tor broswer snowflake error since 2023-09-20.

[IrradiatedKiwi]

Problems with Snowflake since 2023-09-20

[wkrp]

The built in snowflake is compelete blocked for me around 2023-09-21.

Problems with Snowflake since 2023-09-20 are a known issue, not only in China, and being worked on. That problem occurs at the rendezvous stage, before any DTLS connection.

The DTLS failures you report since 2023-09-24 may be something different. I will take a look at the logs.

More information on rendezvous errors since 2023-09-20 (note that the suggested AMP cache workaround does not work in China):

https://forum.torproject.org/t/problems-with-snowflake-since-2023-09-20-broker-failure-unexpected-error-no-answer/9346

Some users are having problems connecting with Snowflake since yesterday, 2023-09-20. The anti-censorship and applications teams know the cause of the problem and are working on fixing it. In the meantime, if you are an affected Snowflake user, you may be able to work around the problem using a custom bridge line.

The symptom of the problem is that Tor doesn't make progress in bootstrapping. If you look at the Tor log, you will see messages like this:

[notice] Managed proxy "./client": offer created
[notice] Managed proxy "./client": broker failure Unexpected error, no answer.

The cause of the problem is that the domain name used for the rendezvous phase of making a Snowflake connection has started to resolve to a different CDN than usual. If the domain name resolves to the old CDN for you, Snowflake still works. If it resolves to the new CDN, Snowflake doesn't work.

Manual workarounds

You can try working around the problem yourself by entering manual bridge lines. The difference in this bridge lines, relative to the default ones, is that the front= option is different.

snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=foursquare.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn`
snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=foursquare.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn

If you use Orbot, you may be able to fix the problem by selecting the Built-in snowflake (AMP) option.

On Tor Browser, you can also activate AMP cache rendezvous, but only by entering manual bridge lines:

snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net/ ampcache=https://cdn.ampproject.org/ front=www.google.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net/ ampcache=https://cdn.ampproject.org/ front=www.google.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn

We are interested in hearing from you if any of these workarounds helped.

More information

• https://lists.torproject.org/pipermail/anti-censorship-team/2023-September/000314.html
• http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-09-21-15.57.log.html#l-77
• https://bugs.torproject.org/tpo/applications/tor-browser/42120
• https://github.com/net4people/bbs/issues/197 (not the same problem, but the same workarounds apply)

[IrradiatedKiwi]

Sorry about this. I didn't notice the bug report before posting. Since it is not a GFW problem.This issue can be deleted.

[wkrp]

It's no problem. Even though this turned out not to be GFW blocking, let's leave this issue open for the front domain rendezvous problem. Reports, so far, say that the workarounds suggested in the post will work. You can also now try the new Tor Browser 13.0a5, which has a workaround installed. https://blog.torproject.org/new-alpha-release-tor-browser-130a5/ https://www.torproject.org/download/alpha/

[wkrp]

And now it's in the stable release 12.5.5 as well. https://blog.torproject.org/new-release-tor-browser-1255/ https://www.torproject.org/download/

[UjuiUjuMandan]

So latest Tor Browser changed front domain to foursquare.com? What's the advantage of it than other domains?

Why not just use www.fastly.com?

[liuxyon]

It is indeed blocked in mainland China.

[liuxyon]

v12.5.5 Version recovery work. But the initial connection is very slow. It takes about 2 minutes to connect

[wkrp]

So latest Tor Browser changed front domain to foursquare.com? What's the advantage of it than other domains?

Why not just use www.fastly.com?

This might change further. For more background on this point:

• https://forum.torproject.org/t/tor-project-anti-censorship-team-meeting-notes-2023-09-21/9339
  • http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-09-21-15.57.log.html#l-94
• https://forum.torproject.org/t/tor-project-anti-censorship-team-meeting-notes-2023-09-28/9445
  • https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40068#note_2946614
  • https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/182

[UjuiUjuMandan]

This might change further. For more background on this point:

Randomly select between foursquare.com and github.githubassets.com？From my point of view there's nothing more than this. Or they changed domain resolving process?

[RPRX]

我这边新版的 tor browser 会被 Microsoft Defender 报毒并删除

The new version of tor browser on my side gets detected and deleted by Microsoft Defender.

[wkrp]

我这边新版的 tor browser 会被 Microsoft Defender 报毒并删除

The new version of tor browser on my side gets detected and deleted by Microsoft Defender.

It's a known issue; or at least, it's being discussed on the Tor forum. It looks like it has to do with tor.exe, nothing related to any changes with Snowflake.

https://forum.torproject.org/t/new-alpha-release-tor-browser-13-0a6-android-windows-macos-linux/9454/4

We are aware Windows Defender flags Tor.exe, part of TorBrowser. So far, nothing seems to indicate this isn’t a false positive from that antivirus. Anecdotally, 12h ago, 4 antivirus flagged it according to VirusTotal, right now, only 3 still do. If you believe it may be a virus, and the antivirus is right, you can install the 32bit version (available from this page), which seems unaffected. If you don’t believe it’s a virus, and it’s actually a false positive, you can tell Windows Defender to unquarantine Tor.exe to fix you current installation.

https://forum.torproject.org/t/new-release-tor-browser-12-5-6/9451/8

Yes, there is a problem with tor.exe (0.4.7.15) - Microsoft has flagged this as a Trojan (Win32/Malgent!MTB) and is mercilessly removing tor from both the service and the browser on their windows systems

[RPRX]

It's a known issue; or at least, it's being discussed on the Tor forum. It looks like it has to do with tor.exe, nothing related to any changes with Snowflake.

是的，只是提一下。而且新版 tor 只会卡住，没有任何报错，挺坑的。我重装了 tor 才发现是 tor.exe 被删了。

Yes, just mentioning it. And the new version of tor just gets stuck without any error reporting, kinda dumb. I reinstalled tor only to realize it was tor.exe that was deleted.