Software:Snowflake

From HandWiki
User interface for the Snowflake browser extension

Snowflake is a software package for assisting others in circumventing internet censorship, by relaying anonymous, encrypted data requests. Snowflake nodes are meant to be created by people in countries where Tor and Snowflake are legal.[1] People under censorship then use Tor browser or Onion Browser[2] to access banned websites through the Snowflake proxies.[1] A Snowflake node can be created by either installing a browser extension, installing a stand-alone program, or browsing a webpage with an embedded Snowflake relay. The node runs whenever the browser or program is connected to the internet.

Tor relays content requests through a chain of Tor nodes, including Snowflake nodes (onion routing). Each node in the chain only knows the addresses of the two adjacent links, and cannot decrypt any of the other data it is relaying, which makes tracking or blocking the traffic much more difficult. A common countermeasure is blocking Tor nodes; the number and shifting nature of the Snowflake nodes makes identifying and blocking connections to these nodes more difficult.

Tor is itself illegal in some countries, and as, like the internet, it can relay any sort of content, some of its uses are illegal in any country.

History

Snowflake was originated by Serene, a hacker and former Google engineer.[3] The name was her metaphor for a large number of ephemeral proxies. Three programmers published the first version in January 2016. In 2019, it became available as a browser extension for Firefox and Chrome.[4] It can also be run on derived browsers, such as Brave and Microsoft Edge.[2][1]

Function

  1. The end-user asks the broker server for a Snowflake server
  2. The broker finds a Snowflake server that is available
  3. The broker replies to the end-user
  4. The end-user contacts the Snowflake server, with a direct peer-to-peer connection
  5. The data request is relayed through the Tor network to the destination server (for instance, the website the end-user is browsing)

Normal internet data packages come labelled with the original source and the final recipient of the data. For example, a package containing the encrypted text of this article would be labelled with the destination (the IP address of the reader's computer), and the source (the address of a Wikipedia server).[5][6] This means that even if the actual content is encrypted, a censor can block all packages from certain sources (for instance, banning any package that comes from Wikipedia).[7][8][9]

By contrast, Tor connections relay encrypted traffic though a chain of proxies. Each link only knows the addresses of the two adjacent links, which makes tracking the traffic much more difficult.[10] The message in encrypted in layers, so it is called onion routing. A physical analogy would be sealing an envelope carrying the real message inside a nested set of envelopes, so that each envelope had a different address on it; each server opens the outermost envelope, addressed to it, and passes the remaining package on to the address thus exposed.[11] Since the source of the content is hidden behind layers of proxy servers, banned sources can still be accessed, and it isn't clear which recipient accessed what content.[10]

Since Tor can be used to access banned websites, some countries, such as Iran and Russia, ban the Tor network. This means that Tor users can't simply connect to a publicly-known Tor entry node; all known Tor nodes will be blocked by the censors. Instead, users connect to a Tor bridge, a server which is secretly a Tor entry point. Censors, in turn, seek to identify and block Tor bridges, identifying them using deep packet inspection.[12]

Snowflake provides a large number of ever-shifting Tor entry nodes. A user is provided with the IP address of a currently-active Snowflake node by asking a broker server,[2][12] which in turn uses domain fronting to pretend to be a major website. The user then talks directly to the Snowflake node, which relays into the Tor network. The traffic looks like ordinary peer-to-peer traffic, such as is used by many videoconferencing apps.[12]

A Snowflake node runs whenever the browser or program is connected to the internet. If the node host has a dynamic IP, the node will change its IP address over time.[3][2] See also ad hoc network.

Snowflake nodes are thus used as Tor entry nodes, not as exit nodes. Exit nodes are the other end of the chain. They are the Tor nodes that know what content was requested, though they do not know who requested it (for instance, they would know that a user was contacting a Wikipedia server, but they would not know the IP address of the user). Exit nodes might face legal action in the country in which they are hosted if they relay content that is illegal in that country (so they are usually run in countries with little internet censorship). It is unlikely that Snowflake node hosters could face such liability, since they do not know what content they are relaying.[3] In countries where Tor itself is illegal, knowingly operating a Snowflake node may be illegal.

Technical

<iframe src="https://snowflake.torproject.org/embed.html" width="320" height="240" frameborder="0" scrolling="no"></iframe> — https://snowflake.torproject.org/,+
HTML code to add a togglable Snowflake relay to a webpage

Snowflake uses WebRTC to allow browsers to communicate directly with one another.[2] Either installing a browser extension, or keeping a tab open to a webpage with the right embedded code, causes one's browser to act as a relay.[1] Embedding a Snowflake badge in a website allows visitors to make their browser into a relay, exactly as installing the extension does, but by clicking a button on the website rather than by installing software.[13] Snowflake can also be run as a stand-alone program in a Docker container.[2]

Relaying traffic increases the node hoster's bandwidth usage, which may be a problem for those with bandwidth limits on their internet plans.[3] In practice, hosting a node does not seem to appreciably slow one's internet connection[4] or disrupt browsing.[2]

A detailed technical description is published on Gitlab.[14]

Countermeasures

Countermeasures believed to be currently in use against Snowflake from Russia include browser fingerprinting Snowflake hosts and then blocking them. Censors may also install and use Tor, then block all the IP addresses offered. Both of these techniques are weakened when there are larger numbers of servers.[15]

When a country shuts down access to foreign internet connections altogether, essentially cutting the country off from the global internet, Snowflake becomes useless.[3] This has been repeatedly done in Iran and some other countries; it is, however, bad for business (in Iran in 2022, the cost was estimated at $37 million US a day[16]), so it is usually only done for short periods.[3][17] If overseas connections from data center are allowed, but residential and mobile services are restricted to local connections, then Tor bridges may be secretly and illegally set up in local data centers, but this has obvious dangers.[18] Alternately, when the internet is entirely shut down, peer-to-peer smartphone ad hoc networks have been used, entirely replacing the conventional internet infrastructure; Tor can be used over such networks (see Briar).[19]

Comparison to VPNs

A simple proxy, like a virtual private network (VPN), has only a single relay. This means that the server address of the VPN has to be known to every user, making it easier to block.[3] For instance, at the beginning of October 2022, during internet disruptions related to the Mahsa Amini protests, VPNs in Iran would drop connections every few minutes.[18] The VPN itself also knows which endusers requested which pages, allowing VPNs to engage in surveillance.[3][20] In some countries, such as Iran, VPNs are illegal[3] and may be government-affiliated.[16]

Uses

Snowflake came to be widely discussed online in the first week of October 2022, as a way of combatting internet restrictions in Iran during the Mahsa Amini protests,[3] and a guide in Persian was released.[21][12]

In 2022, the Russian government increased efforts to block access to Tor through technical and political means, and the Tor network reported an increase in traffic from Russia using Snowflake.[22]

Snowflake is integrated into the Tor network. Usage of the Tor network is becoming more common in Russia, Belarus, and Iran, (As of 2022), as internet censorship in these courtries has become more strict. It is also used by criminals involved in child pornography, drug deals, terrorism, and money laudering.[4]

See also

  • Psiphon uses a variety of anticensorship techniques
  • Smartphone ad hoc network, a peer-to-peer system that can be used when the conventional internet infrastructure is entirely shut down
  • Sneakernet, a technique widely used in countries with little internet access.
  • Toosheh uses satellite TV receiving equipment to download (but not upload) files, which are then sometimes sneakernetted.[23]

References

  1. 1.0 1.1 1.2 1.3 "Tor Snowflake turns your browser into a proxy for users in censored countries" (in en). https://www.zdnet.com/article/tor-snowflake-turns-your-browser-into-a-proxy-for-users-in-censored-countries/. 
  2. 2.0 2.1 2.2 2.3 2.4 2.5 2.6 Eikenberg, Ronald (30 September 2022). "Internetsperren im Iran: So leisten Sie mit Snowflake Unterstützung" (in de). c't Magazin (heise online). https://www.heise.de/hintergrund/Internetsperren-im-Iran-So-leisten-Sie-mit-Snowflake-Unterstuetzung-7281703.html. 
  3. 3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 Schwarzer, Matthias (30 September 2022). "Netzsperre im Iran umgehen: Wie "Snowflake" einen Weg ins freie Internet ermöglicht - so kann der Westen helfen" (in de). Redaktions Netzwerk Deutschland (www.rnd.de). https://www.rnd.de/digital/netzsperre-im-iran-umgehen-wie-snowflake-einen-weg-ins-freie-internet-ermoeglicht-so-kann-der-westen-SE3LNI5BKNHJHGJJK2UZHWHXRA.html. 
  4. 4.0 4.1 4.2 Küchemann, Fridtjof (27 September 2022). "Per Snowflake ins TOR-Netzwerk: Online-Gasse für Menschen in Iran" (in de). Frankfurter Allgemeine Zeitung. https://www.faz.net/aktuell/feuilleton/medien/zugang-fuer-iraner-per-snowflake-ins-tor-netzwerk-18346679.html. 
  5. "HTTPS Everywhere FAQ" (in en). 7 November 2016. https://www.eff.org/https-everywhere/faq#what-does-https-everywhere-protect-me-against. 
  6. Esguerra, Richard (29 June 2009). "Help Protesters in Iran: Run a Tor Bridge or a Tor Relay" (in en). https://www.eff.org/deeplinks/2009/06/help-protesters-iran-run-tor-relays-bridges. 
  7. Alimardani, Mahsa; Jacobs, Frederic (7 May 2015). "New Research: Iran is Using ‘Intelligent’ Censorship on Instagram" (in en). https://advox.globalvoices.org/2015/05/07/new-research-iran-is-using-intelligent-censorship-on-instagram/. 
  8. Franceschi-Bicchierai, Lorenzo. "Iran’s 'Smart' Instagram Censorship Isn’t That Smart" (in en). https://www.vice.com/en/article/4x38kd/irans-smart-instagram-censorship-isnt-that-smart. 
  9. Budington, Bill (1 April 2015). "China Uses Unencrypted Websites to Hijack Browsers in GitHub Attack" (in en). https://www.eff.org/deeplinks/2015/04/china-uses-unencrypted-websites-to-hijack-browsers-in-github-attack. 
  10. 10.0 10.1 Quintin, Cooper (13 June 2014). "Tor Is For Everyone: Why You Should Use Tor" (in en). https://www.eff.org/deeplinks/2014/06/why-you-should-use-tor. 
  11. Shavers, Brett (2016). "2 The Tor Browser". Hiding behind the keyboard : uncovering covert communication methods with forensic analysis. Cambridge, MA. ISBN 9780128033524. https://cdn.ttgtmedia.com/rms/pdf/Hiding%20Behind%20the%20Keyboard_Ch%202.pdf. 
  12. 12.0 12.1 12.2 12.3 Quintin, Cooper (4 October 2022). "Snowflake Makes It Easy For Anyone to Fight Censorship" (in en). https://www.eff.org/deeplinks/2022/10/snowflake-makes-it-easy-anyone-fight-censorship. 
  13. "Snowflake". https://snowflake.torproject.org/. 
  14. "Technical Overview · Wiki · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab" (in en). https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview. 
  15. Burgess, Matt. "How Tor Is Fighting—and Beating—Russian Censorship". Wired. https://www.wired.com/story/tor-browser-russia-blocks/. 
  16. 16.0 16.1 Zad, Arash (29 September 2022). "When Will Iran's Internet Censorship Collapse?" (in en). Slate Magazine. https://slate.com/technology/2022/09/iran-protests-mahsa-amini-internet-censorship.html. 
  17. Burgess, Matt (7 October 2020). "Iran’s total internet shutdown is a blueprint for breaking the web". Wired UK. Condé Nast. https://www.wired.co.uk/article/iran-news-internet-shutdown. 
  18. 18.0 18.1 Butcher, Mike (5 October 2022). "As Iran throttles its internet, activists fight to get online". https://techcrunch.com/2022/10/05/iran-internet-protests-censorship/. 
  19. 19.0 19.1 "How it works - Briar". https://briarproject.org/how-it-works/. 
  20. Eikenberg, Ronald (23 March 2022). "Wie sich Bürger in autoritären Regimes gegen Netzsperren und Zensur wehren" (in de). c't Magazin (heise online). https://www.heise.de/news/Massnahmen-gegen-Netzsperren-und-Zensur-6606969.html. 
  21. "Iran: Circumventing Censorship with Tor" (in en). 22 September 2022. https://forum.torproject.net/t/iran-circumventing-censorship-with-tor/4590. 
  22. Burgess, Matt (July 28, 2022). "How Tor Is Fighting—and Beating—Russian Censorship". WIRED. https://www.wired.com/story/tor-browser-russia-blocks/. Retrieved 2022-07-30. 
  23. Boniadi, Nazanin (30 September 2022). "‘LOTR: The Rings Of Power’s Nazanin Boniadi Calls For Action After Death Of Mahsa Amini In Iran – Guest Column". Deadline. https://deadline.com/2022/09/mahsa-amini-death-protests-nazanin-boniadi-guest-column-lotr-iran-1235131413/. 



Retrieved from "https://handwiki.org/wiki/index.php?title=Software:Snowflake&oldid=2095603"