OONI reports of Tor blocking in certain ISPs since 2021-12-01

Internet censorship all around the world Russia
55

Patched snowflake-client builds for testing

@cohosh from the Tor anti-censorship team has made updated Snowflake packages to remove the DTLS fingerprint distinguisher found by @ValdikSS. The change is already merged into Tor Browser and will be available in the next release. But you can test the modified snowflake-client now. If any problems are discovered, there is still a short time to make changes for the next Tor Browser release.

The tests require a moderate level of technical ability—you need to replace a file in the Tor Browser folder, or run a command from the command line. Less technical users, it is better to wait for the next release.

Testing with Tor Browser

Download the .tar.gz file for your platform and extract it. Open your Tor Browser directory and find the snowflake-client binary:

platform location
linux TorBrowser/Tor/PluggableTransports/snowflake-client
osx Contents/MacOS/Tor/PluggableTransports/snowflake-client
windows TorBrowser/Tor/PluggableTransports/snowflake-client.exe

Rename the existing binary to snowflake-client.backup, and copy the binary from the .tar.gz file into its old location.

Start Tor Browser and choose Snowflake from Tor Network Settings.

Testing from the command line

Download the .tar.gz file for your platform and extract it. Go into the directory containing the snowflake-client binary and create a file called torrc.snowflake:

SocksPort auto
UseBridges 1
Bridge snowflake 192.0.2.3:1 2B280B23E1107BB62ABFC40DDCC8824814F80A72
ClientTransportPlugin snowflake exec ./snowflake-client -log snowflake-client.log -url https://snowflake-broker.torproject.net.global.prod.fastly.net/ -front cdn.sstatic.net -ice stun:stun.l.google.com:19302,stun:stun.voip.blackberry.com:3478,stun:stun.altar.com.pl:3478,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.sonetel.net:3478,stun:stun.stunprotocol.org:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478

Now run tor using that configuration file:

$ tor -f torrc.snowflake

You will know it is working as soon as you see:

new bridge descriptor 'flakey' (fresh): $2B280B23E1107BB62ABFC40DDCC8824814F80A72~flakey at 192.0.2.3

You can also try using the Tor SOCKS proxy port shown in the log:

Opened Socks listener on 127.0.0.1:XXXX

For example,

$ curl --proxy socks5h://127.0.0.1:XXXX/ https://check.torproject.org/ | head
<html lang="en_US">
<head>
  <meta charset="utf-8" />
  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  <title>

      Congratulations. This browser is configured to use Tor.

If it does not work, there are logs in the file snowflake-client.log. Logs like the following are a sign of a working connection:

WebRTC: DataChannel.OnOpen
---- Handler: snowflake assigned ----
Traffic Bytes (in|out): 6806 | 134462 -- (19 OnMessages, 138 Sends)
Traffic Bytes (in|out): 1051010 | 33510 -- (854 OnMessages, 169 Sends)
WebRTC: At capacity [1/1]  Retrying...
Traffic Bytes (in|out): 72898 | 10833 -- (85 OnMessages, 29 Sends)
Traffic Bytes (in|out): 3972 | 2363 -- (9 OnMessages, 7 Sends)