Is there a better moat/snowflake SNI than cdn.sstatic.net? (#40595) · Issues · The Tor Project / Applications / Tor Browser

Is there a better moat/snowflake SNI than cdn.sstatic.net?

(@cohosh asked me to file this ticket after a bit of discussion)

In Tor Browser, we launch Snowflake with

snowflake-client \
  -url https://snowflake-broker.torproject.net.global.prod.fastly.net/ \
  -front cdn.sstatic.net \
  -ice [...]

That cdn.sstatic.net is the SNI that we write on the outside of the TLS connection to fastly. That is, Tor Browser Snowflake users try to look like people reaching for a piece of stackexchange, when they reach out to the broker to ask for a connect-back.

Similarly, for Moat, in about:config we see

extensions.torlauncher.bridgedb_front : cdn.sstatic.net

So Tor Browser users who are fetching a new set of bridges inside Tor Browser also look like people reaching for a piece of stackexchange.

So:

(a) Is this site a particularly robust example in the context of collateral freedom? Are there better ones we might pick? Should we add some variety? Or maybe variety just makes for an even more unusual fingerprint?

(b) We should probably set up some sort of automation to make sure stackexchange stays on fastly, since if they leave, our Snowflake and Moat will suddenly and strangely break.

(c) We should also be aware that these connections aren't "invisible" -- making a connection out of the blue to a piece of stackexchange, but not to other pieces of it, is a recognizable signature if people on the local network are looking for it.

Edited Aug 17, 2021 by Roger Dingledine

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information