Network Traffic Patterns in Snowflake =======================================

  • we only use the WebRTC data channel in Snowflake becuause it uses tcp, media channels use udp
  • we don't have a way to transmit censorship-resistant data using unreliable protocols (eg UDP) - a solution for this is QUIC
  • QUIC components could be implemented on top of media streams to encode data in the media channels
  • so far data channels used mostly for gaming
  • mike has a side project to use quic in Tor so that packets don't get buffered in a hop

-fingerprintability comes from:

  • using data channel (not a concern)
  • outdated WebRTC clients/libraries -more important- meek was blocked for a while cause it was using old versions of firefox, problem was implementation, not the protocol
  • go library?
  • Snowflake uses a c++ library took from chrome some time ago

-Code needs to be adapted to what current users are using:

  • browsers are always mostly updated automatically
  • need to track when google make new releases of chrome
  • maintaining code with the current library is painful: it has their own language/implementation. Difficult to maintain cause they'll change stuff.

-Snowflake could switch to the WebRTC implementation of Firefox:

  • 5% users are firefox which is still a lot of colateral damage for censors
  • we could eliminate the c++ code and potentially build snowflake reproducibly on windows
  • concern: put maintenance of this on the browser team
  • needs to start Tor Browser with a different profile different from the default (to behave more like firefox without all plugins)
  • meek must do something similar, which can be copied
  • go application that listen on websocket and html page inside firefox report to that

ACTION: Investigate how meek implements a browser profile (ticket)

  • look more at the meek workflow
  • meek uses only tb
  • if something that meek does could be problematic, tak with tb how much could take to change

-Need to investigate the suitability of the Firefox WebRTC implementation:

  • is webrtc implementation different in different browsers?

-Need to review encryption in WebRTC:

  • what is the encryption in webrtc?, uses gTLS?, is it oportunistic? (yes, don't have certificates, just the handshake)
  • that's not a problem for us cause we do what in data channel?
  • the data in data channel is already encrypted, so it doesn't matter which encryption data channels use
  • ticket about building snowflake on 32-bit machines - is this something we need to support (no)
  • support requirements are different for clients vs proxies
  • Firefox ESR = extended support version that many business use
  • worth to spend time to change to TB
  • TB team is going to build it
Last modified 21 months ago Last modified on Jan 30, 2019, 1:33:11 PM