[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #30579 [Circumvention/Snowflake]: Add more STUN servers to the default snowflake configuration in Tor Browser
#30579: Add more STUN servers to the default snowflake configuration in Tor Browser
-------------------------------------------------+-------------------------
Reporter: cohosh | Owner: cohosh
Type: defect | Status:
| needs_information
Priority: Medium | Milestone:
Component: Circumvention/Snowflake | Version:
Severity: Normal | Resolution:
Keywords: stun, anti-censorship-roadmap- | Actual Points:
october |
Parent ID: #31281 | Points: 1
Reviewer: | Sponsor:
| Sponsor30-can
-------------------------------------------------+-------------------------
Changes (by cohosh):
* status: assigned => needs_information
Comment:
Here are some lists of public servers:
- https://gist.github.com/zziuni/3741933
- https://gist.github.com/mondain/b0ec1cf5f60ae726202e
- https://www.voip-info.org/stun/
- EmerCoin is some cryptocurrency/blockchain project that
[https://emercoin.com/en/news/global-changes-in-emercoin-blockchain-
segwit-tx-optimizer-stun-and-13-more-updates uses STUN] and they maintain
their own
[https://github.com/emercoin/emercoin/blob/8808770b98248b0174dc3d6f8c70965e13f17396/src/stun.cpp#L59
list].
Some possibly useful candidates:
- `stun.services.mozilla.org`
Mozilla's stun server is an obvious candidate, but I just checked it and
it appears to not be working. I found this ticket while investigating:
https://bugzilla.mozilla.org/show_bug.cgi?id=1143827
- `stun.gotye.com.cn`
This appears to work. Looks like a new video/messaging/gaming service.
See http://www.gotye.com.cn/
- `stun.stunprotocol.org`
Idk, it's a .org domain and it works.
The most useful list seems to be from the
[https://github.com/emercoin/emercoin/blob/8808770b98248b0174dc3d6f8c70965e13f17396/src/stun.cpp#L59
coin project]. I'd suggest referencing it again in the future and looking
at STUN servers with TLDs in whichever region has blocked the ones we
currently have in Snowflake (I
[https://web.archive.org/web/20191120211855/https://github.com/emercoin/emercoin/blob/8808770b98248b0174dc3d6f8c70965e13f17396/src/stun.cpp
saved a current snapshot] at archive.org just in case)
I suppose there's some risk here with choosing a random service. Snowflake
clients leak their IP address to whichever server we choose. Perhaps a
better route is to have the broker perform this step over the domain
fronted connection (#25591)?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30579#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs