Why run a snowflake proxy?
News reports indicate that current events caused a sharp increase in blocked or limited internet accessibility in several countries. One option to circumvent these measures is to use a TOR browser. Also available on mobile phones - e.g. Onion Browser for iOS.
|
In the cable tray under my desk, there lives a Raspberry Pi |
As one method to aid circumventing DNS, IP and routing measures, you can run a snowflake proxy. Your PC or server temporarily registers with a public broker as a snowflake proxy. A user's TOR browser will ask the broker for the address of a snowflake proxy, which will give access to the TOR network. Snowflake is one of several bridging techniques that can be chosen in the browser if it can't connect to the TOR network directly.
Can I get in trouble for running a snowflake proxy?
If you live in a healthy democracy, it is most unlikely to get into trouble for running a snowflake proxy. Other than running a TOR Exit Node (very bad idea!), your IP address won't show up in any web server logs.
Can anyone do bad things over my connection?
Yes. But you will never know, as all communication is encrypted. Like any technology, TOR can be used for good and bad. - I decided that at this moment the benefits outweigh the risks. I hope that will change some time soon.
If you don't run a dedicated server, consider running snowflake as a plugin for Firefox or chrome, so you can help while surfing the web.
Will it eat up my Internet bandwidth?
That depends. It does not even remotely for me, but I have the luxury of a super stable 100/40 MBit/s DSL connection.
Set up Snowflake on a Raspberry Pi
There are several tutorials on the web, but none worked flawlessly 1st try. So here is my take. I assume you have a basic knowledge of Linux/Unix.
Fetch the current version of the GO programming language for the Raspi:
me@myhost:$ wget https://go.dev/dl/go1.19.1.linux-armv6l.tar.gz
--2022-09-22 14:32:59-- https://go.dev/dl/go1.19.1.linux-armv6l.tar.gz
.... much Output deleted .....
go1.19.1.linux-armv6l.tar 100%[===================================>] 111,29M 1,38MB/s in 33s
2022-09-22 14:33:32 (3,42 MB/s) - »go1.19.1.linux-armv6l.tar.gz« saved [116690970/116690970]
Unpack that to /usr/local (or wherever you like it best):
me@myhost:$ sudo tar -C /usr/local -xzf go1.19.1.linux-armv6l.tar.gz
You can get rid og the archive to free up the space:
me@myhost:$ rm go1.19.1.linux-armv6l.tar.gz
Add the location of the go binary to your path to make things easy:
me@myhost:$ vi ~/.profile
At the end of the file simply add these two lines:
PATH=$PATH:/usr/local/go/bin
GOPATH=$HOME/go
Save that (ESC : w q)
You can now either log off and on again, or type
me@myhost:$ source ~/.profile
to update the environment variables.
If you haven't installed git already, do so by typing:
me@myhost:$ sudo apt install git
If you have a preferred directory where you build your stuff, cd to there. Otherwise just type:
me@myhost:$ git clone https://git.torproject.org/pluggable-transports/snowflake.git
Then change to the proxy subdirectory:
me@myhost:$ cd snowflake
me@myhost:$ cd proxy
And build the snowflake proyx:
me@myhost:$ go build
Once that has completed, you can run it right from where you are:
me@myhost:~/snowflake/proxy $ ./proxy -verbose
2022/09/24 14:01:55 starting
2022/09/24 14:01:56 WebRTC: Created offer
2022/09/24 14:01:56 WebRTC: Set local description
2022/09/24 14:01:56 Offer:... OUTPUT REMOVED
2022/09/24 14:02:25 NAT Type measurement: unknown -> restricted = restricted
2022/09/24 14:02:25 NAT type: restricted
2022/09/24 14:02:35 sdp offer successfully received.
2022/09/24 14:04:48 OnDataChannel
2022/09/24 14:04:48 Connection successful.
2022/09/24 14:04:48 OnOpen channel
2022/09/24 14:10:56 connected to relay: wss://snowflake.torproject.net/
2022/09/24 14:10:58 OnClose channel
2022/09/24 14:10:58 Traffic throughput (up|down): 8 KB|11 KB -- (43 OnMessages, 16 Sends, over 15 seconds)
2022/09/24 14:10:58 copy loop ended
2022/09/24 14:10:58 datachannelHandler ends
It might take a while for someone to actually connect. Don't worry if you see time-outs.
CTRL-C ends the process. On a Raspberry Pi, you'll probably want to run the proxy even while logged off. My way of doing that is not what you'd want for a permanent installation. As I do a lot of experimental stuff on the Raspi, I like to manually start what I want to run:
me@myhost:$ nohup ./proxy > ~/snowflake.log 2>&1 &
That has the downside that you manually have to kill the process when you want to stop it.
me@myhost:$ kill -9 $(pidof proxy)
Some extra load on the Raspi
The proxy takes a fair bit of CPU power from the Raspberry. But it never even comes close to using the full capacity and the sub processes balance nicely over the four cores of my somewhat aged pi.
|
Moderate extra load on the Raspberry Pi |
Sniffing snowflake traffic on your network
You can actually find out where the users using your proxy are located. As the clients connect (well, it is UDP, so strictly speaking "connect" is not quite right) to your proxy, you can use tcpdump for a quick analysis:
me@myhost:$ sudo tcpdump -i eth0 -s 1500 port not 22 and port not 53
On the output, look out for UDP traffic. There will be some lines looking like this:
18:09:46.914455 IP myhost.mydomain.de.60101 > 188.208.20Y.XXX.39043: UDP, length 1265
18:09:46.914894 IP myhost.mydomain.de.60101 > 188.208.20Y.XXX.39043: UDP, length 269
18:09:46.915551 IP myhost.mydomain.de.60101 > 188.208.20Y.XXX.39043: UDP, length 1265
18:09:46.915987 IP myhost.mydomain.de.60101 > 188.208.20Y.XXX.39043: UDP, length 269
18:09:46.916724 IP myhost.mydomain.de.60101 > 188.208.20Y.XXX.39043: UDP, length 1265
18:09:46.917321 IP myhost.mydomain.de.60101 > 188.208.20Y.XXX.39043: UDP, length 269
18:09:46.918309 IP myhost.mydomain.de.60101 > 188.208.20Y.XXX.39043: UDP, length 1265
18:09:46.919010 IP myhost.mydomain.de.60101 > 188.208.20Y.XXX.39043: UDP, length 269
18:09:46.919814 IP myhost.mydomain.de.60101 > 188.208.20Y.XXX.39043: UDP, length 1265
To protect the user, I edited out the full IP.
The Network whois record will show who owns that network and where the company is located. In this case it is (no wonder at this moment) in Teheran, Iran.
|
That result was to be expected |
From a brief observation, I see almost exclusively IPs from providers in Iran, Iraq and Russia.
The slowflake log
When not in verbose mode, the proxy logs to stdout (or in my case to snowflake.log) hourly and reports some statistics:
me@myhost:~ $ tail -f snowflake.log
2022/09/18 04:12:49 In the last 1h0m0s, there were 7 connections. Traffic Relayed ↑ 1 GB, ↓ 87 MB.
2022/09/18 05:12:49 In the last 1h0m0s, there were 8 connections. Traffic Relayed ↑ 3 MB, ↓ 487 KB.
2022/09/18 06:12:49 In the last 1h0m0s, there were 20 connections. Traffic Relayed ↑ 327 MB, ↓ 34 MB.
2022/09/18 07:12:49 In the last 1h0m0s, there were 17 connections. Traffic Relayed ↑ 14 MB, ↓ 4 MB.
2022/09/18 08:12:49 In the last 1h0m0s, there were 34 connections. Traffic Relayed ↑ 46 MB, ↓ 18 MB.
2022/09/18 09:12:49 In the last 1h0m0s, there were 15 connections. Traffic Relayed ↑ 23 MB, ↓ 12 MB.
2022/09/18 10:12:49 In the last 1h0m0s, there were 40 connections. Traffic Relayed ↑ 286 MB, ↓ 70 MB.
2022/09/18 11:12:49 In the last 1h0m0s, there were 19 connections. Traffic Relayed ↑ 46 MB, ↓ 15 MB.
2022/09/18 12:12:49 In the last 1h0m0s, there were 27 connections. Traffic Relayed ↑ 134 MB, ↓ 35 MB.
2022/09/18 13:12:49 In the last 1h0m0s, there were 13 connections. Traffic Relayed ↑ 32 MB, ↓ 3 MB.
The traffic volume varies widely from a few MBytes s to a GByte per hour.