Snowflake uses domain fronting[1] for rendezvous. It is the digital equivalent of a spy having their secret meetings inside an unsuspecting friends house, and it always eventually it goes bad for that friend.<p>The technique is heavily used by bad actors and is being blocked by default[2] by some cloud providers. AWS went as far as sending a nastygram to Signal[3] when they tried to roll it out on a wide basis for fear that countries like Iran and China would just block all of AWS.<p>1. <a href="https://en.wikipedia.org/wiki/Domain_fronting" rel="nofollow noreferrer">https://en.wikipedia.org/wiki/Domain_fronting</a>
2. <a href="https://azure.microsoft.com/en-us/updates/generally-available-block-domain-fronting-behavior-on-newly-created-customer-resources/" rel="nofollow noreferrer">https://azure.microsoft.com/en-us/updates/generally-availabl...</a>
3. <a href="https://signal.org/blog/looking-back-on-the-front/" rel="nofollow noreferrer">https://signal.org/blog/looking-back-on-the-front/</a>
This is a relay for Tor users to be able to access Tor (when normal guard relays (first hop in a Tor circuit) are blocked), using domain fronting and webrtc.<p>The text is written quite confusingly, at least the German translation it served me by default. I was wondering how this could circumvent censorship, as the target needs to also support webrtc so there's no way to access any http(s) website via this in-browser proxy, this still requires another server to accept the webrtc connection and forward your traffic, but the point (which the article doesn't mention) is to be able to connect to this other server indirectly.<p>It even goes so far as to claim that you don't need any software to visit censored websites:<p>> Im Gegensatz zu VPNs musst du keine separate Anwendung installieren, um dich mit einem Snowflake-Proxy zu verbinden und die Zensur zu umgehen.<p>Except you do. Without Tor client, this snowflake proxy is useless. Clicking through to the technical details (link marked with a warning "this content is in English"):<p>> 1. User in the filtered region wishes to access the free and open internet. They open Tor Browser, selecting snowflake as the Pluggable Transport.<p>The article said "contrary to VPNs, you don't need to install separate software to circumvent censorship" and the technical overview says the literal opposite: you need to install a Tor client to make use of a snowflake proxy.
If Tor is illegal in your country, it seems pretty risky to try to use it. Since anyone can run a snowflake proxy, it would be a trivial exercise to just log connecting IP addresses. Then it's a gamble with vanishing odds of staying safe each time you connect.
> If you switch on the Snowflake below and leave the browser tab open, a user can connect through your new proxy!<p>I am not even sure, if I am getting this right. If I embed an iframe in my website, traffic from Tor users will get tunneled through my user visitor's IP? How does consent works with relay.love? Does my website vistor's IP show up as TOR exit node?
So, I'm reminded of the old 'store your files on youtube' thing[0] and I wonder how much bandwidth one could get using the same concept on one of the widely used voice conferencing solutions (like zoom) to further blend in. Bonus if you can do some kind of video steganography to transfer the data and have a 'real' call.<p>[0] <a href="https://github.com/DvorakDwarf/Infinite-Storage-Glitch">https://github.com/DvorakDwarf/Infinite-Storage-Glitch</a>
Not sure how new this is but very cool that users can host a node simply by toggling an iframe or installing a browser extension. I wonder if these methods have much lower bandwidth limitations than the CLI version
There is also a standalone (go) version [0] that can be deployed on a server.
"one of the main advantages of standalone Snowflake proxies is that they can be installed on servers and offer a higher bandwidth and more reliable option for users behind restrictive NATs and firewalls."<p>[0] <a href="https://community.torproject.org/relay/setup/snowflake/standalone/" rel="nofollow noreferrer">https://community.torproject.org/relay/setup/snowflake/stand...</a>
I have it installed and like seeing the number go up. NUMBER BIGGER = DOPAMINE!!<p>I'm lucky to be born in Scandinavia, so there is really 0 internet censor, for now.
We block every Tor IP we can find because we don't have the time nor patience to deal with the 99% burpsuite spam originating from these servers. Very cheap and effective solution.