wiki:doc/Snowflake

Snowflake

Overview

Snowflake is a pluggable transport that proxies traffic through temporary proxies using WebRTC, a peer-to-peer protocol with built-in NAT punching. It aims to work kind of like flash proxy, but without flash proxy's problems with NAT.

Work in progress.

[tor-dev] Introducing Snowflake (webrtc pt)
https://lists.torproject.org/pipermail/tor-dev/2016-January/010310.html

User graph: https://metrics.torproject.org/userstats-bridge-transport.html?transport=snowflake.

Evaluation at PluggableTransports/SnowFlakeEvaluation.

How to run a Snowflake proxy

Option 1 (web browser)

  1. Go to https://keroserene.net/snowflake/options.html and click the Yes button to opt in to being a proxy.
  2. Go to https://keroserene.net/snowflake/snowflake.html and watch the status messages.

Option 2 (standalone)

  1. Get the #Source code.
  2. cd proxy-go
    go get
    go build
    ./proxy-go
    

Source code

https://gitweb.torproject.org/pluggable-transports/snowflake.git

The following should result in a 100% bootstrap over WebRTC:

git clone https://git.torproject.org/pluggable-transports/snowflake.git
cd snowflake/client
go get
go build
tor -f torrc

Integration with Tor Browser

(Work in progress.)

The integration of Snowflake into Tor Browser is being tracked at ticket #19001. Here is a guide on getting started. For background reading, see doc/TorBrowser/Hacking, doc/TorBrowser/BuildingWithGitian, and gitian/README.build.

You need to start with an installation of Ubuntu (probably 14.04 is the best bet). You can also build on Debian (e.g. stretch), but dcf had trouble in the make-base-vm stage and had to run that stage on Ubuntu (the rest worked on Debian).

Clone gitian-builder and dcf's branch of tor-browser-bundle. The gitian-builder and tor-browser-bundle directories need to be siblings.

git clone -b tor-browser-builder-4 https://git.torproject.org/builders/gitian-builder.git
git clone https://git.torproject.org/builders/tor-browser-bundle.git
cd tor-browser-bundle
git remote add dcf https://git.torproject.org/user/dcf/tor-browser-bundle.git
git fetch dcf
git checkout -b snowflake --track dcf/snowflake

Enter the tor-browser-bundle/gitian directory and repeatedly run the script check-prerequisites.sh, doing what it says until it stops complaining. It's going to ask you to install a bunch of packages, perhaps create groups, and install a patched python-vm-builder program.

cd tor-browser-bundle/gitian
./check-prerequisites.sh

Now make the prep-alpha target. This will build the base VMs the first time you run it, and will take a long time. It will also download all the source files, which will also take a long time. TORSOCKS= causes the downloads to not use Tor.

make prep-alpha TORSOCKS=

Then to kick the whole thing off, do this:

make build-alpha

Making the build-alpha target, rather than just alpha, enables you to restart the build where it left off after a failure. Making just alpha will cause the whole process to start from scratch, discarding everything except the base VMs—you usually don't want to do that.

While the build is running, it will seem like nothing's happening. You can see what's happening by tailing the log files gitian-builder/var/install.log and gitian-builder/var/build.log.

Currently the build only works for linux. After building the linux bundles, it will fail somewhere in the middle of windows. An alternative to make build-alpha that only builds the linux bundles is ./mkbundle-linux.sh versions.alpha (see the build-alpha target in tor-browser-bundle/gitian/Makefile).

When the build is finished you will have a newly created directory named after the Tor Browser version number, containing tar.xz and other files. Intermediate results appear in gitian-builder/inputs, alongside downloaded source files. The intermediate result files have names that include "gbuilt", e.g. pluggable-transports-linux32-gbuilt.zip.

Current problems you will run into:

  • If you run into ssh: connect to host localhost port 2223: Connection refused, this means qemu failed to start due to lack of RAM. You may encounter this if you try to build on a droplet that's too small.

WebRTC fingerprintability

Notes at Snowflake/Fingerprinting.

Tickets

See also: https://github.com/keroserene/snowflake/issues https://github.com/keroserene/go-webrtc/issues

Ticket Summary Status Owner Keywords Priority
#18628 Devise some way for the browser proxy to forward metadata to the bridge before the OR data needs_revision High
#18654 Use TLS WebSockets (wss://) for proxy-to-server communication needs_review snowflake, cupcake High
#19001 Tor Browser with Snowflake new Medium
#19026 Remove local LAN address ICE candidates new Medium
#19315 Include libwebrtc license files in bundle new Medium
#19409 make a deb of snowflake and get into Debian new Medium
#19569 DataChannel-only libwebrtc new arlolra Medium
#20813 Start producing snowflakes new High
#21304 Sanitize snowflake.log new Medium
#21305 Client gets into an unrecoverable connect / close loop new Medium
#21312 snowflake-client is pegged at 100% cpu new Medium
#21314 snowflake-client needs to stop using my network when I'm not giving it requests new Medium
#21315 publish some realtime stats from the broker? new Medium
#22718 OpenWebRTC? new Low
#22782 Change domain front for snowflake to something that isn't blocked new Medium
#22874 Standalone broker (independent of App Engine) assigned cmm32 High
#22945 End-to-end confidentiality for Snowflake client registrations new Medium

Last modified 2 weeks ago Last modified on Jul 13, 2017, 5:29:32 PM