Make *.freehaven.net domains be CNAMEs for *.torproject.net, not *.bamsoftware.com
In #31250 (closed) we changed snowflake.bamsoftware.com and snowflake-broker.bamsoftware.com to snowflake.freehaven.net and snowflake-broker.freehaven.net in the browser extension, in order to avoid malware warnings from bamsoftware.com. But the freehaven.net domains are CNAMEs for the corresponding bamsoftware.com domains, which apparently still triggers some malware detection systems:
-
Is bamsoftware.com related to the TOR project in any official way?
I recently installed Snowflake on Firefox. Whenever I turn it on, Malwarebytes blocks snowflake.bamsoftware.com and snowflake-broker.bamsoftware.com because of a Trojan.
- @arma reports that someone he knows has also seen antivirus warnings when running the browser extension.
We diagnosed the problem in the 2020-01-07 anti-censorship team meeting
16:09:15 <phw> malwarebytes may be looking at dns reqs without considering the semantics of a cname, in which case it always sees the bamsoftware domain
16:10:49 <phw> i just tested with wireshark: i see bamsoftware.com in my dns responses when i turn snowflake on
The solution we arrived at is to make the freehaven.net domains be CNAMEs for the corresponding torproject.net domains, which are plain A records and do not refer to bamsoftware.com. To be specific, we need to change this:
snowflake-broker IN CNAME snowflake-broker.bamsoftware.com.
snowflake IN CNAME snowflake.bamsoftware.com.to this:
snowflake-broker IN CNAME snowflake-broker.torproject.net.
snowflake IN CNAME snowflake.torproject.net.