Network Traffic Patterns in Snowflake =======================================
- we only use the WebRTC data channel in Snowflake becuause it uses tcp, media channels use udp
- we don't have a way to transmit censorship-resistant data using unreliable protocols (eg UDP) - a solution for this is QUIC
- QUIC components could be implemented on top of media streams to encode data in the media channels
- so far data channels used mostly for gaming
- mike has a side project to use quic in Tor so that packets don't get buffered in a hop
-fingerprintability comes from:
- using data channel (not a concern)
- outdated WebRTC clients/libraries -more important- meek was blocked for a while cause it was using old versions of firefox, problem was implementation, not the protocol
- go library?
- Snowflake uses a c++ library took from chrome some time ago
-Code needs to be adapted to what current users are using:
- browsers are always mostly updated automatically
- need to track when google make new releases of chrome
- maintaining code with the current library is painful: it has their own language/implementation. Difficult to maintain cause they'll change stuff.
-Snowflake could switch to the WebRTC implementation of Firefox:
- 5% users are firefox which is still a lot of colateral damage for censors
- we could eliminate the c++ code and potentially build snowflake reproducibly on windows
- concern: put maintenance of this on the browser team
- needs to start Tor Browser with a different profile different from the default (to behave more like firefox without all plugins)
- meek must do something similar, which can be copied
- go application that listen on websocket and html page inside firefox report to that
ACTION: Investigate how meek implements a browser profile (ticket)
- look more at the meek workflow
- meek uses only tb
- if something that meek does could be problematic, tak with tb how much could take to change
-Need to investigate the suitability of the Firefox WebRTC implementation:
- is webrtc implementation different in different browsers?
-Need to review encryption in WebRTC:
- what is the encryption in webrtc?, uses gTLS?, is it oportunistic? (yes, don't have certificates, just the handshake)
- that's not a problem for us cause we do what in data channel?
- the data in data channel is already encrypted, so it doesn't matter which encryption data channels use
- ticket about building snowflake on 32-bit machines - is this something we need to support (no)
- support requirements are different for clients vs proxies
- Firefox ESR = extended support version that many business use
- worth to spend time to change to TB
- TB team is going to build it
Last modified 3 weeks ago
Last modified on Jan 30, 2019, 1:33:11 PM