From the second link, looks like the plan is that Snowflake will annoy cloud providers less by only using the domain-fronting channel to propagate routing info:
> sending Tor traffic directly through domain fronting (rather than using it only to distribute bridges and snowflakes) enables these platforms to claim that this technique is used by malware and therefore harmful to users, justifying shutting it down.
> Snowflake is a more sustainable way for us to use the expensive but high censorship-resistance features of domain fronting as a low bandwidth bootstrapping channel.
If I'm allowed to guess, Tor Browser has Meek built in and it includes a few services hosted on Microsoft cloud. As far as I understand it, it can be quite expensive consider the total amount of traffic those Meek server must relay.
However, I wouldn't consider it "censorship-resistance".
From reading their Technical Overview document, I got the impression that they put a lot of faith on Domain Fronting which might not be a good thing
> ... the censor cannot block the broker without blocking all of Google, or all of Amazon, hence collateral freedom.
Relevant: recently it was discovered that 10 % of tor nodes of any role have been run by a single actor, which most likely was a deanonymization effort
How does this cope with the case where the NAT hole-punching fails and both WebRTC clients are unable to accept an incoming connection? A TURN relay seems like it would get blocked.
Edit: I should have just read the documentation [1]. It relies on the STUN/TURN servers being public and commonly used so that blocking them will break many other applications. Unfortunately, I don't know if the regimes where this is needed will care about that.
Anyone running a proxy? I definitely want to give back and it would not be a problem to run one, are there any security implications I need to consider? looking at their Faq it seems safe enough...
I'm running one. It seems totally fine, and I'd really strongly recommend doing it. Remember you have to leave a tab open for it to work. The website doesn't emphasise this enough, in my view. If you simply pin the tab, it'll be (a) very persistent and hard to accidentally close, and (b) totally inconspicuous, so I recommend doing that.
I'd also strongly recommend running a full Tor node. The best way we can support Tor is to flood the zone with proxies, so it's no longer possible for intelligence agencies to control quora of Tor entry and exit nodes, as they very likely do. If you live in the developed world and have a good internet connection, I think it's a civic duty to redistribute your bandwidth - to socialise the means of conduction.
Edit: 'Quora' was probably a poor choice of word, since a quorum implies consensus between nodes, as in a distributed system. It's really about intelligence agencies controlling _majorities_ of nodes - or even a large number - so as to make it more statistically likely that any given Tor circuit will begin and end with a node under one's control.
I've been running one for years, after hearing a presentation on the system at the OurNetworks conference in Toronto. Haven't had any issues with it, and it's cool to see when I've helped a person or two in the last 24 hours.
A mobile browser addon would be less than ideal since you'd want the client to stay running in the background and since not everyone uses Firefox. The Guardian Project is working on implementing that standalone proxy server approach directly into Orbot: https://github.com/guardianproject/orbot/issues?q=is%3Aissue...
What I really want: to be able to open a port on my computer behind a NAT and have a way for people outside it to connect without using special software.
Localtunnels is close to what I want. Just would like it to be in form of a service run by volunteers, so I can have confidence it will not be corrupted by the possibility of profit in the future.
If you have control of any IP address anywhere (doesn't have to be on your router), you can forward a port.
If you don't have any control of an IP address, you cannot be connected to through software that is not "special" (i.e., software that only uses IP to connect). As a matter of logic.
It's not up to the ISP. It's on your router. And most consumer home routers support it, or else a newer alternative like NAT-PMP, but you have to have to enable it in the router settings via web browser interface.
(You can also, in these settings, manually forward individual ports, or use DMZ to forward all ports to a single machine.)
Some ISPs don't even give you a real IPv4 address though (they use CGNAT). THEN you have no hope.
> Some ISPs don't even give you a real IPv4 address though (they use CGNAT). THEN you have no hope.
That is the case with most people I know: not even the router has a "real ip". Don't know how things have improved with ipv6 though.
Also, in my country, best plans you can get take an optical fiber to your house directly connected to an ISP provided router. You're fully locked out of doing anything with the router except powering it.
You're going to need special software or else these volunteers are just giving out free IP addresses, and the pool of free IP addresses inevitably will be too small for the number of users. (Unless it uses IPv6, in which case it can be done, but then only other IPv6 hosts can connect.)
Meanwhile, you can pay for your own static IP hosted on a VPS for much less than you can get home internet. You can then forward that IP to your home server.
However, even this cannot scale, it is just rationing through bidding on IP addresses. There are more human beings than IPv4 addresses, so you can't just share them and use "non-special" software. The non-special IPv4 protocol software only supports ~4 billion unique users. So we need "special" IPv6 software or else "special" software layered over IPv4.
> You're going to need special software or else these volunteers are just giving out free IP addresses
Yes... that's basically this. But even a single ipv4 volunteer could expose tens of thousands of ports. Depending on how such a service is desired, this could be enough. Ipv6 would, I think, only improve things.
This is one thing I miss from my dial-up internet in the 90's: I could run a service on my computer, I could pass my ip to anyone, anywhere in the world and they could connect to my machine; a cheap computer using a telephone line. I miss that.
Proxying ipv4 by address and port is an interesting idea. I think you'd need dyndns to keep things relatively stable, and at that point you could probably use the dns-01 ACME challenge to get certs, which can be used even on different ports.
EDIT:
One problem is if your current proxy goes down and you have to change, you might get moved to a different port, which would break existing urls. But maybe it could be part of the protocol that you search for a new proxy that has the same port available.
Dang it now you have me wanting to try and prototype this...
I wouldn't mind not having names, certs or even losing the connection from time to time when a node goes off. That would still be a fair price to pay. A simple volunteer-based VPN-like network for port redirection would be enough.
Re: EDIT: now you're using special software on the client side -- in which case, there are many solutions, my favorite is to just have the client get an IPv6 address through a VPN! Just use IPv6!
Seems to me that all of that is an illusion because you're just neglecting the home internet provider that is providing the IP addresses. That's big business, usually regional monopoly, politically powerful, offers no better privacy (neither middleman should be trusted), more bureaucracy, slower to enable.
Devil's advocate - VPN might be better than Tor. Hear me out:
A VPN provider's business is keeping your connection private. They have no incentive to log because the leakage of such logs would be catastrophic. Thus, a reputable VPN provider is unlikely to be a front for a nation-state actor. There is a strong financial incentive for a VPN provider to do their job, as stated, no conspiracies, and do it well.
Tor, on the other hand, has frequently had bad actors comprise a significant portion of running nodes, to the point where being the victim of a correlation attack wouldn't be unlikely for a regular user. Intelligence agencies and bad actors alike have immense incentive to saturate the Tor network with bad nodes. Finally, Tor has been plagued with issues and vulnerabilities, that they seemingly do not have the manpower or technical ability to fix: https://www.hackerfactor.com/blog/index.php?/archives/906-To...
I suspect that the future of anonymous communication will be a mixnet resistant to correlation attacks (unlike Tor.) An example - https://nymtech.net/
The major VPNs log, this has been shown in court cases. If they say they don't they're either using a limited definition of log, straight up lying, or about to run into problems with the government.
Okay but to be clear that's not a requirement for the problem being addressed here, which is attempting to get through censorship. Anonymous browsing is a more general problem.
I don't think the OP made a good argument that VPN is a suitable solution, but certainly introducing unnesccessary requirements may be disqualifying a possible working solution.
Now, if the censor has the power to invoke great harm to those attempting to bypass then anonymous browsing is the requirement.
If you only care about viewing censored materials and don't care about the repercussions of getting caught, then I agree that a VPN is a fine solution.
It's probably easier to use and faster for most customers, with the downside that you have to pay.
I'm not so sure about your argument: the usual argument against a VPN is that you are trusting effectively somebody else's computer. They can have all the business incentives in the world, but we know that some states go knocking on doors with gag orders. A 5$ wrench (or its threat) can get a long way.
The point is that we can't easily know who is compromised and who is not. There's always a certain level of trust required. The argument is that if you host your own VPS and use that as exit-node, at least what you're buying is more generic and the VPS provider most likely wouldn't care. But again, it's a matter of trust.
The issue is that whether a VPN is reputable is hard to gauge and not fixed in time.
Take IVPN from example: from what I gather they are among the most reputable. They haven't fucked up yet (a-la Nord VPN), they support and fund anti-censorship activities etc. But all of this is based on a perception, that can be doctored if you're determined enough. And usually in the discussions about VPNs the level of paranoia is pretty high to be trusting others.
Furthermore, the real issue is that VPNs are not that widespread among the "general public" so compromising a VPN (or running a fake one) seems like a good target for those who want to get at the (current) typical users of VPN.
Any intelligence agency with the ability to monitor the majority of Tor traffic (AKA a global observer) would have no problem at all doing correlation attack against a VPN provider.
> Intelligence agencies and bad actors alike have immense incentive to saturate the Tor network with bad nodes
Bad node owners largely not cooperate with each other, and this keeps Tor safe.
> the future of anonymous communication will be a mixnet resistant to correlation attacks
I2P has been around for 18 years. Please do use HN to advertise cryptocurrencies.
Between a single malicious node and global observer is the simple act of running many Tor nodes, which is comparatively much cheaper and much easier.
> Bad node owners largely not cooperate with each other, and this keeps Tor safe.
It does not. Nearly 10% of Tor nodes were run by a bad actor at a certain point this year. About 1 in 300 Tor users were completely deanonymized at that point in time. Much more if you use mobile Tor, which doesn't seem to pin a guard node.
"a 16% chance that a Tor user would connect to the Tor network through one of KAX17’s servers, a 35% chance they would pass through one of its middle relays, and up to 5% chance to exit through one." - https://therecord.media/a-mysterious-threat-actor-is-running...
I don't know about you, but a 0.3% chance of deanonymization on every route change is pretty unacceptable.
> I2P has been around for 18 years.
I2P is not well maintained, it is not a mixnet, and it does not have the same security guarantees as the Nym mixnet.
Please do not accuse HNers of "advertising cryptocurrencies."
Merely mentioning the existence of a tokenized mixnet is not advertisement. We are allowed to talk about obviously relevant technologies, especially ones that improve on existing ones in novel ways.
> Between a single malicious node and global observer is the simple act of running many Tor nodes, which is comparatively much cheaper and much easier.
And very ineffective, compared to a global observer like PRISM. Tor makes no secret that real time traffic is vulnerable to correlation attacks.
It's not a "bug" in Tor, it's true for any data transmission. And VPNs are way, way more vulnerable to such attack.
> I don't know about you, but a 0.3% chance of deanonymization on every route change is pretty unacceptable.
"unacceptable" is as strange word to use when there are no practical alternatives.
Tor would be more resilient if a large number of organizations and individuals ran their own nodes. We can encourage participation. Other than that, the best thing we can do is develop store-and-forward systems on top of Tor that resist timing attacks. Briar is a good example.
Because most voters think it’s a shitty take. It’s a hell of a lot easier to identify a vpn user or compel a vpn provider than to perform timing/throughput/correlation attacks on the tor network. Correlation based attacks can take months of consistent observation assuming you control exit and entry nodes the victim is using. Even then you will only identify your victim within some probability.
In places where your government is this hostile and you’re doing something subversive you’re probably using an onion service or i2p which vpns cannot access.
In that case make the argument as you do above and the rest of us can decide whether it's more or less probable.
I'm still not convinced incidentally. State actors have very strong motivations to break Tor, regardless of difficulty, and have ample resources. They can also be very patient, as projects like Stuxnet demonstrated. [0] Doing something surprising is good military strategy as Guderian demonstrated in the Ardennes. [1]
Yea I’m confident the US military has the resources and expertise to fully compromise tor, but it would be extremely difficult/costly. I just believe it’s not worth their time to map every single tor user to an identity. Stuxnet was done to disarm the nuclear weapons program of a hostile nation state.
US intelligence already has plenty of surveillance capabilities and imo they’re not gonna waste their hand targeting non enemies of the state who just want privacy or even organized crime rings who are just chasing a profit.
Frankly it’s easier to catch high profile criminals with more conventional means.
And just to reiterate: my position is not that tor is bulletproof against the most powerful military force in history. I’m just saying it provides a much higher degree of privacy compared to using a simple VPN provider.
Anyone can help strengthen the network by operating nodes, donating money, or assisting with development/documentation!
How is that a shitty take? Tor is compromised, so are most VPNs, but there are some VPN providers that dont store logs (allegedly) like Mulvad. I would take a maybe-is-compromised think over a known-to-be-compromised , every day. Also Correlation based attacks are not the only Tor flaw.
It’s just my opinion on OPs argument. It’s quite a stretch to say that tor is compromised. The network is actively attacked sure. Nation states and sophisticated groups may be able to deanonymize users of high interest.
A single vpn provider would be way lower hanging fruit to powerful adversaries.
There’s a reason high profile criminal groups are able to operate over tor. When they DO get caught, it’s usually through some other unrelated opsec blunder.
I use tor, ProtonVPN, and mullvad in addition to self managed wire guard instances. There’s no reason to be binary and you should use the tools which fit your use case.
> 1 in 300 connections were deanonymized at many points throughout this year.
How do you figure? If you are referencing the bs “0.3%” chance figure. Please not that this assumes that each “peak” number of malicious nodes were used. If you actually look at that medium article, the peak exit, relay, and entry nodes do not occur at the same time. Those malicious nodes have since been removed. This also assumes tor users are not using any onion services.
> For any given trustworthy VPN, 0 connections were deanonymized this year.
Lol. I can’t believe I even have to respond to this. People use vpns to visit clear net sites with loads of fingerprinting JavaScript. They bring their google analytics cookies with them! There’s no onion services!
Just a reminder if you're being censored in any serious way then don't use TOR, as the network is largely controlled by a few actors and the devs don't seem to care / or don't have the proper resources to deal with it.
Outline (getoutline.org) is a super easy to use you run on a cloud server. No logging and it works everywhere there's censorship, and it's easy to share access to your server with as many or as few people as you like. The only cost is the cost of running the cloud server, a few dollars a month if you use LightSail or DigitalOcean. Disclaimer: I used to work on it.
I’m a fan of Outline and I ran my own DO droplet when the criticism around ProtonVPN and mail was happening, few minor pain points for me were the deprecated warnings that showed when booting the Linux client and it unfortunately presented me with the most connectivity issues. It would show connected but after doing IP lookups would reveal true IP. It’s seamless and easy to maintain but seemed unreliable at least on ZorinOS.
Did cloud providers get more permissive since then?
EDIT: Tor also got hit by some shutdowns in 2018 due to its use of domain fronting:
https://blog.torproject.org/domain-fronting-critical-open-we...
https://gitlab.torproject.org/tpo/applications/tor-launcher/...
From the second link, looks like the plan is that Snowflake will annoy cloud providers less by only using the domain-fronting channel to propagate routing info:
> sending Tor traffic directly through domain fronting (rather than using it only to distribute bridges and snowflakes) enables these platforms to claim that this technique is used by malware and therefore harmful to users, justifying shutting it down.
> Snowflake is a more sustainable way for us to use the expensive but high censorship-resistance features of domain fronting as a low bandwidth bootstrapping channel.