bbs
bbs copied to clipboard
net4people
AMP cache rendezvous for Snowflake
I neglected to post about this when it was newer. This post is about a new feature that was released in Tor Browser 11.5a1 (December 2021), 11.0.3 (December 2021), and 11.0.5 for Android (February 2022).
Before Snowflake can start a peer-to-peer WebRTC connection, it needs to do a step called rendezvous, where the client connects to the broker and indicates its need for a proxy connection. In principle, rendezvous is modular: any kind of blocking-resistant request–response protocol can work. Originally, and still by default in Tor Browser, Snowflake does rendezvous using a domain-fronted HTTPS request. Now there is an alternative (backup) to domain fronting rendezvous: AMP cache rendezvous. If one rendezvous method is blocked, there is a chance the other will work.
Unfortunately, there is no easy UI for changing the rendezvous method. You have to edit a configuration file. (This will get easier in a future version where you can control options in the bridge line.)
Open the Tor Browser folder and find the torrc-defaults file:
| platform | location |
|---|---|
| linux | Browser/TorBrowser/Data/Tor/torrc-defaults |
| windows | Browser\TorBrowser\Data\Tor\torrc-defaults |
| osx | Contents/Resources/TorBrowser/Tor/torrc-defaults |
Find the part that says:
## snowflake configuration
ClientTransportPlugin snowflake exec ...
Remove the following options from the line:
-url https://snowflake-broker.torproject.net.global.prod.fastly.net/ -front cdn.sstatic.net
And replace them with these options:
-url https://snowflake-broker.torproject.net/ -ampcache https://cdn.ampproject.org/ -front www.google.com
In place of -front www.google.com, you can try other Google domains. Leave all the other options the same.
Then start Tor Browser, and configure it to use Snowflake as a bridge at about:preferences#tor.
For extra debugging information, you can add the options -log snowflake.log -log-to-state-dir. Search for a file called snowflake.log.
The torrc-defaults file will be overwritten whenever Tor Browser self-updates. You will have to apply the change again.
Background and history on AMP cache:
- @nogoegst's amper library (2018)
- Post on traffic-obf (2018)
- AMP cache arithmetic demo (2019)
- Snowflake rendezvous using AMP cache (2021)
Discussion of modular rendezvous:
We have some new metrics exported by the Snowflake broker to count how many client poll requests we get for each rendezvous method. These changes were deployed on January 31st, making yesterday the first day these counts started being archived by CollecTor. I was very surprised by how close the domain fronting (HTTP) and AMP cache counts are:
client-http-count 1250792
client-ampcache-count 1004456
