On 2019-10-02 18:37, Jeremy Rand wrote:
The main benefit of Snowflake against this threat model compared to
other bridge types is that Snowflake bridges are more likely to be on
dynamic IP addresses and are more likely to have intermittent
availability.  Both of these factors mean that Snowflake bridges have
substantially more "churn", which means they resist enumeration attacks
substantially better than the other bridge types.  (You may recognize
this advantage as one that a previous bridge type, Flash Proxy, also
had.  Snowflake is similar to Flash Proxy in this sense, but doesn't
suffer from the UX issues that caused Flash Proxy to be deprecated.)

However, some "dynamic" IP addresses are sticky, especially those used by non-mobile ISPs using DHCP instead of PPPoE.

This means these IPs more or less stay the same for a period of time, unless you change your router MAC, but the ISP reserves the right to change them anyways when the network changes without notice, unlike "static" IPs which ISPs try to avoid changing unless they have to.

Heck, because of "sticky" IPs, many people with FTTH have "guard" relays (including myself).

But for Snowflake, this could be an issue because a country like China could block a residential IP for a while if they enumerate. However, Snowflake bridges are usually short lived so IPs come and go and it's harder to block (but don't assume it's unblockable, there's deep packet inspection and machine learning).

-Neel

===

https://www.neelc.org/
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Reply via email to