wiki:doc/Snowflake

Snowflake

Overview

Snowflake is a pluggable transport that proxies traffic through temporary proxies using WebRTC, a peer-to-peer protocol with built-in NAT punching. It aims to work kind of like flash proxy, but without flash proxy's problems with NAT.

Work in progress.

User graph: https://metrics.torproject.org/userstats-bridge-transport.html?transport=snowflake.

Evaluation at PluggableTransports/SnowFlakeEvaluation.

欢迎测试 Tor 浏览器的新网桥 (目前仅支持 Mac OS X 与 Linux) (#22782 has been fixed, it needs to be retested now)

How to run a Snowflake proxy

Option 1 (addon)

Firstly make sure you have WebRTC enabled. Then you can install this addon for Firefox or this one for Chrome which will let you become a Snowflake proxy. It can also inform you about how many people you have helped in the last 24 hours.

Option 2 (web browser)

In a browser where WebRTC is enabled:

  1. Go to https://snowflake.torproject.org/embed and toggle the button to opt in to being a proxy. You shouldn't close that page if you want to remain a snowflake bridge.

Option 3 (standalone)

  1. First you will need to install and configure Go to build the standalone proxy-go code. If you are running Ubuntu or Debian, you can install Go by executing apt install golang. Otherwise visit https://golang.org/dl/. Once it is installed, set up your workspace and environment variables (more detailed instructions here: https://golang.org/doc/code.html#Workspaces).
    mkdir -p ~/go/src
    echo "export GOPATH=$HOME/go" >> ~/.bash_profile
    source ~/.bash_profile
    
  2. Clone the #Source code the src/ directory of your workspace.
    cd $GOPATH/src
    git clone https://git.torproject.org/pluggable-transports/snowflake.git
    
  3. Get the dependencies and build the source code.
    cd snowflake
    cd proxy
    go get
    go build
    
  4. For our fallback proxy-go instances on snowflake-broker, we manage proxy-go instances using runit. However, a simpler nohup command will also allow you to run an instance in the background. nohup ./proxy &

Source code

https://gitweb.torproject.org/pluggable-transports/snowflake.git

The following should result in a 100% bootstrap over WebRTC:

git clone https://git.torproject.org/pluggable-transports/snowflake.git
cd snowflake/client
go get
go build
tor -f torrc

Integration with Tor Browser

2018-11-30: Snowflake is included in alpha releases of Tor Browser for GNU/Linux and macOS. Not Windows yet.

Further integration of Snowflake into Tor Browser is being tracked at ticket #19001.

To build from source code, see doc/TorBrowser/Hacking. In the tor-browser-build directory, make alpha or make testbuild will result in browsers with included Snowflake.

WebRTC fingerprintability

Notes at Snowflake/Fingerprinting.

Reporting bugs

If you encounter problems with Snowflake as a client or a proxy, please file a ticket using our bug tracker. To do so, you will have to create an account or log in using the shared cypherpunks account with password writecode.

Please try to be as descriptive as possible with your ticket and if possible include log messages that will help us reproduce the bug. Consider adding keywords snowflake-webextension or snowflake-client to let us know how which part of the Snowflake system is experiencing problems.

Tickets

Roadmap: https://storm.torproject.org/shared/OdNtwrtRrqklh76l4PfcngBbQFDbjv_jRroj0WeSY0B
See also: https://github.com/keroserene/go-webrtc/issues

(Same query, including closed tickets)

Ticket Summary Status Owner Keywords Priority
#19001 Tor Browser with Snowflake new ux-team, anti-censorship-roadmap-2020 Very High
#19409 Make a deb of snowflake and get into Debian new Low
#21314 snowflake-client needs to stop using my network when I'm not giving it requests new tor-pt Medium
#22945 End-to-end confidentiality for Snowflake client registrations new Medium
#25591 Pass STUN information from Broker to WebRTC Client assigned cohosh Medium
#25593 Broker needs better resilience against DoS new ex-sponsor-19 Medium
#25594 Broker: investigate non-domain-fronting secure client / proxy registrations new Medium
#25595 Test suite for Snowflake on various NAT topologies new Medium
#25596 Configure TURN servers for the proxy and/or client new Medium
#25598 Let the broker inform proxies how often to poll needs_revision anti-censorship-roadmap-2020 Medium
#25681 Defend against flooding of the broker by low bandwidth snowflakes new Medium
#25723 Multiplex - one client splits traffic across multiple proxies assigned dcf anti-censorship-roadmap-2020 Low
#25874 DNS-based rendezvous for Snowflake new Medium
#25966 Report on Tor in the UAE (and question about Snowflake) new dcf snowflake Very Low
#25985 Snowflake rendezvous using AMP cache assigned dcf Medium
#26092 Split broker into components assigned dcf Low
#26151 Snowflake rendezvous using Amazon SQS new Medium
#28651 Prepare all pieces of the snowflake pipeline for a second snowflake bridge new anti-censorship-roadmap-2020 Medium
#29245 Tor 0.4 eventually hits "Delaying directory fetches: No running bridges" after some period of inactivity with bridges new 040-regression, snowflake, 040-deferred-20190220, network-team-roadmap-2020Q1, network-team-roadmap-2020Q2 Medium
#29260 Should Snowflake proxies have a way to identify themselves to the broker new Medium
#29293 New Design for client -- broker protocol for Snowflake new snowflake, bridges, broker, ex-sponsor-19 High
#29863 Add disk space monitoring for snowflake infrastructure assigned anti-censorship-roadmap, budget_needed Medium
#30350 Hello, in China, currently, Tor Browser 8.5a11 version can't connect to Tor network through Snowflake bridge. needs_information cohosh Medium
#30498 Proxy-go is receiving a lot of client timeouts new snowflake, ex-sponsor19 Medium
#30510 Share access to the Snowflake broker domain front CDN configuration needs_information Medium
#30579 Add more STUN servers to the default snowflake configuration in Tor Browser needs_information cohosh stun, anti-censorship-roadmap-2020 Medium
#30704 Plan for snowflake update versioning and backwards compatability new Medium
#30878 Set up snowbox to simulate censorship assigned cohosh Medium
#31085 Make an Android extension or app for people to be a snowflake (AMO or proxy-go) new snowflake-webextension android Medium
#31109 Better gamify the UX for snowflake extension new snowflake-webextension, ux-team Medium
#31151 Make pre-compiled binaries for proxy-go new Medium
#31201 Allow webextension users to specify how many resources it uses assigned arlolra snowflake-webextension Medium
#31288 Add an option to be able to run the Snowflake WebExt as a background app in Chrome new snowflake-webextension Medium
#31423 Improve building documentation new snowflake, documentation Medium
#31661 Run multiple snowflake bridges and optimize for least latency most throughput by GeoIP based route selection new Medium
#31804 Authentication for proxy--bridge connections new Medium
#31847 Expand contribution guidelines for snowflake new Medium
#31902 Add a short FAQ to snowflake.tp.o new Medium
#32545 Perform measurements to concretely understand snowflake throughput and network health assigned cohosh network-health, metrics Medium
#32589 Update the logos of Firefox and Chrome in https://snowflake.torproject.org/ new Very Low
#32657 Investigate Snowflake blocking in China needs_information cohosh blocking, china High
#32677 Find a way to notify deployed proxy-go instances of updates new Medium
#32938 Have a way to test throughput of snowflake proxy needs_revision cohosh snowflake-webextension, ux-team, anti-censorship-roadmap-2020 Medium
#33112 snowflake-webextension "Could not connect to the bridge." new Medium
#33157 Client generates SDP with "IN IP4 0.0.0.0", causing proxy to send "client_ip=0.0.0.0" and bridge to send "USERADDR 0.0.0.0:1" new Medium
#33365 Probe Snowflake bridge from proxy 1x a day needs_revision arlolra snowflake-webextension Medium
#33666 Investigate Snowflake proxy failures needs_information cohosh High
#33744 Remove local LAN address ICE candidates from JS proxy answer new snowflake-webextension Very Low
#33756 Hello, currently, in China, Tor Browser 9.5a8 still can't connect to Tor network through snowflake bridge. needs_information Immediate
#34075 Implement metrics to measure snowflake churn new metrics Medium
#34080 Avoid double delays from ReconnectTimeout new Medium
#34092 Snowflake no longer working on Google Chrome needs_information Medium
#34129 Use STUN to determine NAT behaviour of peers needs_review cohosh Medium
#34146 localize screenshots on snowflake page new Medium
#34147 Remove redundant languages from snowflake page new Medium
#34198 Include full broker messaging spec in /doc merge_ready cohosh Medium
#34265 Library selection for WebSocket communication with Tor relay. new snowflake-mobile Medium
#34270 Sending POST request in longpolling fashion to the broker. new snowflake-mobile Medium
#34271 Formatting the SDP in the broker response to make it suitable for SDP object creation. new snowflake-mobile Medium
#34272 Creating answer new snowflake-mobile Medium
#34273 Formatting the SDP answer in accordance to broker end point specification. new snowflake-mobile Medium
#34274 Sending answer SDP to the broker as a POST request. new snowflake-mobile Medium
#34275 Establishing connection with the client and finally check the connection. new snowflake-mobile Medium
#34276 Establishing WebSocket connection with the Tor relay. new snowflake-mobile Medium
#34277 Relaying the data back and forth between WebSocket and WebRTC connection. new snowflake-mobile Medium
#34278 Handling connection failures. new snowflake-mobile Medium
#34281 Design for final application UI. new snowflake-mobile Medium
#34282 Design for final notification UI. new snowflake-mobile Medium
#34283 Requirement of App settings UI. new snowflake-mobile Medium
#34354 SDP Serialization. new snowflake-mobile Medium
#34358 Implement a browser-compatible NAT behaviour discovery STUN library new snowflake-webext Medium
#34435 Update bug-reporting links for gitlab new Medium

Last modified 2 months ago Last modified on Apr 22, 2020, 9:28:57 PM

Attachments (4)

Download all attachments as: .zip