search

net4people / bbs

Forum for discussing Internet censorship circumvention
3.19k stars 75 forks source link

Default Snowflake bridges in Tor browser 13.0.9 is Blocked in China since around 2024-01-12 #325

Open IrradiatedKiwi opened 5 months ago

IrradiatedKiwi commented 5 months ago

Default Snowflake bridges in Tor browser 13.0.8 stopped working properly in China since around 2024-01-12.

It is overlapping with the 2024 Taiwanese presidential election.I am not sure if it is some kind of blockage.

Sorry I can't provide more data here since my network is unstable.If anyone has the same problem are will to provide more data.I thank you in advance.

@wkrp I sent you detailed report by email,you can share this to tor devs as long as the permission in Summary file is respected.

gusgustavo commented 5 months ago

Hi, thanks for reporting this issue. Could you try these bridge lines?

Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=foursquare.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
Bridge snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=foursquare.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
IrradiatedKiwi commented 5 months ago

@gusgustavo Hi thanks for reply

But maybe you didn't notice my tor browser version is the lastest stable 13.0.8.

Those bridges you provided are already the same of the built-in bridge i have.I copied tthe whole lines you provided nonetheless,and they still don't work.

Because I am not comfortable sharing some sensentive data in public domian so I sent a more detailed report to wkrp and gave permission to share it with tor dev as long as DON'T post my wireshark caputre on any public place such as internet,public mail list,research papper ,forums and so on.

please you might ask @wkrp for the report via secure mail if you really are one of the tor dev.

one thing i forgot to mention is that I tried to change the fronts with several other domains and they didn't work either.

Sorry for trouble you both and thanks again for trying to help.

IrradiatedKiwi commented 5 months ago

Updated tor browser to 13.0.9.Problem with snowflake still persist for now.

wkrp commented 5 months ago

The anti-censorship team looked into this report a little. The cause is uncertain. The logs show STUN, rendezvous, and DTLS connection establishment working correctly, but apparently not much data is transferred over the DTLS connection before it is closed.

http://meetbot.debian.net/tor-meeting/2024/tor-meeting.2024-01-25-15.58.log.html#l-18

IrradiatedKiwi commented 4 months ago

Hello,Since it has been more than a month and Snowflake is still not working for me,I think it is safe to say that China has indeed blocked snowflake.

I changed the title of this issue and I'd like to update with some more info in order to help you.Also i see you updated the papper:

https://github.com/net4people/bbs/issues/296

I hope the additional infos might be help you with the paper too.

IrradiatedKiwi commented 4 months ago

Tor gitlab bridge status shows lots of 10% since the block.

Reference link:

https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/bridgestatus/-/blob/main/recentResult_cnnext

And I believe the rare 100% that shows in the test might be the same situation like mine: the 100% snowflake connection actually doesn't indicate a true success.In my case even if bootstrap is done.Internet still won't work.As the problem wkrp mentioned:

The anti-censorship team looked into this report a little. The cause is uncertain. The logs show STUN, rendezvous, and DTLS connection establishment working correctly, but apparently not much data is transferred over the DTLS connection before it is closed.

Also even if the 100% connection works,it won't last long.Like within minutes the connection with the dtls server will be lost and snowflake wil attempt to find a new working server,which always unlikely to be successful.

Since the block I occassionally tested the default snowflake in Tor Browser and this kind error seems still persist.So there is little doubt that this is a block by GFW.

IrradiatedKiwi commented 4 months ago

I did a ping and nmap scan to one of the dtls server that shows in the failed attempt of snowflake connection. I am not expertise in networking,the nmap command i got is one i search online.And I didn't dare to do more complicated nmap to the target dtls server for security reason.Also I don't want accidentally makes the server thinks that i am trying to attack them.so i don't know if they are helpful or not.But i tried to do so in hope to provide some help.

my ping command was

ping -c 20 xxx.xxx.xxx.xxx

ping result:

20 packets transmitted, 20 received, 0% packet loss

my nmap command was nmap -Pn -p1000-10000 xxx.xxx.xxx.xxx

partial result shows that the port for tor seems open and reachable in the dtls server:

xxxx/tcp open tor-orport

both ping and nmap scan seems normal and the target dtls seem reachable?I don't know what is the Voodoo here.

I changed this post because i did something wrong and didn't realize back then. The followings are the new test result to dtls server.

ping result:

ping -c 20 xxx.xxx.xxx.xxx

20 packets transmitted, 20 received, 0% packet loss

port scan result:

nmap -pxxxxx(Port saw in wireshark from the dtls server) xxx.xxx.xxx.xxx

Nmap scan report for xxx.xxx.xxx.xxx Host is up (0.22s latency).

PORT STATE SERVICE xxxxx/tcp closed unknown

nmap -PN -pxxxxx(Port saw in wireshark from the dtls server) xxx.xxx.xxx.xxx

Nmap scan report for xxx.xxx.xxx.xxx Host is up (0.19s latency).

PORT STATE SERVICE xxxxx/tcp closed unknown

IrradiatedKiwi commented 4 months ago

I'd like to propose a test i think that might yield some more meaningful results

Step 1: set up a vantage point A in China and a new dtls server B outside China for testing.

Step 2: Connect A and B with genuine WebRTC and gather the data of the connection

Step 3: Connect A and B with snowflake and gather data of the connection.

Step 4: If step 3 triggered Block Connect A and B with genuine webRTC again and gather data

Then compare and analyze those data.

Some question might be asked for the test like: 1.How is the genuine webRTC connection doing between the new A and B before blocking? 2.Will snowflake connection work between the new A and B? 3.If the New A and B works,For how long and how well would it work?and how soon the block would be triggered?and how long the block last? 4.After B is blocked,will the genuine between A and B webRTC work? and how well if it works?

I apologize that i can not do such test myself because i am not expertise in such matters. This test is just my unprofessional suggestion.

IrradiatedKiwi commented 4 months ago

@gusgustavo @wkrp

That is all I can do for now,I hope those can be helpful to you. Thank you again for helping me with this issue.

wkrp commented 4 months ago

I really appreciate your continued attention and feedback. Your suggestion for an experiment is a good one. The problem is we haven't been able to reproduce the reported blocking, and the bridge metrics don't show any notable change in China. I asked another volunteer in China to do some tests, and they reported they didn't have any trouble connecting to Snowflake. We don't know what is going on.

There is a patch at https://github.com/net4people/bbs/issues/255#issuecomment-1566227484 that alters the traffic signature of the beginning of the connection. It would be interesting to know if it works for you.

From the recent tor meterics,there is also a indication of blocking: Reference link:

https://metrics.torproject.org/userstats-relay-country.html?start=2023-11-18&end=2024-02-16&country=cn&events=on

BTW, that graph is the "directly connecting users" only. It doesn't count Snowflake users, bridge users, or any other pluggable transport. To see Snowflake users, you need the "bridge users by country and transport" graph:

https://metrics.torproject.org/userstats-bridge-combined.html?start=2023-12-20&end=2024-02-24&country=cn

Bridge users by transport from China

For precise numbers in a CSV, see the https://gitlab.torproject.org/dcf/snowflake-graphs repository, particularly the cn rows in userstats-bridge-combined-multi.csv.

IrradiatedKiwi commented 4 months ago

Thank you for the reply,

Sorry for the wrong chart. Also my port scan was wrong.I changed it and hope it could give some more infomation. I don't have the expertises,so i just tried my best.

The problem for me is real though.My Torbrowser is 13.0.10 now and i even tried alpha.But the problem for me still remains.

liuxyon commented 4 months ago

I use China Telecom network, It is indeed impossible to connect to the network

2024-02-25 03:01:22.837 [NOTICE] Opening Socks listener on 127.0.0.1:9150 2024-02-25 03:01:22.837 [NOTICE] Opened Socks listener connection (ready) on 127.0.0.1:9150 2024-02-25 03:01:23.737 [WARN] Managed proxy "N/A" process terminated with status code 0 2024-02-25 03:01:24.760 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport 2024-02-25 03:01:24.778 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport 2024-02-25 03:01:24.781 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay 2024-02-25 03:01:25.751 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:01:27.888 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:01:30.746 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:01:33.739 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:01:37.756 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:01:38.749 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:01:39.746 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:01:43.749 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:01:48.737 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:01:49.751 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:01:50.743 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:01:50.743 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:01:51.382 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:02:00.754 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:02:01.726 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:02:01.871 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:02:03.741 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:02:05.742 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:02:07.750 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:02:13.751 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:02:13.751 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:02:17.752 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:02:22.743 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:02:23.741 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:02:24.738 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker failure timed out waiting for answer! 2024-02-25 03:02:25.749 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:02:26.052 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:02:33.747 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:02:36.137 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:02:36.730 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:02:37.727 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:02:38.746 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:02:39.728 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:02:47.742 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:02:49.749 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:02:52.748 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:02:55.292 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:02:56.295 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:03:05.362 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker failure timed out waiting for answer! 2024-02-25 03:03:05.747 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:03:06.359 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:03:06.360 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:03:11.364 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:03:13.369 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:03:16.404 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:03:17.413 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:03:18.413 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:03:23.437 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:03:28.505 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:03:28.505 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:03:29.512 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:03:30.529 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:03:34.554 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:03:40.614 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:03:41.623 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:03:44.644 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:03:49.679 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:03:49.679 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:03:57.734 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:03:59.755 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:03:59.755 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:04:00.745 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:04:07.741 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:04:10.740 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:04:11.750 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:04:12.740 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:04:18.740 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:04:22.989 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker failure timed out waiting for answer! 2024-02-25 03:04:23.740 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:04:28.742 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:04:29.037 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:04:33.744 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:04:39.136 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:04:39.737 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:04:45.179 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker failure timed out waiting for answer! 2024-02-25 03:04:50.234 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:04:50.749 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker failure timed out waiting for answer! 2024-02-25 03:04:51.233 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:05:01.310 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker failure timed out waiting for answer! 2024-02-25 03:05:02.309 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker failure timed out waiting for answer! 2024-02-25 03:05:02.741 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:05:03.335 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:05:06.349 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:05:09.339 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:05:13.363 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:05:13.750 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:05:15.369 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:05:19.407 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:05:24.439 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:05:25.437 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": trying a new proxy: timeout waiting for DataChannel.OnOpen 2024-02-25 03:05:26.432 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": offer created 2024-02-25 03:05:28.738 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received 2024-02-25 03:05:30.467 [NOTICE] Managed proxy "TorBrowser\Tor\PluggableTransports\snowflake-client.exe": broker rendezvous peer received

IrradiatedKiwi commented 4 months ago

and the bridge metrics don't show any notable change in China

I have a different view about this.

BTW, that graph is the "directly connecting users" only. It doesn't count Snowflake users, bridge users, or any other pluggable transport. To see Snowflake users, you need the "bridge users by country and transport" graph:

https://metrics.torproject.org/userstats-bridge-combined.html?start=2023-12-20&end=2024-02-24&country=cn

Bridge users by transport from China

Base on this graph,there is a trend of decreasing snowflake user since mid-late January. Two lowest point are shown in mid-late January and late Feburary respectively. And since the middle of Feburary, the decreasing of snowflake user is more obivious while meek users are increasing. Only until recently snowflake users starts to increase.

I think this is quite a significant change considering how few Tor users there are in China.

Only until recently snowflake users starts to increase.

I also tried snowflake yesterday and it start working barely.I guess that explains the recent increase of snowflake users.

But I had to wait quite a long time for the snowflake be able to establish usable connection.Like 30 minutes or more. By usable i mean that i can actually browse websites with snowflake instead of always getting time out and snowflake start to search for new dtls server. However the connection,even if stays working,is not really ideal.Most working dtls servers are unstable and slow.they also prone to be disconnected.The connection quality is quite low compares to the connections before this issue.

It is unfortunate (or fortunate for users ?) that the problem might not be reproduced. My wild guess is that gfw might be able block some common dtls servers somehow.Maybe just like how they block bridges from bridgedb? Some kind of collecter operated by human/bots? I don't know what is the voodoo here neither. Perphas it does have some relation with https://github.com/net4people/bbs/issues/255 ?

wkrp commented 4 months ago

@liuxyon, what about you? Do you have any change since 2024-02-26? Did you also have problems with Snowflake starting in January?

Perphas it does have some relation with https://github.com/net4people/bbs/issues/255 ?

Yes, that's my best guess so far, some kind of traffic analysis fingerprinting.

@liuxyon, there's an updated version of the padding patch from #255 in the branch https://gitlab.torproject.org/dcf/snowflake/-/tree/handshake-padding, if you want to try it.

IrradiatedKiwi commented 4 months ago

any change since 2024-02-26

I wish to make it more clearly,

I also tried snowflake yesterday and it start working barely.I guess that explains the recent increase of snowflake users.

Although my snowflake is not 100% blocked since then.It still works very BAD. The succuess rate is very low and performance is worse than meek.