Upgrade our standalone proxies for firstname.lastname@example.org fingerprint changes
!66 (merged) updated the version of the pion/dtls dependency, in order to get a modified DTLS fingerprint in response to blocking in Russia. This update has already shipped for clients in Tor Browser 11.5a1. But we believe the DTLS fingerprinting is bidirectional, and so both the client and the proxy need to have a good fingerprint, in order for the connection to work in Russia.
This issue is to upgrade the standalone proxies we run to commit 738bd464 or later.
Discussion at the 2021-12-09 anti-censorship team meeting:
16:33:49 <shelikhoo> To make snowflake work for peoples influenced by this DTLS block, we might need to encourage standalone proxy operators to update software version 16:34:12 <cohosh> yes good point shelikhoo 16:34:22 <cohosh> we can use this module replacement trick and update the docker container 16:34:31 <cohosh> this makes that process easier than i thought 16:35:33 <dcf1> yes, on the point of standalone proxies, we need to encourage people to upgrade, or if we need to, we can potentially exclude proxies that have not upgraded, at the broker 16:36:21 <shelikhoo> or make sure updated client only match with updated standalone proxy 16:36:35 <shelikhoo> (but that will be a little complex) 16:37:10 <cohosh> the less complexity we add in the broker matching, probably the better 16:37:25 <cohosh> it is nice that if the client fails to connect it will keep trying 16:37:51 <arma2> shelikhoo: right, cohosh and i discussed that last night, and the direction we were heading is: try to get headless snowflakes to upgrade, and eventually stop handling the old ones, and then the broker matching algorithm can stay simple 16:38:46 <shelikhoo> Yes, so we wants to send proxy version in the broker request 16:38:58 <arma2> yep. and apparently we already do. 16:39:03 <shelikhoo> Yes 16:39:15 <cohosh> we used this to exclude old proxies before