Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • S Snowflake
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 71
    • Issues 71
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 4
    • Merge requests 4
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Anti-censorship
  • Pluggable Transports
  • Snowflake
  • Issues
  • #40028
Closed
Open
Created Jan 07, 2021 by David Fifield@dcfOwner

Make *.freehaven.net domains be CNAMEs for *.torproject.net, not *.bamsoftware.com

In #31250 (closed) we changed snowflake.bamsoftware.com and snowflake-broker.bamsoftware.com to snowflake.freehaven.net and snowflake-broker.freehaven.net in the browser extension, in order to avoid malware warnings from bamsoftware.com. But the freehaven.net domains are CNAMEs for the corresponding bamsoftware.com domains, which apparently still triggers some malware detection systems:

  • Is bamsoftware.com related to the TOR project in any official way?

    I recently installed Snowflake on Firefox. Whenever I turn it on, Malwarebytes blocks snowflake.bamsoftware.com and snowflake-broker.bamsoftware.com because of a Trojan.

  • @arma reports that someone he knows has also seen antivirus warnings when running the browser extension.

We diagnosed the problem in the 2020-01-07 anti-censorship team meeting

16:09:15 <phw> malwarebytes may be looking at dns reqs without considering the semantics of a cname, in which case it always sees the bamsoftware domain
16:10:49 <phw> i just tested with wireshark: i see bamsoftware.com in my dns responses when i turn snowflake on

The solution we arrived at is to make the freehaven.net domains be CNAMEs for the corresponding torproject.net domains, which are plain A records and do not refer to bamsoftware.com. To be specific, we need to change this:

snowflake-broker        IN      CNAME   snowflake-broker.bamsoftware.com.
snowflake               IN      CNAME   snowflake.bamsoftware.com.

to this:

snowflake-broker        IN      CNAME   snowflake-broker.torproject.net.
snowflake               IN      CNAME   snowflake.torproject.net.
Assignee
Assign to
Time tracking