We're now making final changes to the Snowflake paper in anticipation of acceptance to a security conference. We're still interested in hearing any comments or corrections on what we've written about Guardian's projects. Our deadline is 2024-02-19. Here is a recent draft:
https://www.bamsoftware.com/papers/snowflake/snowflake.20240207.9d113dac.pdf In particular, I'd like clarification on this question: Is Orbot 17 "out"? The org.torproject.android Play Store page still says Version 16.6.3-RC-1-tor.0.4.7.10 Updated on Nov 1, 2022 If that's true, it would mean that Snowflake in Orbot from the Play Store doesn't know about the second bridge and doesn't know about, for example, DTLS anti-fingerprinting countermeasures needed for access in Russia (https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_requests/637). Or is the Play Store not where most users get Orbot? Not being very familiar with mobile ecosystems, I'm looking for guidance on this question. On Tue, Oct 03, 2023 at 08:01:00PM -0400, David Fifield wrote: > I and my coauthors Cecylia Bocovich, Arlo Breault, Serene, and Xiaokang > Wang are writing a paper about Snowflake. We have listed Guardian > Project in the acknowledgements, and Orbot is referenced in several > places. We are writing in the hope that you can double-check what we > have written about work you are involved in. Any other comments are > welcome. > > Here is a draft. If you have any comments in the next 5 weeks, we can > try to take them into account. > > https://www.bamsoftware.com/papers/snowflake/snowflake.20231003.e6e1c30d.pdf > > Some specific points we want to call your attention to: > > Figure 5 shows the number of Snowflake proxies by type. iPtProxy is in > second place, behind the browser extension. > https://github.com/turfed/snowflake-paper/blob/e6e1c30dde6716dc5e54a32f2134f19068a7f395/figures/proxies/proxy-type.pdf > > We list 16.4.0 and 16.4.1 as the first releases to support Snowflake as > a client, and a proxy respectively. I've previously asked about these > version numbers, so I'm pretty sure they're correct. > https://lists.mayfirst.org/pipermail/guardian-dev/2023-July/005704.html > https://lists.mayfirst.org/pipermail/guardian-dev/2023-July/005708.html > > https://github.com/turfed/snowflake-paper/blob/e6e1c30dde6716dc5e54a32f2134f19068a7f395/snowflake.tex#L1509 > Snowflake's growth began in earnest when it became part of > default installations. Orbot, a mobile app that provides a > VPN-like Tor proxy, added a Snowflake client in version 16.4.0 > on 2021-01-12. > https://github.com/turfed/snowflake-paper/blob/e6e1c30dde6716dc5e54a32f2134f19068a7f395/snowflake.tex#L1937 > Orbot's Snowflake proxy feature was added in version 16.4.1 in > February 2021. > > Here we've said Orbot's ability to act as a proxy is called "kindness > mode". Our understanding is that this label is only used in v17+. > > https://github.com/turfed/snowflake-paper/blob/e6e1c30dde6716dc5e54a32f2134f19068a7f395/snowflake.tex#L1867 > Finally, Orbot, a mobile app for accessing Tor, besides being > able to \emph{use} Snowflake for circumvention, can also > \emph{provide} Snowflake proxy service to others, a feature > called ``kindness mode.'' > % Only so called in Orbot v17+, which should be current by the > % time the paper is submitted. > > Regarding the TLS fingerprint blocking that happened in Iran in 2019, we > write about how Orbot was more affected than Tor Browser, because > different versions of Go crypto/tls led to slightly different TLS > fingerprints. > > https://github.com/turfed/snowflake-paper/blob/e6e1c30dde6716dc5e54a32f2134f19068a7f395/snowflake.tex#L2588 > As it happens, it was mainly Orbot that was affected, because at > the time it used a Snowflake client compiled with Go 1.17, and > it runs on mobile platforms that are less likely to have AES > acceleration. Tor Browser was relatively unaffected, because it > either ran on desktops with AES acceleration, or on mobile > platforms with the newer version of the Go standard library > whose TLS fingerprint was not being matched. But evidently Orbot > is more used in Iran than Tor Browser, because the decline was > so drastic. > > Regarding Orbot 17, I'm still unclear on the degree to which that has > been released. F-Droid has it, but the Google Play site says "Updated on > Nov 1, 2022" and has 16.6.3-RC-1-tor.0.4.7.10. We have a couple of todo > notes to make updates when Orbot 17 is released, because of anticipated > changes to DTLS fingerprints and multi-bridge support. Is there anything > to add on these points? > > https://github.com/turfed/snowflake-paper/blob/e6e1c30dde6716dc5e54a32f2134f19068a7f395/snowflake.tex#L1600 > Another DTLS blocking signature was reported on 2022-06-20; we > did not get to fixing it until Tor Browser 12.0.3 on > 2023-02-15.\todo{And Orbot 17 on\ldots} > https://github.com/turfed/snowflake-paper/blob/e6e1c30dde6716dc5e54a32f2134f19068a7f395/snowflake.tex#L1677 > The second bridge was made available to users in Tor Browser > 12.0 on 2022-12-07. By July, the second bridge supported about > 18% of Snowflake users.\todo{Revisit this when Orbot~17 hits the > Play Store.} _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
