Skip to content

Blocking of cdn.sstatic.net by SNI in Iran, 2023-01-16 to 2023-01-24 and sporadically thereafter

It looks like the domain cdn.sstatic.net is blocked by SNI filtering in some ISPs in Iran since 2023-01-16. This is affecting Snowflake user numbers because that domain is used for one of the two supported rendezvous methods (the only supported default in Tor Browser; one of two supported defaults in Orbot). A mitigation is to use AMP cache rendezvous, which is a menu option in Orbot but which requires manually entering a bridge address in desktop Tor Browser.

Related links:

The OONI chart showing anomalies since 2023-01-16:

https://explorer.ooni.org/chart/mat?probe_cc=IR&test_name=web_connectivity&domain=cdn.sstatic.net&since=2023-01-06&until=2023-01-20&axis_x=measurement_start_day Iran, Web connectivity test, cdn.sstatic.net

Some specific Web Connectivity measurements:

date AS result
2023-01-17 06:35:02 AS206065 timeout after tls_handshake_start
2023-01-17 08:15:28 AS50810 timeout after tls_handshake_start
2023-01-17 19:18:12 AS16322 ok
2023-01-17 21:47:01 AS31549 ok

The effect on the top 6 Snowflake countries, showing a change only in IR and US. (Recall that we suspect that many of the nominally US users are actually in IR, due to geolocation errors.)

Snowflake users by country, January 2023

Graph source code 
library("tidyverse")

PALETTE <- c(
	"ir" = "#239f40",
	"us" = "goldenrod",
	"??" = "#bbbbbb",
	"ru" = "#0039a6",
	"cn" = "#de2910",
	"de" = "#de00de"
)

x <- read_csv("userstats-bridge-combined.csv") %>%
	filter(transport == "snowflake") %>%
	filter(country %in% names(PALETTE)) %>%
	mutate(country = factor(country, levels = names(PALETTE)))

p <- ggplot(x) +
	geom_ribbon(aes(x = date, ymin = low, ymax = high, fill = country)) +
	geom_line(aes(x = date, y = low, color = country), size = 0.5) +
	geom_line(aes(x = date, y = high, color = country), size = 0.5) +
	geom_text(aes(x = date, y = low, label = country), size = 2) +
	scale_color_manual(breaks = names(PALETTE), values = PALETTE) +
	scale_fill_manual(breaks = names(PALETTE), values = PALETTE) +
	coord_cartesian(xlim = as.Date(c("2023-01-06", "2023-01-18")), expand = FALSE) +
	guides(color = guide_legend(override.aes = list(alpha = 1.0, size = 1)), fill = "none") +
	theme_minimal() +
	labs(title = "Snowflake users by country, January 2023", x = NULL, y = "average simultaneous users")
ggsave("snowflake-country.png", p, width = 7, height = 4, dpi = 200)

OONI's Tor Snowflake test also shows an increase in anomalies starting 2023-01-16:

https://explorer.ooni.org/chart/mat?probe_cc=IR&test_name=torsf&since=2023-01-06&until=2023-01-20&axis_x=measurement_start_day Iran, Tor test

Specific Tor Snowflake measurements:

date AS rendezvous_method result
2023-01-17 23:46:57 AS206065 domain_fronting generic_timeout_error
2023-01-17 23:20:22 AS50810 domain_fronting generic_timeout_error
2023-01-17 20:49:42 AS16322 domain_fronting ok
2023-01-17 22:11:53 AS31549 domain_fronting ok
Edited by David Fifield
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information