Open wkrp opened 1 year ago
The moon has no problem with the settings.
Please make it easier to settings. All things are done automatically for ordinary people
@n8fr8 @wkrp I think in this situation, it's best to have the option to select the country or you can use GPS/IP range to determine the location automatically. Then apply the settings based on the country. I'm afraid the ordinary user have any motivation or enough knowledge to change the settings. BTW, thanks for information.
@free-the-internet you are correct, of course. It is a matter of ongoing development to reduce the difficulty of finding working settings. In fact, Tor Browser has a feature to automatically suggest custom circumvention settings for certain countries; it is called Connection Assist and it was added in Tor Browser 11.5. The problem, in this case, is that Connection Assist uses the same front domain as Snowflake, so if the domain is already blocked, Connection Assist will not be able to download the new settings.
@free-the-internetشما درست می گویید البته برای کاهش دشواری یافتن تنظیمات کاری، موضوع توسعه مداوم است. در واقع، مرورگر Tor دارای قابلیتی است که به طور خودکار تنظیمات دور زدن سفارشی را برای برخی کشورها پیشنهاد می کند. به آن Connection Assist می گویند و در مرورگر Tor 11.5 اضافه شده است. مشکل، در این مورد، این است که Connection Assist از همان دامنه جلویی Snowflake استفاده میکند ، بنابراین اگر دامنه از قبل مسدود شده باشد، Connection Assist نمیتواند تنظیمات جدید را دانلود کند.
Everything Tor is blocked and cannot automatically detect anything Why don't you use Google or Amazon servers
I think you should have 2 Tor versions A regular version A copy for countries with limited internet and specific settings Get help from the psiphon team also has a lot of experience
The Iranian people's protests were over This time Tor did not help As always V2RAY good answered
@free-the-internetشما درست می گویید البته برای کاهش دشواری یافتن تنظیمات کاری، موضوع توسعه مداوم است. در واقع، مرورگر Tor دارای قابلیتی است که به طور خودکار تنظیمات دور زدن سفارشی را برای برخی کشورها پیشنهاد می کند. به آن Connection Assist می گویند و در مرورگر Tor 11.5 اضافه شده است. مشکل، در این مورد، این است که Connection Assist از همان دامنه جلویی Snowflake استفاده میکند ، بنابراین اگر دامنه از قبل مسدود شده باشد، Connection Assist نمیتواند تنظیمات جدید را دانلود کند.
Everything Tor is blocked and cannot automatically detect anything Why don't you use Google or Amazon servers
I think you should have 2 Tor versions A regular version A copy for countries with limited internet and specific settings Get help from the psiphon team also has a lot of experience
The Iranian people's protests were over This time Tor did not help As always V2RAY good answered
Well, we can not compare Tor which is a public tool that helps millions with v2ray and derivatives that are private.
@wkrp I think connection assist can be disabled and by showing the user to select the country, you can set the broker to the working one. After one is blocked, since the new version releases are fast enough, users can get the update with the new urls set for broker. Also, maybe there is the possibility to test the different brokers connectivity before starting the connection, and switch to the next if first and predefined one is blocked. (Call it auto mode?)
I think connection assist can be disabled and by showing the user to select the country, you can set the broker to the working one. After one is blocked, since the new version releases are fast enough, users can get the update with the new urls set for broker. Also, maybe there is the possibility to test the different brokers connectivity before starting the connection, and switch to the next if first and predefined one is blocked. (Call it auto mode?)
There is a discussion happening about this idea, see https://bugs.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/40250.
It looks like the blocking of cdn.sstatic.net ended on 2023-01-24.
Looks like cdn.sstatic.net was again partially blocked between 2023-01-31 and 2023-02-02.
There have been a few other instances of scattered anomalies lasting no more than a day in certain networks, through March 2023.
https://bugs.torproject.org/tpo/anti-censorship/team/115#note_2892825
begin date | end date | measurement | AS | summary |
---|---|---|---|---|
2023-03-03 | 2023-03-03 | Confirmed | AS50810 | DNS 10.10.34.35 |
2023-03-08 | 2023-03-08 | Confirmed | AS58224 | DNS 10.10.34.35 |
2023-03-13 | 2023-03-13 | Anomaly | AS50810 | DNS 198.18.0.147 |
2023-03-19 | 2023-03-19 | Anomaly Anomaly | AS44244 | TCP RST |
I want to call out specifically the 2023-03-13 12:32:37 measurement in AS 50810. It is anomalous because the DNS response contains the wrong IP address. It's an IP address I haven't seen used for blocking before, 198.18.0.147.
The 198.18.0.0/15 address range is reserved for benchmarking by RFC 2544. The whois record says:
Addresses starting with "198.18." or "198.19." are set aside for use in isolated laboratory networks used for benchmarking and performance testing. They should never appear on the Internet and if you see Internet traffic using these addresses, they are being used without permission.
All other recent measurements of cdn.sstatic.net from AS 50810 look normal.
Has anyone seen 198.18.0.0/15 IP addresses being used in DNS injection before?
The number of Snowflake users has decreased by about 20% since 2023-01-16, five days ago. The cause has been determined to be the blocking of the domain name cdn.sstatic.net, which is the default for one of Snowflake's rendezvous methods.
Snowflake currently supports two rendezvous methods: domain fronting and AMP cache. Accordingly, there are two ways to work around the blocking of the default front domain: change to a different front domain, or use the AMP cache rendezvous.
AMP cache rendezvous is easier to activate, so I suggest trying that first.
AMP cache rendezvous
On Orbot and Onion Browser, you just have to select a menu option. On Tor Browser (desktop and Android), you have to enter a custom bridge line. More information about changing bridges (فارسی).
Orbot for Android
Orbot for iOS
Onion Browser for iOS
Tor Browser for Android
snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net/ ampcache=https://cdn.ampproject.org/ front=www.google.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
You can experiment with different Google-related domain names for
front=www.google.com
. For example,front=cdn.ampproject.org
.Tor Browser for desktop
snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net/ ampcache=https://cdn.ampproject.org/ front=www.google.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
You can experiment with different Google-related domain names for
front=www.google.com
. For example,front=cdn.ampproject.org
.Change the domain front
You can edit an existing bridge line that has
url=https://snowflake-broker.torproject.net.global.prod.fastly.net/
, and changefront=cdn.sstatic.net
to something else. Here is a list of possible alternatives:For example, a complete bridge line would be
snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=fastly.jsdelivr.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
More information about changing bridges (فارسی).
Evidence of blocking
This graph shows the top 6 countries by Snowflake users. You can see a decrease in IR and US since 2023-01-16. We suspect many of the users that are being attributed to US are actually from IR, because of geolocation errors.
From OONI MAT charts, we see an increase in anomalies when attempting to use Snowflake, since 2023-01-16:
https://explorer.ooni.org/chart/mat?probe_cc=IR&test_name=torsf&since=2023-01-06&until=2023-01-22&axis_x=measurement_start_day![Iran, Tor test](https://user-images.githubusercontent.com/41267675/213845258-cb54652f-eefc-4b03-856b-26625310af54.png)
Checking the Web Connectivity results for cdn.sstatic.net, we see anomalies starting 2023-01-16. Examination of the specific measurements shows a timeout after TLS Client Hello in certain ISPs.
https://explorer.ooni.org/chart/mat?probe_cc=IR&test_name=web_connectivity&domain=cdn.sstatic.net&since=2023-01-06&until=2023-01-22&axis_x=measurement_start_day![Iran, Web connectivity test, cdn.sstatic.net](https://user-images.githubusercontent.com/41267675/213845276-94d1e2ab-9350-498d-965d-62a5b349a827.png)