I and my coauthors Cecylia Bocovich, Arlo Breault, Serene, and Xiaokang Wang are writing a paper about Snowflake. We have listed Guardian Project in the acknowledgements, and Orbot is referenced in several places. We are writing in the hope that you can double-check what we have written about work you are involved in. Any other comments are welcome.
Here is a draft. If you have any comments in the next 5 weeks, we can try to take them into account. https://www.bamsoftware.com/papers/snowflake/snowflake.20231003.e6e1c30d.pdf Some specific points we want to call your attention to: Figure 5 shows the number of Snowflake proxies by type. iPtProxy is in second place, behind the browser extension. https://github.com/turfed/snowflake-paper/blob/e6e1c30dde6716dc5e54a32f2134f19068a7f395/figures/proxies/proxy-type.pdf We list 16.4.0 and 16.4.1 as the first releases to support Snowflake as a client, and a proxy respectively. I've previously asked about these version numbers, so I'm pretty sure they're correct. https://lists.mayfirst.org/pipermail/guardian-dev/2023-July/005704.html https://lists.mayfirst.org/pipermail/guardian-dev/2023-July/005708.html https://github.com/turfed/snowflake-paper/blob/e6e1c30dde6716dc5e54a32f2134f19068a7f395/snowflake.tex#L1509 Snowflake's growth began in earnest when it became part of default installations. Orbot, a mobile app that provides a VPN-like Tor proxy, added a Snowflake client in version 16.4.0 on 2021-01-12. https://github.com/turfed/snowflake-paper/blob/e6e1c30dde6716dc5e54a32f2134f19068a7f395/snowflake.tex#L1937 Orbot's Snowflake proxy feature was added in version 16.4.1 in February 2021. Here we've said Orbot's ability to act as a proxy is called "kindness mode". Our understanding is that this label is only used in v17+. https://github.com/turfed/snowflake-paper/blob/e6e1c30dde6716dc5e54a32f2134f19068a7f395/snowflake.tex#L1867 Finally, Orbot, a mobile app for accessing Tor, besides being able to \emph{use} Snowflake for circumvention, can also \emph{provide} Snowflake proxy service to others, a feature called ``kindness mode.'' % Only so called in Orbot v17+, which should be current by the % time the paper is submitted. Regarding the TLS fingerprint blocking that happened in Iran in 2019, we write about how Orbot was more affected than Tor Browser, because different versions of Go crypto/tls led to slightly different TLS fingerprints. https://github.com/turfed/snowflake-paper/blob/e6e1c30dde6716dc5e54a32f2134f19068a7f395/snowflake.tex#L2588 As it happens, it was mainly Orbot that was affected, because at the time it used a Snowflake client compiled with Go 1.17, and it runs on mobile platforms that are less likely to have AES acceleration. Tor Browser was relatively unaffected, because it either ran on desktops with AES acceleration, or on mobile platforms with the newer version of the Go standard library whose TLS fingerprint was not being matched. But evidently Orbot is more used in Iran than Tor Browser, because the decline was so drastic. Regarding Orbot 17, I'm still unclear on the degree to which that has been released. F-Droid has it, but the Google Play site says "Updated on Nov 1, 2022" and has 16.6.3-RC-1-tor.0.4.7.10. We have a couple of todo notes to make updates when Orbot 17 is released, because of anticipated changes to DTLS fingerprints and multi-bridge support. Is there anything to add on these points? https://github.com/turfed/snowflake-paper/blob/e6e1c30dde6716dc5e54a32f2134f19068a7f395/snowflake.tex#L1600 Another DTLS blocking signature was reported on 2022-06-20; we did not get to fixing it until Tor Browser 12.0.3 on 2023-02-15.\todo{And Orbot 17 on\ldots} https://github.com/turfed/snowflake-paper/blob/e6e1c30dde6716dc5e54a32f2134f19068a7f395/snowflake.tex#L1677 The second bridge was made available to users in Tor Browser 12.0 on 2022-12-07. By July, the second bridge supported about 18% of Snowflake users.\todo{Revisit this when Orbot~17 hits the Play Store.} _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
