[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #30579 [Circumvention/Snowflake]: Add more STUN servers to the default snowflake configuration in Tor Browser
#30579: Add more STUN servers to the default snowflake configuration in Tor Browser
-------------------------------------------------+-------------------------
Reporter: cohosh | Owner: cohosh
Type: defect | Status:
| needs_information
Priority: Medium | Milestone:
Component: Circumvention/Snowflake | Version:
Severity: Normal | Resolution:
Keywords: stun, anti-censorship-roadmap- | Actual Points: .3
october |
Parent ID: #31281 | Points: 1
Reviewer: | Sponsor:
| Sponsor30-can
-------------------------------------------------+-------------------------
Comment (by phw):
Replying to [comment:13 cohosh]:
> Here are some lists of public servers:
> - https://gist.github.com/zziuni/3741933
> - https://gist.github.com/mondain/b0ec1cf5f60ae726202e
> - https://www.voip-info.org/stun/
> - EmerCoin is some cryptocurrency/blockchain project that
[https://emercoin.com/en/news/global-changes-in-emercoin-blockchain-
segwit-tx-optimizer-stun-and-13-more-updates uses STUN] and they maintain
their own
[https://github.com/emercoin/emercoin/blob/8808770b98248b0174dc3d6f8c70965e13f17396/src/stun.cpp#L59
list].
[[br]]
Thanks for compiling these lists! That's very useful.
[[br]]
> I suppose there's some risk here with choosing a random service.
Snowflake clients leak their IP address to whichever server we choose.
Perhaps a better route is to have the broker perform this step over the
domain fronted connection (#25591)?
[[br]]
I'm afraid I don't have great answers but only more questions:
Assume we're using stun.foo.bar, which is owned by a third party. How easy
would it be for the operator of stun.foo.bar to tell apart snowflake
clients from the preexisting user base? I suppose the way we're making
STUN requests may set us apart from other STUN clients?
Also, what's the worst a malicious STUN server could do? Publish a list of
IP addresses of snowflake clients? Lie to the clients, so NAT traversal
won't work? Anything else? As I understand it, a censor can already do all
these things (assuming an active adversary) but granted, it's easier to do
if the censor controls the STUN server.
I think this is a good topic to discuss for next week's anti-censorship
meeting. I added it to our meeting pad.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30579#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs