Snowflake (software): Difference between revisions
Content deleted Content added
Rescuing orphaned refs ("Briar" from rev 1150808930) |
Citation bot (talk | contribs) Removed parameters. | Use this bot. Report bugs. | #UCB_CommandLine |
||
| (27 intermediate revisions by 10 users not shown) | |||
| Line 2: | Line 2: | ||
{{About|the browser extension|the data cloud software|Snowflake Inc.|the unique identifier|Snowflake ID}} |
{{About|the browser extension|the data cloud software|Snowflake Inc.|the unique identifier|Snowflake ID}} |
||
{{Use dmy dates|date=October 2022}} |
{{Use dmy dates|date=October 2022}} |
||
{{Infobox software |
|||
| ⚫ | |||
| logo = Tor Snowflake logo.svg |
|||
| logo alt = A simplified depiction of snowflake of purple color, similar to that of the Tor Project main color |
|||
| screenshot = Screenshot Tor Snowflake browser extension UI.png |
|||
| screenshot size = 321px |
|||
| screenshot alt = A browser extension popup with text "Number of users currently connected: 1. Number of users your Snowflake has helped circumvent censorship in the last 24 hours: 4. Enabled: yes. 'Learn more' link" |
|||
| ⚫ | |||
| author = [[Serene (pianist)|Serene]] |
|||
| developer = [[The Tor Project]] and community |
|||
| released = {{Start date and age|2017|01|24}}<ref name="snowflake-paper" /> |
|||
| programming language = {{wikidata|properties|linked|references|edit|P277}} |
|||
| included with = [[tor browser|Tor Browser]],<ref name="snowflake-paper" /> [[Orbot]]<ref name="snowflake-paper" /> |
|||
<!-- Is "included with" applicable to non-browsers? --> |
|||
| replaces = [[Flash proxy]]<ref name="snowflake-paper" /> |
|||
<!-- Should we add [[uProxy]]<ref name="snowflake-paper" />? Though it was never included with Tor Browser --> |
|||
| genre = [[Internet censorship circumvention]],<ref name="snowflake-paper" /> [[Overlay network]]{{Citation needed|reason=While it seems like Snowflake falls under this category, are there sources that clearly state it?|date=July 2024}} |
|||
| license = {{wikidata|properties|linked|references|edit|P275}} |
|||
}} |
|||
| ⚫ | '''Snowflake''' is a software package for assisting others in [[Internet censorship circumvention|circumventing internet censorship]] by relaying data requests. Snowflake proxy nodes are meant to be created by people in countries where [[Tor (network)|Tor]] and Snowflake are not blocked.<ref name=zdnet/> People under censorship then use a Snowflake client, packaged with the Tor Browser or Onion Browser,<ref name=ct/> to access the Tor network, using Snowflake relays as [[proxy server]]s. Access to the Tor network can in turn give access to other blocked services (like blocked websites).<ref name=zdnet/> A Snowflake proxy can be created by either installing a browser extension, installing a stand-alone program, or browsing a webpage with an embedded Snowflake proxy. The proxy runs whenever the browser or program is connected to the internet. |
||
In contrast to regular [[Virtual private network|VPNs]] and proxy services, launching a Snowflake proxy does not require [[port forwarding]] or having a [[Dedicated IP|dedicated IP address]].<ref name="snowflake-paper" /> Simply installing the browser extension is enough most of the time. The simplicity of launching a proxy warrants their numerosity, which makes it hard for the censors to block proxies by simply blocking their [[IP address]]es.<ref name="snowflake-paper" /><ref name="fifield-thesis">{{Cite thesis |last=Fifield |first=David |title=Threat modeling and circumvention of Internet censorship |url=https://www.bamsoftware.com/papers/thesis/ |url-status=live |journal= |language=en |publisher=EECS Department, University of California, Berkeley |publication-date=2017-12-15 |archive-url=https://archive.org/details/fifield-thesis |archive-date=2018-01-07 |access-date=2024-07-28 |website=www.bamsoftware.com |degree=PhD}}</ref> |
|||
| ⚫ | '''Snowflake''' is a software package for assisting others in [[Internet censorship circumvention|circumventing internet censorship]] by relaying data requests. Snowflake |
||
As of 2024, Snowflake proxies are hosted on about 140 000 IP unique addresses concurrently.<ref name="snowflake-paper" /> The average number of users that use Snowflake to connect to Tor is 35 000 and 29 [[Terabyte|TB]] of their traffic is relayed by Snowflake proxies daily.<ref name="snowflake-paper" /> |
|||
[[Tor (software)|Tor]] relays content requests through a chain of Tor nodes, including Snowflake nodes ([[onion routing]]). Each node in the chain only knows the addresses of the two adjacent links and cannot decrypt any of the other data it is relaying, which makes tracking or blocking the traffic much more difficult. A common countermeasure is blocking Tor nodes; the number and shifting nature of the Snowflake nodes make identifying and blocking connections to these nodes more difficult. |
|||
Tor is itself illegal in some countries. Like the internet, it can relay any sort of content, and some types of content are illegal in some countries. |
Tor is itself illegal in some countries. Like the internet, it can relay any sort of content, and some types of content are illegal in some countries. |
||
==History== |
==History== |
||
Snowflake was originated by [[Serene (pianist)|Serene]], a hacker and former Google engineer and concert pianist.<ref name=rnd0930/> The name "Snowflake" was coined as her metaphor for a large number of ephemeral proxies<ref name="zdnet"/> in relation to "[[Interactive Connectivity Establishment|ICE]] Negotiation". |
Snowflake was originated by [[Serene (pianist)|Serene]], a hacker and former Google engineer and concert pianist.<ref name=rnd0930/> It was inspired by [[Flash proxy]], a similar censorship circumvention system.<ref name="original-snowflake-repo-inspired-by"/> The name "Snowflake" was coined as her metaphor for a large number of ephemeral proxies<ref name="zdnet"/> in relation to "[[Interactive Connectivity Establishment|ICE]] Negotiation".<ref name="original-snowflake-repo-inspired-by"/> Three programmers published the first version in January 2016. In 2019, it became available as a [[browser extension]] for [[Firefox]] and [[Chrome (browser)|Chrome]].<ref name="zdnet"/> It can also be run on derived browsers, such as [[Brave (browser)|Brave]] and [[Microsoft Edge]].<ref name=FAZ/><ref name=ct/> In February 2023 a thoroughly upgraded, stand-alone version dubbed ''Snowstorm'' was released; written in [[Rust (programming language)|Rust]] and funded by the [[Open Tech Fund]], beta testing is by invitation.<ref>{{Cite web|url=https://mashable.com/article/snowstorm-beta-launch-anti-censorship-vpn-snowflake-tor|title=Snowflake helped Tor users thwart Russian censorship. Now the VPN is branching out as Snowstorm.|first=Matt|last=Binder|date=10 February 2023|website=Mashable}}</ref><ref name=forbes0208/> |
||
==Function== |
==Function== |
||
[[File:Snowflake-(Tor)-schematic.png|thumb|upright=3| |
[[File:Snowflake-(Tor)-schematic.png|thumb|upright=3| |
||
{{ordered list |
{{ordered list |
||
| item1_value=1 | 1 = The end-user asks the broker server for a Snowflake |
| item1_value=1 | 1 = The end-user asks the broker server for a Snowflake proxy |
||
| item2_value=2 | 2 = The broker finds a Snowflake |
| item2_value=2 | 2 = The broker finds a Snowflake proxy that is available |
||
| item3_value=3 | 3 = The broker replies to the end-user |
| item3_value=3 | 3 = The broker replies to the end-user |
||
| item4_value=4 | 4 = The end-user contacts the Snowflake |
| item4_value=4 | 4 = The end-user contacts the Snowflake proxy, with a direct peer-to-peer connection |
||
| item5_value=5 | 5 = The data request is relayed through the [[Tor (network)|Tor network]] to the destination server (for instance, the website the end-user is browsing) |
| item5_value=5 | 5 = The data request is relayed through the [[Tor (network)|Tor network]] to the destination server (for instance, the website the end-user is browsing) |
||
}}]] |
}}]] |
||
| Line 25: | Line 44: | ||
Normal internet data packages come labelled with the original source and the final recipient of the data. For example, a package containing the encrypted text of this article would be labelled with the destination (the [[IP address]] of the reader's computer), and the source (the IP address of a Wikipedia server).<ref name=EFF_2016>{{cite web |title=HTTPS Everywhere FAQ |url=https://www.eff.org/https-everywhere/faq#what-does-https-everywhere-protect-me-against |website=Electronic Frontier Foundation |language=en |date=7 November 2016}}</ref><ref name=EFF_2009>{{cite web |last1=Esguerra |first1=Richard |title=Help Protesters in Iran: Run a Tor Bridge or a Tor Relay |url=https://www.eff.org/deeplinks/2009/06/help-protesters-iran-run-tor-relays-bridges |website=Electronic Frontier Foundation |language=en |date=29 June 2009}}</ref> This means that even if the actual content is encrypted, a censor can block all packages from certain sources (for instance, [[Censorship of Wikipedia|banning any package that comes from Wikipedia]]).<ref name=advox>{{cite web |last1=Alimardani |first1=Mahsa |last2=Jacobs |first2=Frederic |title=New Research: Iran is Using 'Intelligent' Censorship on Instagram |url=https://advox.globalvoices.org/2015/05/07/new-research-iran-is-using-intelligent-censorship-on-instagram/ |website=Global Voices Advox |language=en |date=7 May 2015}}</ref><ref name=vice0507/><ref>{{cite web |last1=Budington |first1=Bill |title=China Uses Unencrypted Websites to Hijack Browsers in GitHub Attack |url=https://www.eff.org/deeplinks/2015/04/china-uses-unencrypted-websites-to-hijack-browsers-in-github-attack |website=Electronic Frontier Foundation |language=en |date=1 April 2015}}</ref> |
Normal internet data packages come labelled with the original source and the final recipient of the data. For example, a package containing the encrypted text of this article would be labelled with the destination (the [[IP address]] of the reader's computer), and the source (the IP address of a Wikipedia server).<ref name=EFF_2016>{{cite web |title=HTTPS Everywhere FAQ |url=https://www.eff.org/https-everywhere/faq#what-does-https-everywhere-protect-me-against |website=Electronic Frontier Foundation |language=en |date=7 November 2016}}</ref><ref name=EFF_2009>{{cite web |last1=Esguerra |first1=Richard |title=Help Protesters in Iran: Run a Tor Bridge or a Tor Relay |url=https://www.eff.org/deeplinks/2009/06/help-protesters-iran-run-tor-relays-bridges |website=Electronic Frontier Foundation |language=en |date=29 June 2009}}</ref> This means that even if the actual content is encrypted, a censor can block all packages from certain sources (for instance, [[Censorship of Wikipedia|banning any package that comes from Wikipedia]]).<ref name=advox>{{cite web |last1=Alimardani |first1=Mahsa |last2=Jacobs |first2=Frederic |title=New Research: Iran is Using 'Intelligent' Censorship on Instagram |url=https://advox.globalvoices.org/2015/05/07/new-research-iran-is-using-intelligent-censorship-on-instagram/ |website=Global Voices Advox |language=en |date=7 May 2015}}</ref><ref name=vice0507/><ref>{{cite web |last1=Budington |first1=Bill |title=China Uses Unencrypted Websites to Hijack Browsers in GitHub Attack |url=https://www.eff.org/deeplinks/2015/04/china-uses-unencrypted-websites-to-hijack-browsers-in-github-attack |website=Electronic Frontier Foundation |language=en |date=1 April 2015}}</ref> |
||
[[Tor (network)|Tor network]] can be used to access such blocked sites<ref name="EFF_2009" /> by acting as a proxy, covering the real destination address of the user's request.<ref name="EFF_why">{{cite web |last1=Quintin |first1=Cooper |date=13 June 2014 |title=Tor Is For Everyone: Why You Should Use Tor |url=https://www.eff.org/deeplinks/2014/06/why-you-should-use-tor |website=Electronic Frontier Foundation |language=en}}</ref><ref>{{cite book |last1=Shavers |first1=Brett |url=https://cdn.ttgtmedia.com/rms/pdf/Hiding%20Behind%20the%20Keyboard_Ch%202.pdf |title=Hiding behind the keyboard : uncovering covert communication methods with forensic analysis |date=2016 |isbn=9780128033524 |location=Cambridge, MA |chapter=2 The Tor Browser}}</ref> This is why censors usually try to block the Tor network as well.<ref name="EFF_2009" /> It is fairly easy for censors to block direct access to Tor because all regular Tor relays are public.<ref name="EFF_2009" /> |
|||
| ⚫ | Snowflake provides covert, indirect access to Tor.<ref name="snowflake-paper" /> A Snowflake client is provided with the IP address of a currently-active Snowflake proxy by asking a broker server,<ref name="ct" /><ref name="EFF" /> which in turn uses [[domain fronting]] to pretend to be a major website. The client then talks directly to the Snowflake proxy, which relays into the Tor network. The traffic looks like ordinary peer-to-peer traffic, such as that used by many videoconferencing apps.<ref name="EFF">{{cite web |last1=Quintin |first1=Cooper |title=Snowflake Makes It Easy For Anyone to Fight Censorship |url=https://www.eff.org/deeplinks/2022/10/snowflake-makes-it-easy-anyone-fight-censorship |website=Electronic Frontier Foundation |language=en |date=4 October 2022}}</ref> |
||
Since Tor can be used to access banned websites, some countries, such as [[Iran]] and [[Russia]], ban the Tor network. This means that Tor users can't simply connect to a publicly-known Tor entry node; all known Tor nodes will be blocked by the censors. Instead, users connect to a Tor bridge, a server which is secretly a Tor entry point. Censors, in turn, seek to identify and block Tor bridges, identifying them using [[deep packet inspection]].<ref name=EFF/> |
|||
| ⚫ | |||
| ⚫ | Snowflake provides |
||
| ⚫ | Snowflake proxies are thus used as Tor entry nodes, not as exit nodes. Exit nodes are the other end of the chain. They are the Tor nodes that know what content was requested, though they do not know who requested it (for instance, they would know that ''someone'' was contacting a Wikipedia server, but they would not know the IP address of the user). Exit nodes might face legal action in the country in which they are hosted if they relay content that is illegal in that country (so they are usually run in countries with little internet censorship). It is unlikely that Snowflake proxy hosts could face such liability, since they do not know what content they are relaying.<ref name=rnd0930/> There are, however, countries where using Tor for any purpose is illegal, such as Russia and Iran.<ref>{{cite web |last1=Tackett |first1=Carolyn |title=Venezuela blocks access to the Tor network |url=https://www.accessnow.org/venezuela-blocks-tor/ |website=Access Now |language=en |date=25 June 2018}}</ref> |
||
| ⚫ | |||
| ⚫ | Snowflake |
||
===Technical=== |
===Technical=== |
||
| Line 39: | Line 56: | ||
</nowiki></code> |title={{br}}[[HTML]] code to add a togglable Snowflake relay to a webpage |author={{URL|https://snowflake.torproject.org/}} |align=right |width=33%}} <!--apologies for the terrible formatting, feel free to fix--> |
</nowiki></code> |title={{br}}[[HTML]] code to add a togglable Snowflake relay to a webpage |author={{URL|https://snowflake.torproject.org/}} |align=right |width=33%}} <!--apologies for the terrible formatting, feel free to fix--> |
||
Snowflake uses [[WebRTC]] to allow browsers to communicate directly with one another.<ref name=ct>{{cite news |last1=Eikenberg |first1=Ronald |title=Internetsperren im Iran: So leisten Sie mit Snowflake Unterstützung |url=https://www.heise.de/hintergrund/Internetsperren-im-Iran-So-leisten-Sie-mit-Snowflake-Unterstuetzung-7281703.html |work=c't Magazin |publisher=heise online |date=30 September 2022 |language=de}}</ref> Either installing a browser extension, or keeping a tab open to a webpage with the right embedded code, causes one's browser to act as a |
Snowflake uses [[WebRTC]] to allow browsers to communicate directly with one another.<ref name=ct>{{cite news |last1=Eikenberg |first1=Ronald |title=Internetsperren im Iran: So leisten Sie mit Snowflake Unterstützung |url=https://www.heise.de/hintergrund/Internetsperren-im-Iran-So-leisten-Sie-mit-Snowflake-Unterstuetzung-7281703.html |work=c't Magazin |publisher=heise online |date=30 September 2022 |language=de}}</ref> Either installing a browser extension, or keeping a tab open to a webpage with the right embedded code, causes one's browser to act as a proxy.<ref name=zdnet/> Embedding a Snowflake badge in a website allows visitors to make their browser into a proxy, exactly as installing the extension does, but by clicking a button on the website rather than by installing software.<ref>{{cite web |title=Snowflake |url=https://snowflake.torproject.org/ |website=snowflake.torproject.org}}</ref> Snowflake can also be run as a stand-alone program in a [[Docker (software)|Docker]] container.<ref name=ct/> |
||
Proxying traffic increases the proxy host's [[Bandwidth (computing)|bandwidth]] usage, which may be a problem for those with bandwidth limits on their internet plans.<ref name=rnd0930/> In practice, hosting a Snowflake proxy does not seem to appreciably slow one's internet connection<ref name=FAZ/> or disrupt browsing.<ref name=ct/> |
|||
A detailed technical description is published on [[GitLab]].<ref>{{cite web |title=Technical Overview · Wiki · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab |url=https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview |website=GitLab |language=en}}</ref> |
A detailed technical description is published on [[GitLab]].<ref>{{cite web |title=Technical Overview · Wiki · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab |url=https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview |website=GitLab |language=en}}</ref> |
||
| Line 50: | Line 67: | ||
Censors may attempt to block the broker's IP address. To circumvent this, the Snowflake client utilizes [[domain fronting]]. This makes it infeasible for the censor to block a single website without blocking all the other websites hosted on the same cloud service. Google and Amazon are examples of such services. They host hundreds of thousands of websites. Blocking all the servers of one of these major hosts has disruptive side effects.<ref name=EFF/> However, the cloud provider can and often does block domain fronting.<ref name=sentinel1>{{cite web |last1=Mates |first1=Matan |title=Tor, Meek & The Rise And Fall Of Domain Fronting |url=https://www.sentinelone.com/blog/privacy-2019-tor-meek-rise-fall-domain-fronting/ |website=SentinelOne |date=15 April 2019}}</ref><ref name=wsj0316/> |
Censors may attempt to block the broker's IP address. To circumvent this, the Snowflake client utilizes [[domain fronting]]. This makes it infeasible for the censor to block a single website without blocking all the other websites hosted on the same cloud service. Google and Amazon are examples of such services. They host hundreds of thousands of websites. Blocking all the servers of one of these major hosts has disruptive side effects.<ref name=EFF/> However, the cloud provider can and often does block domain fronting.<ref name=sentinel1>{{cite web |last1=Mates |first1=Matan |title=Tor, Meek & The Rise And Fall Of Domain Fronting |url=https://www.sentinelone.com/blog/privacy-2019-tor-meek-rise-fall-domain-fronting/ |website=SentinelOne |date=15 April 2019}}</ref><ref name=wsj0316/> |
||
If overseas connections from data centers are allowed, but residential and mobile services are restricted to local connections, then Tor bridges may be secretly and illegally set up in local data centers. This has obvious dangers.<ref name=techcrunch/> |
If overseas connections from data centers are allowed, but residential and mobile services are restricted to local connections, then Tor bridges may be secretly and illegally set up in local data centers. This has obvious dangers.<ref name=techcrunch/> |
||
When a country shuts down access to foreign internet connections altogether, essentially cutting the country off from the global internet, Snowflake becomes useless.<ref name=rnd0930/> This has been repeatedly done in Iran and some other countries; it is, however, bad for business (in Iran in 2022, the cost was estimated at $37 million US a day<ref name=slate>{{cite news |last1=Zad |first1=Arash |title=When Will Iran's Internet Censorship Collapse? |url=https://slate.com/technology/2022/09/iran-protests-mahsa-amini-internet-censorship.html |access-date=6 October 2022 |work=Slate Magazine |date=29 September 2022 |language=en}}</ref>), so it is usually only done for short periods.<ref name=rnd0930/><ref name=blueprint>{{cite magazine |last1=Burgess |first1=Matt |title=Iran's total internet shutdown is a blueprint for breaking the web |url=https://www.wired.co.uk/article/iran-news-internet-shutdown |magazine=Wired UK |agency=Condé Nast |date=7 October 2020}}</ref> |
When a country shuts down access to foreign internet connections altogether, essentially cutting the country off from the global internet, Snowflake becomes useless.<ref name=rnd0930/> This has been repeatedly done in Iran and some other countries; it is, however, bad for business (in Iran in 2022, the cost was estimated at $37 million US a day<ref name=slate>{{cite news |last1=Zad |first1=Arash |title=When Will Iran's Internet Censorship Collapse? |url=https://slate.com/technology/2022/09/iran-protests-mahsa-amini-internet-censorship.html |access-date=6 October 2022 |work=Slate Magazine |date=29 September 2022 |language=en}}</ref>), so it is usually only done for short periods.<ref name=rnd0930/><ref name=blueprint>{{cite magazine |last1=Burgess |first1=Matt |title=Iran's total internet shutdown is a blueprint for breaking the web |url=https://www.wired.co.uk/article/iran-news-internet-shutdown |magazine=Wired UK |agency=Condé Nast |date=7 October 2020}}</ref> |
||
| Line 62: | Line 79: | ||
In 2022, the Russian government increased efforts to block access to Tor through technical and political means, and the Tor network reported an increase in traffic from Russia using Snowflake.<ref name=wired0728/> |
In 2022, the Russian government increased efforts to block access to Tor through technical and political means, and the Tor network reported an increase in traffic from Russia using Snowflake.<ref name=wired0728/> |
||
Snowflake is integrated into the Tor network. Usage of the Tor network is becoming more common in Russia, Belarus, and Iran, {{ |
Snowflake is integrated into the Tor network. Usage of the Tor network is becoming more common in Russia, Belarus, and Iran, {{as of|lc=yes|2022}}, as internet censorship in these countries has become more strict.<ref name=FAZ>{{cite news |last1=Küchemann |first1=Fridtjof |title=Per Snowflake ins TOR-Netzwerk: Online-Gasse für Menschen in Iran |url=https://www.faz.net/aktuell/feuilleton/medien/zugang-fuer-iraner-per-snowflake-ins-tor-netzwerk-18346679.html |work=[[Frankfurter Allgemeine Zeitung]] |date=27 September 2022 |language=de}}</ref> |
||
==See also== |
==See also== |
||
| Line 69: | Line 86: | ||
**[[Briar (software)]] uses Tor<ref name="Briar">{{cite web |title=How it works - Briar |url=https://briarproject.org/how-it-works/ |website=briarproject.org}}</ref> |
**[[Briar (software)]] uses Tor<ref name="Briar">{{cite web |title=How it works - Briar |url=https://briarproject.org/how-it-works/ |website=briarproject.org}}</ref> |
||
*[[Sneakernet]], a technique widely used in countries with little internet access. |
*[[Sneakernet]], a technique widely used in countries with little internet access. |
||
*[[Toosheh]] uses satellite TV receiving equipment to download (but not upload) files, which are then sometimes |
*[[Toosheh]] uses satellite TV receiving equipment to download (but not upload) files, which are then sometimes sneakernetted.<ref>{{cite news |last1=Boniadi |first1=Nazanin |title='LOTR: The Rings Of Power's Nazanin Boniadi Calls For Action After Death Of Mahsa Amini In Iran – Guest Column |url=https://deadline.com/2022/09/mahsa-amini-death-protests-nazanin-boniadi-guest-column-lotr-iran-1235131413/ |work=Deadline |date=30 September 2022}}</ref> |
||
*[[Flash proxy]] is a similar project, which Snowflake was inspired by.<ref name="original-snowflake-repo-inspired-by"/> |
|||
==References== |
==References== |
||
{{reflist|refs= |
{{reflist|refs= |
||
<ref name="snowflake-paper">{{cite conference |last1=Fifield |first1=David |last2=Wang |first2=Xiaokang |last3=Serene |last4=Breault |first4=Arlo |last5=Bocovich |first5=Cecylia |title=Snowflake, a censorship circumvention system using temporary WebRTC proxies |date=August 2024 |url=https://www.usenix.org/conference/usenixsecurity24/presentation/bocovich |access-date=22 July 2024 |publisher=USENIX |language=en | isbn=978-1-939133-44-1 | pages=2635–2652}}</ref> |
|||
| ⚫ | <ref name="zdnet">{{cite web |title=Tor Snowflake turns your browser into a proxy for users in censored countries|first=Catalin|last=Cimpanu|date=October 16, |
||
| ⚫ | <ref name="zdnet">{{cite web |title=Tor Snowflake turns your browser into a proxy for users in censored countries|first=Catalin|last=Cimpanu|date=October 16, 2019|url=https://www.zdnet.com/article/tor-snowflake-turns-your-browser-into-a-proxy-for-users-in-censored-countries/ |website=ZDNET |language=en}}</ref> |
||
<ref name=forbes0208>{{Cite web|url=https://www.forbes.com/sites/johanmoreno/2023/02/08/as-the-internet-freedom-project-expands-snowflake-becomes-snowstorm/|title=As The Internet Freedom Project Expands, Snowflake Becomes Snowstorm|date=Feb 8, 2023|first=Johan|last=Moreno|website=Forbes}}</ref> |
<ref name=forbes0208>{{Cite web|url=https://www.forbes.com/sites/johanmoreno/2023/02/08/as-the-internet-freedom-project-expands-snowflake-becomes-snowstorm/|title=As The Internet Freedom Project Expands, Snowflake Becomes Snowstorm|date=Feb 8, 2023|first=Johan|last=Moreno|website=Forbes}}</ref> |
||
<ref name="original-snowflake-repo-inspired-by">{{cite web |author1-link=Serene (pianist) |title=The original Snowflake repo |url=https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake |website=Tor Project GitLab |access-date=3 December 2024 |ref=faq | language=en |date=7 July 2024 |quote=Why is this called Snowflake? It utilizes the "ICE" negotiation via WebRTC, and also involves a great abundance of ephemeral and short-lived (and special!) volunteer proxies }}</ref> |
|||
| ⚫ | |||
| ⚫ | |||
<ref name=vice0507>{{cite web |title=Iran's 'Smart' Instagram Censorship Isn't That Smart|date=May 7, 2015 |url=https://www.vice.com/en/article/4x38kd/irans-smart-instagram-censorship-isnt-that-smart |website=Vice News |language=en |last1=Franceschi-Bicchierai |first1=Lorenzo}}</ref> |
<ref name=vice0507>{{cite web |title=Iran's 'Smart' Instagram Censorship Isn't That Smart|date=May 7, 2015 |url=https://www.vice.com/en/article/4x38kd/irans-smart-instagram-censorship-isnt-that-smart |website=Vice News |language=en |last1=Franceschi-Bicchierai |first1=Lorenzo}}</ref> |
||
| Line 87: | Line 109: | ||
}} |
}} |
||
| ⚫ | |||
==External links== |
==External links== |
||
*[https://metrics.torproject.org/userstats-bridge-combined.html Live graph of user numbers], filterable by country of origin and transports (of which Snowflake is one) <!--the crash in Meek use in Iran is https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/100#note_2845113, and the crash in Snowflake use is https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40207--> |
*[https://metrics.torproject.org/userstats-bridge-combined.html Live graph of user numbers], filterable by country of origin and transports (of which Snowflake is one) <!--the crash in Meek use in Iran is https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/100#note_2845113, and the crash in Snowflake use is https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40207--> |
||
{{Tor (anonymity network)}} |
|||
| ⚫ | |||
[[Category:2016 software]] |
|||
Latest revision as of 04:09, 24 December 2024
 | |
 User interface for the Snowflake browser extension | |
| Original author(s) | Serene |
|---|---|
| Developer(s) | The Tor Project and community |
| Initial release | January 24, 2017[1] |
| Repository | |
| Written in | Go,[2][3] JavaScript[2][4]  |
| Included with | Tor Browser,[1] Orbot[1] |
| Predecessor | Flash proxy[1] |
| Type | Internet censorship circumvention,[1] Overlay network[citation needed] |
| License | 3-clause BSD License[5][4][6] |
| Website | snowflake |
Snowflake is a software package for assisting others in circumventing internet censorship by relaying data requests. Snowflake proxy nodes are meant to be created by people in countries where Tor and Snowflake are not blocked.[7] People under censorship then use a Snowflake client, packaged with the Tor Browser or Onion Browser,[8] to access the Tor network, using Snowflake relays as proxy servers. Access to the Tor network can in turn give access to other blocked services (like blocked websites).[7] A Snowflake proxy can be created by either installing a browser extension, installing a stand-alone program, or browsing a webpage with an embedded Snowflake proxy. The proxy runs whenever the browser or program is connected to the internet.
In contrast to regular VPNs and proxy services, launching a Snowflake proxy does not require port forwarding or having a dedicated IP address.[1] Simply installing the browser extension is enough most of the time. The simplicity of launching a proxy warrants their numerosity, which makes it hard for the censors to block proxies by simply blocking their IP addresses.[1][9]
As of 2024, Snowflake proxies are hosted on about 140 000 IP unique addresses concurrently.[1] The average number of users that use Snowflake to connect to Tor is 35 000 and 29 TB of their traffic is relayed by Snowflake proxies daily.[1]
Tor is itself illegal in some countries. Like the internet, it can relay any sort of content, and some types of content are illegal in some countries.
History
[edit]Snowflake was originated by Serene, a hacker and former Google engineer and concert pianist.[10] It was inspired by Flash proxy, a similar censorship circumvention system.[11] The name "Snowflake" was coined as her metaphor for a large number of ephemeral proxies[7] in relation to "ICE Negotiation".[11] Three programmers published the first version in January 2016. In 2019, it became available as a browser extension for Firefox and Chrome.[7] It can also be run on derived browsers, such as Brave and Microsoft Edge.[12][8] In February 2023 a thoroughly upgraded, stand-alone version dubbed Snowstorm was released; written in Rust and funded by the Open Tech Fund, beta testing is by invitation.[13][14]
Function
[edit]-schematic.png)
- The end-user asks the broker server for a Snowflake proxy
- The broker finds a Snowflake proxy that is available
- The broker replies to the end-user
- The end-user contacts the Snowflake proxy, with a direct peer-to-peer connection
- The data request is relayed through the Tor network to the destination server (for instance, the website the end-user is browsing)
Normal internet data packages come labelled with the original source and the final recipient of the data. For example, a package containing the encrypted text of this article would be labelled with the destination (the IP address of the reader's computer), and the source (the IP address of a Wikipedia server).[15][16] This means that even if the actual content is encrypted, a censor can block all packages from certain sources (for instance, banning any package that comes from Wikipedia).[17][18][19]
Tor network can be used to access such blocked sites[16] by acting as a proxy, covering the real destination address of the user's request.[20][21] This is why censors usually try to block the Tor network as well.[16] It is fairly easy for censors to block direct access to Tor because all regular Tor relays are public.[16]
Snowflake provides covert, indirect access to Tor.[1] A Snowflake client is provided with the IP address of a currently-active Snowflake proxy by asking a broker server,[8][22] which in turn uses domain fronting to pretend to be a major website. The client then talks directly to the Snowflake proxy, which relays into the Tor network. The traffic looks like ordinary peer-to-peer traffic, such as that used by many videoconferencing apps.[22]
A Snowflake proxy runs whenever the browser or program is connected to the internet. If the proxy host has a dynamic IP, the proxy will change its IP address over time.[10][8] See also ad hoc network.
Snowflake proxies are thus used as Tor entry nodes, not as exit nodes. Exit nodes are the other end of the chain. They are the Tor nodes that know what content was requested, though they do not know who requested it (for instance, they would know that someone was contacting a Wikipedia server, but they would not know the IP address of the user). Exit nodes might face legal action in the country in which they are hosted if they relay content that is illegal in that country (so they are usually run in countries with little internet censorship). It is unlikely that Snowflake proxy hosts could face such liability, since they do not know what content they are relaying.[10] There are, however, countries where using Tor for any purpose is illegal, such as Russia and Iran.[23]
Technical
[edit]<iframe src="https://snowflake.torproject.org/embed.html" width="320" height="240" frameborder="0" scrolling="no"></iframe>
— snowflake.torproject .org,
HTML code to add a togglable Snowflake relay to a webpage
Snowflake uses WebRTC to allow browsers to communicate directly with one another.[8] Either installing a browser extension, or keeping a tab open to a webpage with the right embedded code, causes one's browser to act as a proxy.[7] Embedding a Snowflake badge in a website allows visitors to make their browser into a proxy, exactly as installing the extension does, but by clicking a button on the website rather than by installing software.[24] Snowflake can also be run as a stand-alone program in a Docker container.[8]
Proxying traffic increases the proxy host's bandwidth usage, which may be a problem for those with bandwidth limits on their internet plans.[10] In practice, hosting a Snowflake proxy does not seem to appreciably slow one's internet connection[12] or disrupt browsing.[8]
A detailed technical description is published on GitLab.[25]
Countermeasures
[edit]Countermeasures believed to be currently in use against Snowflake from Russia include browser fingerprinting Snowflake hosts and then blocking them. Censors may also install and use Tor, then block all the IP addresses offered as Snowflake servers. Both of these techniques are weakened when there are larger numbers of servers.[26]
Censors may attempt to block the broker's IP address. To circumvent this, the Snowflake client utilizes domain fronting. This makes it infeasible for the censor to block a single website without blocking all the other websites hosted on the same cloud service. Google and Amazon are examples of such services. They host hundreds of thousands of websites. Blocking all the servers of one of these major hosts has disruptive side effects.[22] However, the cloud provider can and often does block domain fronting.[27][28]
If overseas connections from data centers are allowed, but residential and mobile services are restricted to local connections, then Tor bridges may be secretly and illegally set up in local data centers. This has obvious dangers.[29]
When a country shuts down access to foreign internet connections altogether, essentially cutting the country off from the global internet, Snowflake becomes useless.[10] This has been repeatedly done in Iran and some other countries; it is, however, bad for business (in Iran in 2022, the cost was estimated at $37 million US a day[30]), so it is usually only done for short periods.[10][31]
Comparison to VPNs
[edit]A simple proxy, like a virtual private network (VPN), has only a single relay. This means that the server address of the VPN has to be known to every user, making it easier to block.[10] For instance, at the beginning of October 2022, during internet disruptions related to the Mahsa Amini protests, VPNs in Iran would drop connections every few minutes.[29] The VPN itself also knows which end-users requested which pages, allowing VPNs to engage in surveillance.[10][32] In some countries, such as Iran, VPNs are illegal[10] and may be government-affiliated.[30]
Uses
[edit]Snowflake came to be widely discussed online in the first week of October 2022, as a way of combatting internet restrictions in Iran during the Mahsa Amini protests,[10] and a guide in Persian was released.[33][22]
In 2022, the Russian government increased efforts to block access to Tor through technical and political means, and the Tor network reported an increase in traffic from Russia using Snowflake.[26]
Snowflake is integrated into the Tor network. Usage of the Tor network is becoming more common in Russia, Belarus, and Iran, as of 2022[update], as internet censorship in these countries has become more strict.[12]
See also
[edit]- Psiphon uses a variety of anticensorship techniques
- Smartphone ad hoc network, a peer-to-peer system that can be used when the conventional internet infrastructure is entirely shut down
- Briar (software) uses Tor[34]
- Sneakernet, a technique widely used in countries with little internet access.
- Toosheh uses satellite TV receiving equipment to download (but not upload) files, which are then sometimes sneakernetted.[35]
- Flash proxy is a similar project, which Snowflake was inspired by.[11]
References
[edit]- ^ a b c d e f g h i j Fifield, David; Wang, Xiaokang; Serene; Breault, Arlo; Bocovich, Cecylia (August 2024). Snowflake, a censorship circumvention system using temporary WebRTC proxies. USENIX. pp. 2635–2652. ISBN 978-1-939133-44-1. Retrieved 22 July 2024.
- ^ a b "Snowflake, a censorship circumvention system using temporary WebRTC proxies". USENIX. Retrieved 26 July 2024.
- ^ "Snowflake". Retrieved 26 July 2024.
- ^ a b "Snowflake WebExtension". Retrieved 26 July 2024.
- ^ "Snowflake". Retrieved 26 July 2024.
- ^ "Snowflake". Free Software Directory. Retrieved 26 July 2024.
- ^ a b c d e Cimpanu, Catalin (16 October 2019). "Tor Snowflake turns your browser into a proxy for users in censored countries". ZDNET.
- ^ a b c d e f g Eikenberg, Ronald (30 September 2022). "Internetsperren im Iran: So leisten Sie mit Snowflake Unterstützung". c't Magazin (in German). heise online.
- ^ Fifield, David (15 December 2017). Threat modeling and circumvention of Internet censorship. www.bamsoftware.com (PhD thesis). EECS Department, University of California, Berkeley. Archived from the original on 7 January 2018. Retrieved 28 July 2024.
- ^ a b c d e f g h i j Schwarzer, Matthias (30 September 2022). "Netzsperre im Iran umgehen: Wie "Snowflake" einen Weg ins freie Internet ermöglicht - so kann der Westen helfen". RedaktionsNetzwerk Deutschland (in German). Retrieved 10 October 2022.
- ^ a b c "The original Snowflake repo". Tor Project GitLab. 7 July 2024. Retrieved 3 December 2024.
Why is this called Snowflake? It utilizes the "ICE" negotiation via WebRTC, and also involves a great abundance of ephemeral and short-lived (and special!) volunteer proxies
- ^ a b c Küchemann, Fridtjof (27 September 2022). "Per Snowflake ins TOR-Netzwerk: Online-Gasse für Menschen in Iran". Frankfurter Allgemeine Zeitung (in German).
- ^ Binder, Matt (10 February 2023). "Snowflake helped Tor users thwart Russian censorship. Now the VPN is branching out as Snowstorm". Mashable.
- ^ Moreno, Johan (8 February 2023). "As The Internet Freedom Project Expands, Snowflake Becomes Snowstorm". Forbes.
- ^ "HTTPS Everywhere FAQ". Electronic Frontier Foundation. 7 November 2016.
- ^ a b c d Esguerra, Richard (29 June 2009). "Help Protesters in Iran: Run a Tor Bridge or a Tor Relay". Electronic Frontier Foundation.
- ^ Alimardani, Mahsa; Jacobs, Frederic (7 May 2015). "New Research: Iran is Using 'Intelligent' Censorship on Instagram". Global Voices Advox.
- ^ Franceschi-Bicchierai, Lorenzo (7 May 2015). "Iran's 'Smart' Instagram Censorship Isn't That Smart". Vice News.
- ^ Budington, Bill (1 April 2015). "China Uses Unencrypted Websites to Hijack Browsers in GitHub Attack". Electronic Frontier Foundation.
- ^ Quintin, Cooper (13 June 2014). "Tor Is For Everyone: Why You Should Use Tor". Electronic Frontier Foundation.
- ^ Shavers, Brett (2016). "2 The Tor Browser". Hiding behind the keyboard : uncovering covert communication methods with forensic analysis (PDF). Cambridge, MA. ISBN 9780128033524.
{{cite book}}: CS1 maint: location missing publisher (link) - ^ a b c d Quintin, Cooper (4 October 2022). "Snowflake Makes It Easy For Anyone to Fight Censorship". Electronic Frontier Foundation.
- ^ Tackett, Carolyn (25 June 2018). "Venezuela blocks access to the Tor network". Access Now.
- ^ "Snowflake". snowflake.torproject.org.
- ^ "Technical Overview · Wiki · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab". GitLab.
- ^ a b Burgess, Matt (28 July 2022). "How Tor Is Fighting—and Beating—Russian Censorship". WIRED. Retrieved 30 July 2022.
- ^ Mates, Matan (15 April 2019). "Tor, Meek & The Rise And Fall Of Domain Fronting". SentinelOne.
- ^ Dou, Eva; Barr, Alistair (16 March 2015). "U.S. Cloud Providers Face Backlash From China's Censors". WSJ.
- ^ a b Butcher, Mike (5 October 2022). "As Iran throttles its internet, activists fight to get online". TechCrunch.
- ^ a b Zad, Arash (29 September 2022). "When Will Iran's Internet Censorship Collapse?". Slate Magazine. Retrieved 6 October 2022.
- ^ Burgess, Matt (7 October 2020). "Iran's total internet shutdown is a blueprint for breaking the web". Wired UK. Condé Nast.
- ^ Eikenberg, Ronald (23 March 2022). "Wie sich Bürger in autoritären Regimes gegen Netzsperren und Zensur wehren". c't Magazin (in German). heise online.
- ^ "Iran: Circumventing Censorship with Tor". Tor Project Forum. 22 September 2022.
- ^ "How it works - Briar". briarproject.org.
- ^ Boniadi, Nazanin (30 September 2022). "'LOTR: The Rings Of Power's Nazanin Boniadi Calls For Action After Death Of Mahsa Amini In Iran – Guest Column". Deadline.
External links
[edit]- Live graph of user numbers, filterable by country of origin and transports (of which Snowflake is one)