Invitation to test "Turbo Tunnel" Snowflake packages

The Tor anti-censorship team is inviting people to try Tor Browser packages built from an experimental branch of Snowflake that is supposed to make Snowflake more reliable. There are two versions; you can try either one or both of them. If you have feedback, tell us whether you are using the “kcp” or “quic” version.

Download the file appropriate for your operating system, unpack it, and run it. You have to enable Snowflake manually. The first time you run the browser:

  1. Click Configure
  2. Click Tor is censored in my country
  3. Click Select a built-in bridge
  4. Select snowflake from the menu
  5. Click Connect

If the browser is already running:

  1. Go to about:preferences#tor (open the Preferences menu then click Tor on the left side)
  2. Click Use a bridge
  3. Click Select a built-in bridge
  4. Select snowflake from the menu

Then you should be able to connect and use the browser pretty much like a normal Tor Browser. If you click the ⓘ icon in the address bar, it will show your first hop as Bridge: snowflake.

What is Snowflake?

Snowflake is a circumvention system that uses lots of temporary proxies, running in web browsers. It communicates with the proxies using WebRTC.

What is different about this experimental branch of Snowflake?

Because Snowflake proxies run in people’s web browsers, they aren’t very stable or reliable. Until now, there wasn’t a way to switch to a new proxy when the one you are using stops working—your connection would just die. These experimental packages use the “Turbo Tunnel” idea, embedding a session protocol that enables your end-to-end connection to keep working, even after a temporary proxy dies.

There are two packages because we are testing two session protocols: KCP and QUIC. For background, see this thread and this ticket.

What is Turbo Tunnel?

Turbo Tunnel is the name for a design pattern where you insert a session protocol (e.g., something with sequence numbers, acknowledgements, and retransmissions) under your circumvention layer, instead of transmitting raw byte streams. It means that you have a long-lived end-to-end session that is not tied to any single network connection. A circumvention system that uses the Turbo Tunnel concept can potentially resist RST attacks, multiplex on several connections simultaneously, and work over unreliable channels like UDP. In Snowflake, Turbo Tunnel allows persisting a session across a sequence of many unreliable temporary proxies.

For more on the Turbo Tunnel idea and the experience of integrating it into some circumvention systems, see these threads:

What to expect

These packages with Snowflake should feel similar to a normal Tor Browser. You should be able to use them for many hours or leave them idle and they will keep working. (Before now, Snowflake would stop working if you left it idle for very long.)

The speed of the connection, besides being inherently limited by the speed of Tor, also depends on the speed of the temporary proxy you get assigned. Some proxies are faster than others. But it should generally be fast enough for YouTube videos.

When a proxy stops working, it takes 30 seconds for the software to notice. When that happens, you won’t be able to browse for at least 30 seconds, possibly more if there is a delay in acquiring a new proxy.

The Snowflake client has a debugging log enabled. The log can tell you what’s happening when you lose a proxy and connect to a new one. You can find the log file here:

linux
tor-browser_en-US/torBrowser/TorBrowser/Data/Tor/pt_state/snowflake-client.log
windows
Browser\TorBrowser\Data\Tor\pt_state\snowflake-client.log
mac
Tor Browser.app/Contents/Resources/TorBrowser/Tor/pt_state/snowflake-client.log

Here’s a guide to reading the log file:

Traffic Bytes (in|out): 0 | 972
If the number on the left stays at 0, the proxy isn't working.
Traffic Bytes (in|out): 52457 | 7270
When the number of the left is nonzero, the proxy is working.
WebRTC: No messages received for 30s -- closing stale connection
This means that the current proxy has stopped working.
redialing on same connection
The client is now getting a new proxy to replace the failed one.

These special packages disable the normal Tor Browser update check for 60 days. That is because an update would remove the Turbo Tunnel features. After 2020-04-23, they will begin to update again and become a normal Tor Browser alpha. (But don’t rely on it, because this part isn’t tested.)

My attempt to disable automatic updates didn’t work. If you were using one of these special packages today, you got updated to a normal Tor Browser 9.5a6 without Turbo Tunnel Snowflake.

If this happened to you, you need to re-download the package, and the first time you run it, set app.update.auto=false in about:config. Alternatively, go to Preferences, General, and select “Check for updates but let you choose to install them.” The browser will tell you there is an update but won’t install it automatically.

Here is a small update to the experimental Snowflake packages. They fix a hang that would happen if tor opened more than one connection through the pluggable transport client.

After my failed attempt to disable automatic updates in the previous draft, these packages simply disable automatic updates. The
browser will still download updates and ask to install them, so you’ll have to click “Not Now” whenever it asks.