Skip to content
GitLab
  • Explore
  • Sign in
  • The Tor Project
  • Anti-censorship
  • Pluggable Transports
  • Snowflake
  • Issues
  • #40028

Make *.freehaven.net domains be CNAMEs for *.torproject.net, not *.bamsoftware.com

In #31250 (closed) we changed snowflake.bamsoftware.com and snowflake-broker.bamsoftware.com to snowflake.freehaven.net and snowflake-broker.freehaven.net in the browser extension, in order to avoid malware warnings from bamsoftware.com. But the freehaven.net domains are CNAMEs for the corresponding bamsoftware.com domains, which apparently still triggers some malware detection systems:

  • Is bamsoftware.com related to the TOR project in any official way?

    I recently installed Snowflake on Firefox. Whenever I turn it on, Malwarebytes blocks snowflake.bamsoftware.com and snowflake-broker.bamsoftware.com because of a Trojan.

  • @arma reports that someone he knows has also seen antivirus warnings when running the browser extension.

We diagnosed the problem in the 2020-01-07 anti-censorship team meeting

16:09:15 <phw> malwarebytes may be looking at dns reqs without considering the semantics of a cname, in which case it always sees the bamsoftware domain
16:10:49 <phw> i just tested with wireshark: i see bamsoftware.com in my dns responses when i turn snowflake on

The solution we arrived at is to make the freehaven.net domains be CNAMEs for the corresponding torproject.net domains, which are plain A records and do not refer to bamsoftware.com. To be specific, we need to change this:

snowflake-broker        IN      CNAME   snowflake-broker.bamsoftware.com.
snowflake               IN      CNAME   snowflake.bamsoftware.com.

to this:

snowflake-broker        IN      CNAME   snowflake-broker.torproject.net.
snowflake               IN      CNAME   snowflake.torproject.net.
Assignee
Assign to
Time tracking