wiki:doc/Snowflake

Version 27 (modified by cypherpunks, 2 years ago) (diff)

Screenshot + small clarification.

Snowflake

Overview

Snowflake is a pluggable transport that proxies traffic through temporary proxies using WebRTC, a peer-to-peer protocol with built-in NAT punching. It aims to work kind of like flash proxy, but without flash proxy's problems with NAT.

Work in progress.

[tor-dev] Introducing Snowflake (webrtc pt)
https://lists.torproject.org/pipermail/tor-dev/2016-January/010310.html

User graph: https://metrics.torproject.org/userstats-bridge-transport.html?transport=snowflake.

Evaluation at PluggableTransports/SnowFlakeEvaluation.

欢迎测试 Tor 浏览器的新网桥 (目前仅支持 Mac OS X 与 Linux) (due to #22782)

Draft of the technical writeup

How to run a Snowflake proxy

Option 1 (web browser)

In a browser where WebRTC is enabled:

  1. Go to https://keroserene.net/snowflake/options.html and click the Yes button to opt in to being a proxy.
  2. Go to https://keroserene.net/snowflake/snowflake.html and watch the status messages. You shouldn't close that page if you want to remain a snowflake bridge.

Updated screenshot of snowflake.html

Option 2 (standalone)

  1. Get the #Source code.
  2. cd proxy-go
    go get
    go build
    ./proxy-go
    

Source code

https://gitweb.torproject.org/pluggable-transports/snowflake.git

The following should result in a 100% bootstrap over WebRTC:

git clone https://git.torproject.org/pluggable-transports/snowflake.git
cd snowflake/client
go get
go build
tor -f torrc

Integration with Tor Browser

2018-03-07: This section needs to be rewritten to be for the newer rbm-based build system. In particular, you should be able to just do make alpha in tor-browser-build.git.

The integration of Snowflake into Tor Browser is being tracked at ticket #19001. Here is a guide on getting started. For background reading, see doc/TorBrowser/Hacking, doc/TorBrowser/BuildingWithGitian, and gitian/README.build.

You need to start with an installation of Ubuntu (probably 14.04 is the best bet). You can also build on Debian (e.g. stretch), but dcf had trouble in the make-base-vm stage and had to run that stage on Ubuntu (the rest worked on Debian).

Clone gitian-builder and dcf's branch of tor-browser-bundle. The gitian-builder and tor-browser-bundle directories need to be siblings.

git clone -b tor-browser-builder-4 https://git.torproject.org/builders/gitian-builder.git
git clone https://git.torproject.org/builders/tor-browser-bundle.git
cd tor-browser-bundle
git remote add dcf https://git.torproject.org/user/dcf/tor-browser-bundle.git
git fetch dcf
git checkout -b snowflake --track dcf/snowflake

Enter the tor-browser-bundle/gitian directory and repeatedly run the script check-prerequisites.sh, doing what it says until it stops complaining. It's going to ask you to install a bunch of packages, perhaps create groups, and install a patched python-vm-builder program.

cd tor-browser-bundle/gitian
./check-prerequisites.sh

Now make the prep-alpha target. This will build the base VMs the first time you run it, and will take a long time. It will also download all the source files, which will also take a long time. TORSOCKS= causes the downloads to not use Tor.

make prep-alpha TORSOCKS=

Then to kick the whole thing off, do this:

make build-alpha

Making the build-alpha target, rather than just alpha, enables you to restart the build where it left off after a failure. Making just alpha will cause the whole process to start from scratch, discarding everything except the base VMs—you usually don't want to do that.

While the build is running, it will seem like nothing's happening. You can see what's happening by tailing the log files gitian-builder/var/install.log and gitian-builder/var/build.log.

Currently the build only works for linux. After building the linux bundles, it will fail somewhere in the middle of windows. An alternative to make build-alpha that only builds the linux bundles is ./mkbundle-linux.sh versions.alpha (see the build-alpha target in tor-browser-bundle/gitian/Makefile).

When the build is finished you will have a newly created directory named after the Tor Browser version number, containing tar.xz and other files. Intermediate results appear in gitian-builder/inputs, alongside downloaded source files. The intermediate result files have names that include "gbuilt", e.g. pluggable-transports-linux32-gbuilt.zip.

Current problems you will run into:

  • If you run into ssh: connect to host localhost port 2223: Connection refused, this means qemu failed to start due to lack of RAM. You may encounter this if you try to build on a droplet that's too small.

WebRTC fingerprintability

Notes at Snowflake/Fingerprinting.

Tickets

See also: https://github.com/keroserene/snowflake/issues https://github.com/keroserene/go-webrtc/issues

Ticket Summary Status Owner Keywords Priority
#25966 Report on Tor in the UAE (and question about Snowflake) new dcf snowflake Very Low
#29245 Tor 0.4 eventually hits "Delaying directory fetches: No running bridges" after some period of inactivity with bridges new 040-regression, snowflake, 040-deferred-20190220, network-team-roadmap-2020Q1, network-team-roadmap-2020Q2 Medium
#29293 New Design for client -- broker protocol for Snowflake new snowflake, bridges, broker, ex-sponsor-19 High
#30498 Proxy-go is receiving a lot of client timeouts new snowflake, ex-sponsor19 Medium
#31085 Make an Android extension or app for people to be a snowflake (AMO or proxy-go) new snowflake-webextension android Medium
#31109 Better gamify the UX for snowflake extension new snowflake-webextension, ux-team Medium
#31201 Allow webextension users to specify how many resources it uses assigned arlolra snowflake-webextension Medium
#31288 Add an option to be able to run the Snowflake WebExt as a background app in Chrome new snowflake-webextension Medium
#31423 Improve building documentation new snowflake, documentation Medium
#32938 Have a way to test throughput of snowflake proxy needs_revision cohosh snowflake-webextension, ux-team, anti-censorship-roadmap-2020 Medium
#33365 Probe Snowflake bridge from proxy 1x a day needs_revision arlolra snowflake-webextension Medium
#33744 Remove local LAN address ICE candidates from JS proxy answer new snowflake-webextension Very Low
#34265 Library selection for WebSocket communication with Tor relay. new snowflake-mobile Medium
#34270 Sending POST request in longpolling fashion to the broker. new snowflake-mobile Medium
#34271 Formatting the SDP in the broker response to make it suitable for SDP object creation. new snowflake-mobile Medium
#34272 Setting remote description offer and creating answer. new snowflake-mobile Medium
#34273 Formatting the SDP answer in accordance to broker end point specification. new snowflake-mobile Medium
#34274 Sending answer SDP to the broker as a POST request. new snowflake-mobile Medium
#34275 Establishing connection with the client and finally check the connection. new snowflake-mobile Medium
#34276 Establishing WebSocket connection with the Tor relay. new snowflake-mobile Medium
#34277 Relaying the data back and forth between WebSocket and WebRTC connection. new snowflake-mobile Medium
#34278 Handling connection failures. new snowflake-mobile Medium
#34281 Design for final application UI. new snowflake-mobile Medium
#34282 Design for final notification UI. new snowflake-mobile Medium
#34283 Requirement of App settings UI. new snowflake-mobile Medium
#34354 SDP Serialization. new snowflake-mobile Medium
#34358 Implement a browser-compatible NAT behaviour discovery STUN library new snowflake-webext Medium

Attachments (4)

Download all attachments as: .zip