Thanks for taking the time to read it and write comments.
Higher-level suggestions
the nationwide protests in Iran that started on 2022-09-21
To be precise, the Mahsa Amini protests actually started a few days earlier, with internet censorship to follow.
That’s fair. It makes sense to distinguish the start of protests from the start of increased Snowflake use. I’ve made the change.
Maybe it makes sense to say that the paper describes the current state of the Snowflake software, and some things might change in the future without affecting the general concept of Snowflake.
Maybe, though I think that point is understood in a systems paper like this. Maybe more constructively, it would help to delineate or at least think about what are the essential elements of Snowflake. For me, that’s WebRTC and the ability to run a proxy in a browser. Any circumvention system could be transformed into any other by a series of incremental changes; but such an extreme level of abstraction isn’t helpful for modeling. It’s more helpful, I think, to draw a line and explain the advantages and disadvantages of a bundle of design decisions.
Long ago, what would later become Snowflake was envisioned as an extension to flash proxy, swapping WebRTC for WebSocket. In a sense, that’s not incorrect. But it makes more sense to think of flash proxy as one system, and Snowflake as a distinct but related system. Snowflake occupies a certain place in the ontological hierarchy; it’s not trying to be a vessel for all possible circumvention ideas.
I don’t know if this is practiced, but can’t links to the relevant issues on GitLab be added, especially in the “blocking attempts” section?
I think this is probably a good idea. We (the authors) have been talking about it a bit. In the source code, there are abundant hyperlinks to references which we have relied on in making our claims. A lot of these can/should be surfaced. The best way to do it in the PDF/paper version is unfortunately probably footnotes with bare URLs (clickable in the PDF version, at least). We’re planning to also prepare an HTML web page version of the paper, where we can make such references more usefully and unobtrusively in the form of sidenotes or ordinary hyperlinks. Compare the footnotes in the PDF version and the sidenotes in the HTML version of my recent FEP paper, for example.
Minor semantic additions/changes
I appreciate these suggestions, though I myself disagree or at least quibble with all of them, I think. Maybe the other authors will have different opinions.
The point about running in a browser is to make it possible to run a proxy with little to no friction. There may be other ways to do that—you have a good point about apps (and Orbot is the #2 source of proxies, as Figure 5 shows)—but the important dinstinction is not browser vs. app, it’s browser vs. the status quo of Tor bridges, Shadowsocks servers, SOCKS proxies, etc.: running some server software on a long-term VPS.
I think it’s important to lead with the idea that the lifetime of a client does not have to a subset of the lifetime of a proxy. That’s a central idea, and it’s hand in hand with proxies being low friction to run. There’s no stable population of a small number of long-term proxies, there’s a large and constantly changing population of unreliable proxies. This is the main argument for why the proxies are difficult to enumerate and block by their addresses. The fact that proxies can change thoughout a client’s session is one of the features that distinguishes Snowflake from uProxy and MassBrowser. It may actually be beneficial to include some measurements of how often proxies actually change in practice—I don’t think we’ve done an experiment to measure that—but more important than that is for the reader to understand that they can change.
Grammar
a person must to take a positive action
Thanks, fixed.
Despite our being able
This one is grammatical as it stands. “Our being able to confirm…” is a noun phrase.