Support Snowflake bridges
Snowflake has been part of the default bridges in Tor Browser since July 2021.
Since then it became the preferred way of connecting to Tor from Iran and China. Russia still uses mostly obfs4.
As of 2024-07-23, the Circumvention Settings API, that Tor Browser uses for its "connect assist" feature, and that we should use for Support automatic bridge retrieval (#15331), returns Snowflake bridges for China, among other places: https://bridges.torproject.org/moat/circumvention/map
Adding support for Snowflake is slightly higher priority than WebTunnel.
However, note that Snowflake is known to be slow in China: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40251
More data on how Snowflake is helping against censorship around the world: https://blog.torproject.org/snowflake-daily-operations/.
User feedback
- [Tails-dev] obfs4 not work in Iran
- [Tails-dev] Please update the Snowflake Bridge and default bridge
Implementation
Backend
- Lyrebird is going to get Snowflake support, better use that rather than the older
snowflake-client? - a beginning of a prototype #5494 (comment 191609) did this:
- add Snowflake to our
ClientTransportPluginconfig - adjust the Tor Connection backend to allow entering a Snowflake bridge
- add Snowflake to our
-
snowflake-clientneeds to resolve a few domain names; isconfig/chroot_local-includes/lib/systemd/system/tor@default.service.d/50-resolv-conf-override.confenough? - allow the
debian-toruser to do everything on UDP - either test Snowflake with Chutney in our automated test suite, or using the real Tor network, or add to manual QA; expected challenges are the same as for WebTunnel, see details on Add WebTunnel support (#20267)
- update the design doc
- anything else?
UI
https://www.figma.com/board/RnTAzBfkWKbOwdZxvk5xer/Pluggable-transports
- Automatic mode
- How many PT do we want to try?
- Bridge configuration screen
- Introduce layering in the UI to accommodate for more options
- Use an accordion pattern to unfold below each radio button?
- Support different types of bridges when "Use a default bridge"
- Only applies to "automatic + configure bridge"
- Explain the different bridges to help people choose the PT that is most likely to work (in the accordion)
- Adapt "obfs4" placeholder in textarea
- Have a separate textarea for each type of bridge in an accordion?
- Makes explicit which PT we support
- Keeps solving #19169 (closed)
- Have a separate textarea for each type of bridge in an accordion?
- Introduce layering in the UI to accommodate for more options
- Error screen
- Layer email and telegram with a popup window
We only help people choose the best PT when choosing a default bridge. I think it's fine because:
- This matters most to anticensorship scenarios and people should use the "automatic mode" for that, instead of the "hiding mode".
- In the "automatic mode" people can still use a default bridge and we explain the different PTs there.
- For people who chose the "hiding mode", each bridge bot returns bridges in 1 type of bridge anyway. People are going to try whatever bridge bot is the easiest. Right now:
- Email Bot returns obfs4
- Web Bot returns webtunnel
- Telegram Bot returns obfs4
Website
- Update the end-user doc
Related UX debt
As part of the same grant, it would be great to also work on other related improvements:
- Add Telegram Bot in bridge screen
- UX debt related to bridges or troubleshooting, for example:
- Feedback on manual time sync in error screen (#20398)
- Adapt the error screen of Tor Connection to the... (#19336)
- Split the manual time sync in 2 screens (#18593)
- Timezone offset is not taken into account when ... (#18570)
- Display current time in the error screen (#18548)
- Add "Cancel" button to Tor Connection when tryi... (#18482)