How stable/reliable is a hidden service over snowflake (or obfs4 bridge)?

There is a lot of effort to make sure the right to read information freely in a way that avoids censorship can happen using snowflake. I was curious from a technical perspective how stable/reliable hosting a tor hidden service would be over snowflake, or put another way, the right to author information freely in a way that avoids censorship. This would apply to obfs4 bridges as well I suppose, though I am focusing on snowflake due to individual snowflake bridges on average being shorter lived and more ephemeral than obfs4 bridges.

I would have tested it myself, but considering how important snowflake is for accessing information, I would prefer not to negatively impact anything unintentionally by doing something wrong.

My overall question: How stable or reliable is a hidden service over snowflake?

This depends from quality of relays and how much data they can let you use ?


I’m uncertain about the feasability of your goal with snowflake or obsf4 so I’ll leave it to others to comment.

Meanwhile, have you considered running a server with Briar or Cwtch? One of them might be suitable depending on what sort of hidden service you’d like to host.

Well, it really depends on what you want to achieve. Is it about having a more anonymous onion service?

Although there are 100k Snowflake proxies, there is only one snowflake bridge flakey. If that bridge goes down, attackers can correlate this event with your onion service downtime/uptime. Then, after discovering this, it wouldn’t require a lot of steps to de-anonymize your onion service.

1 Like

Thank you for this technical info, especially stating how a server could potentially be de-anonymized.

In terms of what I’m trying to achieve, I can already make onion services, as my ISP doesn’t block the tor network, so this isn’t about a thing I want to do.

I was mostly curious as to how “one sided” in terms of reading vs authoring snowflake’s infrastructure was. I have been seeing a lot of information about how to access the tor network in areas that are heavily censored, but hadn’t seen anything on how to host information in a hidden service in areas that are heavily censored.

The main reason I was curious was because I can only visualize the snowflake bridge as a bottleneck before the tor network (I don’t mean bottleneck in a bad or throttling sort of way) which seems much better suited for people to retrieve information through rather than host information through.

Right, so, heavily censored regions can also means heavily surveilled. And hosting onion services or sharing files using data centers located in these regions could be very risky. In this case I can see how onion services and pluggable transports like obfs4 and snowflake can be a very powerful combination to protect against surveillance and to circumvent censorship, especially because you don’t need a static IP address to host your onion service.
Hosting temporary static website or sharing files using ephemeral onion services with OnionShare can be an interesting use case here.