Snowflake as a generic TCP (UDP?) forwarder (like `ssh -L`)
Here's the idea
- When setting up a Snowflake server, you specify host and hostport you want to forward connections to
- When setting up a Snowflake client, you specify the address of the Snowflake server to connect to and local port to listen to (and optionally bind_address)
- When a connection to bind_address:port is made, it gets forwarded through the Snowflake network and comes out of the Snowflake server to host:hostport
If one day we make the proxy allow pattern not so strict (i.e. only allowing connections to snowflake.torproject.net
) (possibly with the help of #40166), this would open up virtually endless possibilities for the Snowflake network, it would be like a Tor network of its own.
For example, VPN services that are being censored could start deploying their own Snowflake servers to keep serving their clients (in that case we wouldn't even need to ask proxies to connect to arbitrary addresses, a curated white-list would do). Individuals could do the same, and with their own VPNs, in case censorship is super heavy, like it is in Turkmenistan (although Snowflake apparently doesn't work there right now #40024 (closed)) where self-hosted VPNs get blocked as well. (Side note - why I seem to be obsessed with VPNs when we already have Tor that already works with Snowflake - because they're faster).
Related: #40131