Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Tor Browser Tor Browser
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 835
    • Issues 835
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 7
    • Merge requests 7
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Applications
  • Tor BrowserTor Browser
  • Issues
  • #40595
Closed (moved) (moved)
Open
Issue created Aug 13, 2021 by Roger Dingledine@armaReporter

Is there a better moat/snowflake SNI than cdn.sstatic.net?

(@cohosh asked me to file this ticket after a bit of discussion)

In Tor Browser, we launch Snowflake with

snowflake-client \
  -url https://snowflake-broker.torproject.net.global.prod.fastly.net/ \
  -front cdn.sstatic.net \
  -ice [...]

That cdn.sstatic.net is the SNI that we write on the outside of the TLS connection to fastly. That is, Tor Browser Snowflake users try to look like people reaching for a piece of stackexchange, when they reach out to the broker to ask for a connect-back.

Similarly, for Moat, in about:config we see

extensions.torlauncher.bridgedb_front : cdn.sstatic.net

So Tor Browser users who are fetching a new set of bridges inside Tor Browser also look like people reaching for a piece of stackexchange.

So:

(a) Is this site a particularly robust example in the context of collateral freedom? Are there better ones we might pick? Should we add some variety? Or maybe variety just makes for an even more unusual fingerprint?

(b) We should probably set up some sort of automation to make sure stackexchange stays on fastly, since if they leave, our Snowflake and Moat will suddenly and strangely break.

(c) We should also be aware that these connections aren't "invisible" -- making a connection out of the blue to a piece of stackexchange, but not to other pieces of it, is a recognizable signature if people on the local network are looking for it.

Edited Aug 17, 2021 by Roger Dingledine
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking