I would like to raise a small concern about the Snowflake standalone Docker setup guide:
https://community.torproject.org/relay/setup/snowflake/standalone/docker/
First of all, thank you to everyone who worked on making Snowflake deployment this simple. The guide is very accessible and makes it easy for volunteers to contribute resources to the network.
However, while reading the instructions I noticed a few points that might deserve additional clarification from a security perspective, especially for operators who follow a “never trust the infrastructure” mindset.
The guide currently suggests downloading the compose file directly from the main branch and running it immediately:
wget https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/raw/main/docker-compose.yml
docker compose up -d
This means the configuration is executed without any verification step (for example a signature, checksum, or pinned commit). Since the file is retrieved from the moving “main” branch, its contents could change at any time. For operators who are used to verifying Tor downloads via signing keys, this feels a bit unusual.
A related point is that the container image appears to be referenced via a mutable tag (e.g. “latest”). That also means the exact code that runs on the system may change over time without the operator explicitly noticing it. Some administrators prefer pinning container images to a digest so that the deployment is reproducible.
The optional Watchtower setup also introduces an automatic update path with access to the Docker socket. While convenient, this creates a very powerful update mechanism that might deserve a short discussion of the trade-offs.
None of these points necessarily mean the setup is insecure. They are mostly about transparency and reproducibility. For example, it might help operators if the documentation mentioned one or more of the following:
- how the container images are built and verified
- whether image signing is used in the Tor container registry
- whether operators should pin images to digests for reproducible deployments
- whether a signed or versioned compose file exists for releases
Tor software itself has a strong tradition of verifiable builds and signing keys, which is why I was a little surprised not to see similar guidance in this Docker setup.
I am mainly posting this as a question and suggestion for clarification. If there are existing verification mechanisms or best practices for the Snowflake container images, it would be great if they could be documented in the guide.
Thanks again for all the work on Snowflake and for making it easy for volunteers to contribute bandwidth to the network.