Snowflake (software)

Last updated

User interface for the Snowflake browser extension Screenshot Tor Snowflake browser extension UI.png
User interface for the Snowflake browser extension

Snowflake is a software package for assisting others in circumventing internet censorship by relaying data requests. Snowflake relay nodes are meant to be created by people in countries where Tor and Snowflake are not blocked. [1] People under censorship then use a Snowflake client, packaged with the Tor Browser or Onion Browser, [2] to access the Tor network, using Snowflake relays as proxy servers. Access to the Tor network can in turn give access to other blocked services (like blocked websites). [1] A Snowflake node can be created by either installing a browser extension, installing a stand-alone program, or browsing a webpage with an embedded Snowflake relay. The node runs whenever the browser or program is connected to the internet.

Contents

Tor relays content requests through a chain of Tor nodes, including Snowflake nodes (onion routing). Each node in the chain only knows the addresses of the two adjacent links and cannot decrypt any of the other data it is relaying, which makes tracking or blocking the traffic much more difficult. A common countermeasure is blocking Tor nodes; the number and shifting nature of the Snowflake nodes make identifying and blocking connections to these nodes more difficult.

Tor is itself illegal in some countries. Like the internet, it can relay any sort of content, and some types of content are illegal in some countries.

History

Snowflake was originated by Serene, a hacker and former Google engineer and concert pianist. [3] The name "Snowflake" was coined as her metaphor for a large number of ephemeral proxies [1] in relation to "ICE Negotiation".[ citation needed ] Three programmers published the first version in January 2016. In 2019, it became available as a browser extension for Firefox and Chrome. [1] It can also be run on derived browsers, such as Brave and Microsoft Edge. [4] [2] In February 2023 a thoroughly upgraded, stand-alone version dubbed Snowstorm was released; written in Rust and funded by the Open Tech Fund, beta testing is by invitation. [5] [6]

Function

The end-user asks the broker server for a Snowflake server The broker finds a Snowflake server that is available The broker replies to the end-user The end-user contacts the Snowflake server, with a direct peer-to-peer connection The data request is relayed through the Tor network to the destination server (for instance, the website the end-user is browsing) Snowflake-(Tor)-schematic.png
  1. The end-user asks the broker server for a Snowflake server
  2. The broker finds a Snowflake server that is available
  3. The broker replies to the end-user
  4. The end-user contacts the Snowflake server, with a direct peer-to-peer connection
  5. The data request is relayed through the Tor network to the destination server (for instance, the website the end-user is browsing)

Normal internet data packages come labelled with the original source and the final recipient of the data. For example, a package containing the encrypted text of this article would be labelled with the destination (the IP address of the reader's computer), and the source (the IP address of a Wikipedia server). [7] [8] This means that even if the actual content is encrypted, a censor can block all packages from certain sources (for instance, banning any package that comes from Wikipedia). [9] [10] [11]

By contrast, Tor connections relay encrypted traffic though a chain of proxies. Each link only knows the addresses of the two adjacent links, which makes tracking the traffic much more difficult. [12] The message in encrypted in layers, so it is called onion routing. A physical analogy would be sealing an envelope carrying the real message inside a nested set of envelopes, so that each envelope had a different address on it; each server opens the outermost envelope, addressed to it, and passes the remaining package on to the address thus exposed. [13] Since the source of the content is hidden behind layers of proxy servers, banned sources can still be accessed, and it isn't clear which recipient accessed what content. [12]

Since Tor can be used to access banned websites, some countries, such as Iran and Russia, ban the Tor network. This means that Tor users can't simply connect to a publicly-known Tor entry node; all known Tor nodes will be blocked by the censors. Instead, users connect to a Tor bridge, a server which is secretly a Tor entry point. Censors, in turn, seek to identify and block Tor bridges, identifying them using deep packet inspection. [14]

Snowflake provides a large number of ever-shifting Tor entry nodes. A user is provided with the IP address of a currently-active Snowflake node by asking a broker server, [2] [14] which in turn uses domain fronting to pretend to be a major website. The user then talks directly to the Snowflake node, which relays into the Tor network. The traffic looks like ordinary peer-to-peer traffic, such as that used by many videoconferencing apps. [14]

A Snowflake node runs whenever the browser or program is connected to the internet. If the node host has a dynamic IP, the node will change its IP address over time. [3] [2] See also ad hoc network.

Snowflake nodes are thus used as Tor entry nodes, not as exit nodes. Exit nodes are the other end of the chain. They are the Tor nodes that know what content was requested, though they do not know who requested it (for instance, they would know that a user was contacting a Wikipedia server, but they would not know the IP address of the user). Exit nodes might face legal action in the country in which they are hosted if they relay content that is illegal in that country (so they are usually run in countries with little internet censorship). It is unlikely that Snowflake node hosts could face such liability, since they do not know what content they are relaying. [3] There are, however, countries where using Tor for any purpose is illegal, such as Russia and Iran. [15]

Technical

<iframe src="https://snowflake.torproject.org/embed.html" width="320" height="240" frameborder="0" scrolling="no"></iframe>
snowflake.torproject.org ,
HTML code to add a togglable Snowflake relay to a webpage

Snowflake uses WebRTC to allow browsers to communicate directly with one another. [2] Either installing a browser extension, or keeping a tab open to a webpage with the right embedded code, causes one's browser to act as a relay. [1] Embedding a Snowflake badge in a website allows visitors to make their browser into a relay, exactly as installing the extension does, but by clicking a button on the website rather than by installing software. [16] Snowflake can also be run as a stand-alone program in a Docker container. [2]

Relaying traffic increases the node host's bandwidth usage, which may be a problem for those with bandwidth limits on their internet plans. [3] In practice, hosting a node does not seem to appreciably slow one's internet connection [4] or disrupt browsing. [2]

A detailed technical description is published on GitLab. [17]

Countermeasures

Countermeasures believed to be currently in use against Snowflake from Russia include browser fingerprinting Snowflake hosts and then blocking them. Censors may also install and use Tor, then block all the IP addresses offered as Snowflake servers. Both of these techniques are weakened when there are larger numbers of servers. [18]

Censors may attempt to block the broker's IP address. To circumvent this, the Snowflake client utilizes domain fronting. This makes it infeasible for the censor to block a single website without blocking all the other websites hosted on the same cloud service. Google and Amazon are examples of such services. They host hundreds of thousands of websites. Blocking all the servers of one of these major hosts has disruptive side effects. [14] However, the cloud provider can and often does block domain fronting. [19] [20]

If overseas connections from data centers are allowed, but residential and mobile services are restricted to local connections, then Tor bridges may be secretly and illegally set up in local data centers. This has obvious dangers. [21]

When a country shuts down access to foreign internet connections altogether, essentially cutting the country off from the global internet, Snowflake becomes useless. [3] This has been repeatedly done in Iran and some other countries; it is, however, bad for business (in Iran in 2022, the cost was estimated at $37 million US a day [22] ), so it is usually only done for short periods. [3] [23]

Comparison to VPNs

A simple proxy, like a virtual private network (VPN), has only a single relay. This means that the server address of the VPN has to be known to every user, making it easier to block. [3] For instance, at the beginning of October 2022, during internet disruptions related to the Mahsa Amini protests, VPNs in Iran would drop connections every few minutes. [21] The VPN itself also knows which end-users requested which pages, allowing VPNs to engage in surveillance. [3] [24] In some countries, such as Iran, VPNs are illegal [3] and may be government-affiliated. [22]

Uses

Snowflake came to be widely discussed online in the first week of October 2022, as a way of combatting internet restrictions in Iran during the Mahsa Amini protests, [3] and a guide in Persian was released. [25] [14]

In 2022, the Russian government increased efforts to block access to Tor through technical and political means, and the Tor network reported an increase in traffic from Russia using Snowflake. [18]

Snowflake is integrated into the Tor network. Usage of the Tor network is becoming more common in Russia, Belarus, and Iran, as of 2022, as internet censorship in these countries has become more strict. It is also used by criminals involved in child pornography, drug trade, terrorism, and money laundering. [4]

See also

Related Research Articles

<span class="mw-page-title-main">Proxy server</span> Computer server that makes and receives requests on behalf of a user

In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. It improves privacy, security, and performance in the process.

China censors both the publishing and viewing of online material. Many controversial events are censored from news coverage, preventing many Chinese citizens from knowing about the actions of their government, and severely restricting freedom of the press. China's censorship includes the complete blockage of various websites, apps, video games, inspiring the policy's nickname, the "Great Firewall of China", which blocks websites. Methods used to block websites and pages include DNS spoofing, blocking access to IP addresses, analyzing and filtering URLs, packet inspection, and resetting connections.

SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded.

IP address blocking or IP banning is a configuration of a network service that blocks requests from hosts with certain IP addresses. IP address blocking is commonly used to protect against brute force attacks and to prevent access by a disruptive address. It can also be used to restrict access to or from a particular geographic area; for example, syndicating content to a specific region through the use of Internet geolocation.

The Great Firewall is the combination of legislative actions and technologies enforced by the People's Republic of China to regulate the Internet domestically. Its role in internet censorship in China is to block access to selected foreign websites and to slow down cross-border internet traffic. The Great Firewall operates by checking transmission control protocol (TCP) packets for keywords or sensitive words. If the keywords or sensitive words appear in the TCP packets, access will be closed. If one link is closed, more links from the same machine will be blocked by the Great Firewall. The effect includes: limiting access to foreign information sources, blocking foreign internet tools and mobile apps, and requiring foreign companies to adapt to domestic regulations.

<span class="mw-page-title-main">Open proxy</span> Proxy server accessible to any Internet user

An open proxy is a type of proxy server that is accessible by any Internet user.

<span class="mw-page-title-main">.onion</span> Pseudo–top-level internet domain

.onion is a special-use top level domain name designating an anonymous onion service, which was formerly known as a "hidden service", reachable via the Tor network. Such addresses are not actual DNS names, and the .onion TLD is not in the Internet DNS root, but with the appropriate proxy software installed, Internet programs such as web browsers can access sites with .onion addresses by sending the request through the Tor network.

<span class="mw-page-title-main">Freegate</span>

Freegate is a software application developed by Dynamic Internet Technology (DIT) that enables internet users from mainland China, South Korea, North Korea, Syria, Vietnam, Iran, United Arab Emirates, Germany, New Zealand, Australia, and the United Kingdom among others, to view websites blocked by their governments. The program takes advantage of a range of proxy servers called Dynaweb. This allows users to bypass Internet firewalls that block web sites by using DIT's Peer-to-peer (P2P)-like proxy network system. FreeGate's anti-censorship capability is further enhanced by a new, unique encryption and compression algorithm in the versions of 6.33 and above. Dynamic Internet Technology estimates Freegate had 200,000 users in 2004. The maintainer and CEO of DIT is Bill Xia.

<span class="mw-page-title-main">Internet censorship</span> Legal control of the internet

Internet censorship is the legal control or suppression of what can be accessed, published, or viewed on the Internet. Censorship is most often applied to specific internet domains but exceptionally may extend to all Internet resources located outside the jurisdiction of the censoring state. Internet censorship may also put restrictions on what information can be made internet accessible. Organizations providing internet access – such as schools and libraries – may choose to preclude access to material that they consider undesirable, offensive, age-inappropriate or even illegal, and regard this as ethical behaviour rather than censorship. Individuals and organizations may engage in self-censorship of material they publish, for moral, religious, or business reasons, to conform to societal norms, political views, due to intimidation, or out of fear of legal or other consequences.

An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet untraceable. It is a proxy server computer that acts as an intermediary and privacy shield between a client computer and the rest of the Internet. It accesses the Internet on the user's behalf, protecting personal information of the user by hiding the client computer's identifying information. Anonymous proxy is the opposite of transparent proxy, which sends user information in the connection request header.

<span class="mw-page-title-main">Block (Internet)</span> Restriction on accessing an online resource

On the Internet, a block or ban is a technical measure intended to restrict access to information or resources. Blocking and its inverse, unblocking, may be implemented by the owners of computers using software.

<span class="mw-page-title-main">Tor (network)</span> Free and open-source anonymity network based on onion routing

Tor, short for The Onion Router, is free and open-source software for enabling anonymous communication. It directs Internet traffic via a free, worldwide, volunteer overlay network that consists of more than seven thousand relays.

<span class="mw-page-title-main">Ultrasurf</span>

UltraSurf is a freeware Internet censorship circumvention product created by UltraReach Internet Corporation. The software bypasses Internet censorship and firewalls using an HTTP proxy server, and employs encryption protocols for privacy.

Internet censorship circumvention, also referred to as going over the wall or scientific browsing in China, is the use of various methods and tools to bypass internet censorship.

Flash proxy is a pluggable transport and proxy which runs in a web browser. Flash proxies are an Internet censorship circumvention tool which enables users to connect to the Tor anonymity network via a plethora of ephemeral browser-based proxy relays. The essential idea is that the IP addresses contingently used are changed faster than a censoring agency can detect, track, and block them. The Tor traffic is wrapped in a WebSocket format and disguised with an XOR cipher.

<span class="mw-page-title-main">VPN blocking</span>

VPN blocking is a technique used to block the encrypted protocol tunneling communications methods used by virtual private network (VPN) systems. Often used by large organizations such as national governments or corporations, it can act as a tool for computer security or Internet censorship by preventing the use of VPNs to bypass network firewall systems.

<span class="mw-page-title-main">PirateBrowser</span> Tor Browser-based circumvention tool prepared by The Pirate Bay

PirateBrowser is an Internet browser by The Pirate Bay used to circumvent Internet censorship.

<span class="mw-page-title-main">Lantern (software)</span> Internet censorship circumvention software

Lantern is a free internet censorship circumvention tool that operates in some of the most extreme censorship environments, such as China, Iran, and Russia. It uses wide variety of protocols and techniques that obfuscate network traffic and/or co-mingle traffic with protocols censors are reluctant to block. It also uses domain fronting. It is not an anonymity tool like Tor.

<span class="mw-page-title-main">Domain fronting</span> Technique for Internet censorship circumvention

Domain fronting is a technique for Internet censorship circumvention that uses different domain names in different communication layers of an HTTPS connection to discreetly connect to a different target domain than is discernable to third parties monitoring the requests and connections.

A virtual private network (VPN) service provides a proxy server to help users bypass Internet censorship such as geoblocking and users who want to protect their communications against data profiling or MitM attacks on hostile networks.

References

  1. 1 2 3 4 5 Cimpanu, Catalin (16 October 2019). "Tor Snowflake turns your browser into a proxy for users in censored countries". ZDNET.
  2. 1 2 3 4 5 6 7 Eikenberg, Ronald (30 September 2022). "Internetsperren im Iran: So leisten Sie mit Snowflake Unterstützung". c't Magazin (in German). heise online.
  3. 1 2 3 4 5 6 7 8 9 10 Schwarzer, Matthias (30 September 2022). "Netzsperre im Iran umgehen: Wie "Snowflake" einen Weg ins freie Internet ermöglicht - so kann der Westen helfen". RedaktionsNetzwerk Deutschland (in German). Retrieved 10 October 2022.
  4. 1 2 3 Küchemann, Fridtjof (27 September 2022). "Per Snowflake ins TOR-Netzwerk: Online-Gasse für Menschen in Iran". Frankfurter Allgemeine Zeitung (in German).
  5. Binder, Matt (10 February 2023). "Snowflake helped Tor users thwart Russian censorship. Now the VPN is branching out as Snowstorm". Mashable.
  6. Moreno, Johan (8 February 2023). "As The Internet Freedom Project Expands, Snowflake Becomes Snowstorm". Forbes.
  7. "HTTPS Everywhere FAQ". Electronic Frontier Foundation. 7 November 2016.
  8. Esguerra, Richard (29 June 2009). "Help Protesters in Iran: Run a Tor Bridge or a Tor Relay". Electronic Frontier Foundation.
  9. Alimardani, Mahsa; Jacobs, Frederic (7 May 2015). "New Research: Iran is Using 'Intelligent' Censorship on Instagram". Global Voices Advox.
  10. Franceschi-Bicchierai, Lorenzo (7 May 2015). "Iran's 'Smart' Instagram Censorship Isn't That Smart". Vice News.
  11. Budington, Bill (1 April 2015). "China Uses Unencrypted Websites to Hijack Browsers in GitHub Attack". Electronic Frontier Foundation.
  12. 1 2 Quintin, Cooper (13 June 2014). "Tor Is For Everyone: Why You Should Use Tor". Electronic Frontier Foundation.
  13. Shavers, Brett (2016). "2 The Tor Browser". Hiding behind the keyboard : uncovering covert communication methods with forensic analysis (PDF). Cambridge, MA. ISBN   9780128033524.{{cite book}}: CS1 maint: location missing publisher (link)
  14. 1 2 3 4 5 Quintin, Cooper (4 October 2022). "Snowflake Makes It Easy For Anyone to Fight Censorship". Electronic Frontier Foundation.
  15. Tackett, Carolyn (25 June 2018). "Venezuela blocks access to the Tor network". Access Now.
  16. "Snowflake". snowflake.torproject.org.
  17. "Technical Overview · Wiki · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab". GitLab.
  18. 1 2 Burgess, Matt (28 July 2022). "How Tor Is Fighting—and Beating—Russian Censorship". WIRED . Retrieved 30 July 2022.
  19. Mates, Matan (15 April 2019). "Tor, Meek & The Rise And Fall Of Domain Fronting". SentinelOne.
  20. Dou, Eva; Barr, Alistair (16 March 2015). "U.S. Cloud Providers Face Backlash From China's Censors". WSJ.
  21. 1 2 Butcher, Mike (5 October 2022). "As Iran throttles its internet, activists fight to get online". TechCrunch.
  22. 1 2 Zad, Arash (29 September 2022). "When Will Iran's Internet Censorship Collapse?". Slate Magazine. Retrieved 6 October 2022.
  23. Burgess, Matt (7 October 2020). "Iran's total internet shutdown is a blueprint for breaking the web". Wired UK. Condé Nast.
  24. Eikenberg, Ronald (23 March 2022). "Wie sich Bürger in autoritären Regimes gegen Netzsperren und Zensur wehren". c't Magazin (in German). heise online.
  25. "Iran: Circumventing Censorship with Tor". Tor Project Forum. 22 September 2022.
  26. "How it works - Briar". briarproject.org.
  27. Boniadi, Nazanin (30 September 2022). "'LOTR: The Rings Of Power's Nazanin Boniadi Calls For Action After Death Of Mahsa Amini In Iran – Guest Column". Deadline.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.