update versioning and backwards compatability new Medium
#30867 Write proxy-go tests to cover existing implementation assigned cohosh tests, anti-censorship-roadmap-september Medium
#30878 Set up snowbox to simulate censorship assigned cohosh anti-censorship-roadmap-october Medium
#31028 Migrate away from the custom websocket library new Medium
#31085 Publish the Snowflake WebExtension on AMO for Android new snowflake-webextension android Medium
#31109 Better gamify the UX for snowflake extension new snowflake-webextension, ux-team, anti-censorship-roadmap-october Medium
#31151 Make pre-compiled binaries for proxy-go new Medium
#31157 Collect metrics about what type of proxies are running new anti-censorship-roadmap-october Medium
#31201 Allow webextension users to specify how many resources it uses new snowflake-webextension Medium
#31250 Purchase new snowflake domain to fix "safe browsing" issue needs_information High
#31253 Add a webext packaging target to the build script needs_information cohosh Medium
#31278 Chrome proxies hang with open idle connection new snowflake-webextension Medium
#31285 Browsers accumulate permanently open UDP sockets over time merge_ready cohosh snowflake-webextension Medium
#31288 Add an option to be able to run the Snowflake WebExt as a background app in Chrome new snowflake-webextension Medium
#31310 Refactor/remove proxy-pair state machine in webextension new snowflake-webextension Medium
#31384 localize snowflake website needs_revision cohosh l10n, anti-censorship-roadmap-september Medium
#31423 Improve building documentation new snowflake, documentation Medium
#31425 Snowflake broker is sluggish and sometimes fails needs_review dcf broker Low
#31497 Link Cupcake from snowflake.torproject.org assigned dcf Medium
#31661 Run multiple snowflake bridges and optimize for least latency most throughput by GeoIP based route selection new Medium
#31804 Authentication for proxy--bridge connections new Medium
#31847 Expand contribution guidelines for snowflake new Medium
#31902 Add a short FAQ to snowflake.tp.o new Medium
#31960 Hello, currently, in China, Tor Browser 9.0a7 version can't establish a Tor network connection through snowflake bridge assigned cohosh Immediate
#31971 Snowflake is *consistently* extremely slow when using the Windows build new Medium
#32061 Bump snowflake to b4f4b29a03 needs_review tbb-team snowflake Very High

Last modified 8 weeks ago Last modified on Aug 22, 2019, 10:39:11 AM

Attachments (4)

Download all attachments as: .zip