Lately there has been some discussion that Snowflake may be partially blocked in Russia. But I have not really looked into it yet.
- [tor-project] Anti-censorship team meeting notes, 2022-12-15
-
#tor-meeting log
IRC log
16:08:46 <ggus> meskio: shelikhoo: do you know what's the status of snowflake test on logcollector? hackerncoder was checking and it seems there was some issue in the russian vantage point? 16:08:47 <shelikhoo> oh no... iran vps's connection to cloudflare is not working i/o timeout 16:09:13 <cece[m]> meskio: same here 16:09:14 <shelikhoo> I think it is the iran one that is having issue 16:09:18 <meskio> shelikhoo: maybe cloudflare is censored in Iran :P 16:09:38 <shelikhoo> and snowflake in russia is down as well 16:09:41 <shelikhoo> oooo 16:10:14 <shelikhoo> https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/bridgestatus/-/blob/dcd157e608be92294a1bc3dd51c9bdbf444edb0f/recentResult_russia 16:11:12 <meskio> I was looking at metrics.tpo and there doesn't seem to be much users of snowflake in russia 16:11:18 <meskio> or maybe 0 16:11:38 <meskio> but the number of tor users haven't gone down at all 16:11:59 <meskio> so everybody have their own way to find bridges 16:12:29 <meskio> circumvention settings is recommending snowflake in russia, I wonder if we should change that 16:12:47 <shelikhoo> yes, but we should try to find a way to fix this in the near future 16:12:59 <shelikhoo> before they find a way to block obfs4... 16:13:07 <ggus> i think that during the protests in iran, many users in russia migrated from snowflake to obsf4, because the bridge was too overloaded/slow 16:13:35 <ggus> meskio: +1 16:14:05 <meskio> cool, I'll make the change 16:14:18 <itchyonion> What does the second column (number) represent in the bridgestatus lines? Success rate? 16:14:30 <meskio> yes, we should investigate if snowflake is blocked in russia, but not sure if we can realistically do that before january 16:14:33 <shelikhoo> it is bootstrap percentage 16:14:42 <itchyonion> ah ok 16:14:46 <shelikhoo> should be 100 when tor works 16:16:38 <meskio> BTW, there are still more than double of users connecting to Tor directly than over a bridge 16:16:50 <meskio> ~100k direct connections, ~40k bridges, ... 16:16:56 <meskio> I mean in russia 16:18:05 <shelikhoo> yes. I think one of the reason for that they only block tor on residential network 16:18:14 <shelikhoo> not on IDC network 16:18:18 <meskio> yep 16:18:23 <ggus> it depends on where they deployed tspu 16:19:36 <ggus> fyi: today the tor project lost the appeal to 'unblock tor' in russia. rks lawyers will appeal again: https://roskomsvoboda.org/post/tor-ne-proshel-apelliatsiyu/ (in RU) 16:21:05 <meskio> does unblock tor mean the website? 16:21:22 <meskio> or are did we manage to ask legally to unblock the tor network? 16:23:39 <meskio> ggus: -^? 16:24:43 <ggus> meskio: we didn't manage to ask legally to unblock the tor network because they never confirmed doing that. the process is about tor website and app stores 16:26:00 <ggus> sooo gettor may get more russian users in the nearby future 16:26:11 <shelikhoo> I think this is mostly a 16:26:19 <meskio> uff, I see 16:26:37 <meskio> the snowflake block might be https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40030 16:26:56 <shelikhoo> I think this is mostly a symbolic legal flight? 16:27:12 <shelikhoo> but it should worth it 16:28:48 <meskio> +1 16:28:56 <itchyonion> Anything else on this topic? 16:29:08 <ggus> meskio: shelikhoo: i think i will close this ticket: https://gitlab.torproject.org/tpo/community/support/-/issues/40050 and then we can open a new again about the snowflake block in russia? or should we keep it open until we defeat tor censorship in russia like a historical artifact? :D 16:30:16 <shelikhoo> I think we could add the date or a year to ticket and create a ticket for next round of censorship
I can see that there are still connections from Russia. It is #4 ranked by number of users still. But it could be that it was blocked in some but not all ISPs in Russia, and with the giant number of users in Iran we did not notice.
dirreq-stats-end 2022-12-18 07:00:35 (86400 s)
dirreq-v3-reqs ir=38168,us=11000,??=4544,ru=1504,cn=968,de=368,mu=240,...
@anon94384997 it looks like in your case, Snowflake is blocked by DTLS, which is how it was done in December 2021. See also IRC Tip about Signature used to block Snowflake in Russia, 2022-May-16 (#40030) · Issues · The Tor Project / Anti-censorship / censorship-analysis · GitLab.
There are several steps to a Snowflake connection:
- Contact STUN server and construct offer. (Working for you.)
- Send offer to broker and receive answer using TLS domain fronting / AMP cache. (Working for you.)
- Peer-to-peer DTLS connection with proxy. (This is probably the step that is not working for you.)
The evidence that (1) is working is WebRTC: Created offer. The evidence that (2) is working is Received answer: {"answer":… The evidence that (3) is not working is WebRTC: timeout waiting for DataChannel.OnOpen.