(More) Distributed servers
Standing on the shoulders of #40129 (closed), I propose the following.
This should allow clients to connect to any accordingly set-up Tor bridge relay (or even a regular entry node) they choose (say, distributed through moat, or any other channels) (public relays are better, see this comment), eliminating the need of maintaining several centralized, set-in-stone Snowflake servers (bridges), which, mind, costs quite a bit to operate, upgrade and optimize.
What the parties need to become capable of doing so all this can work:
- Severs (a.k.a. bridges (or relays)): set up a Tor bridge, and set up a Snowflake server coupled with it, with a dedicated port (say,
7901
see #40166) - Proxies: set allowed relay pattern to
*:7901
(any host, at port7901
, see #40166) - Clients: choose a server (bridge) that is set up accordingly, set up the Snowflake client to forward connections to that server, then connect Tor to it as a bridge.
From what I see, it should be quite possible upgrade all the current bridges (or better public relays) this way (maybe even by embedding a Snowflake server in the Tor relay package), or upgrade bridge distribution mechanisms with a way to filter bridges by whether they accept Snowflake connection (like it is with obfs4). At which point it should become possible to let the Tor client choose the entry node itself, not manually specify a bridge you want (ahh, just remembered that it needs to learn the addresses of the nodes first. Maybe it can connect to directory authorities through Snowflake as well).
This idea is a based on these other ideas: #40166, #40168 (closed).
A step further would be to combine the server (bridge) and the proxy on one machine, but I haven't thought about it enough (see #40165 (closed), for example).