Hello!
To make it clear: I’m just a random dude on the internet, I’m not affiliated with the Tor Project.
I recently found out about how NLnet grants (and such grants in general) work, so I tried to request one myself. It’s the second time I write such an application. The first one is:
I submitted the application for the NGI Zero Core call, on 2024-02-01. I’ll try to post updates here. Again, I’m not expecting much, just exploring for the most part.
Below is the text of the application.
Project name
Distributed servers for Snowflake (the censorship circumvention network)
Abstract: Can you explain the whole project and its expected outcome(s).
There is an circumvention technology called Snowflake. Currently it is supported by the Tor Project and is used to access Tor in places where it is blocked.
The technology has two problems that I want to solve:
- All clients’ Snowflake traffic goes through just two hard-coded Snowflake bridges.
Not good for decentralization, availability, maintenance costs. - You cannot use the Snowflake network for anything other than gaining access to the Tor network. However, the technology itself is generic enough that you could access, say, a blocked VPN service through it.
To solve 1: Broaden the whitelist-pattern of possible addresses that Snowflake proxies can forward clients’ connections to. For more see this issue.
To solve 2: generalize the Snowflake client-proxy-server chain to a simple TCP forwarder, instead of it being a Tor-specific protocol. For more see this issue.
The current Snowflake compatibility with Tor also needs to be maintained.
Have you been involved with projects or organisations relevant to this project before? And if so, can you tell us a bit about your contributions?
I have done several minor improvements to Snowflake, totaling about 50 commits. I’m fairly familiar with the technology and the code base.
Requested Amount
€ 27 000
I estimate the first point to take about 1 month of 8-hour day work, and the second point about 2 months, with a rate of 430 EUR per such a day.
Compare your own project with existing or historical efforts
- Snowstorm was announced by the original creator of Snowflake, and it appears to go in the similar direction from the original Snowflake. But it is not clear yet what the product is actually going to turn out to be, if it’s going to be FOSS, if it’s going to be compatible with Snowflake, etc.
- “Distributed Snowflake Server Support” ticket a tremendous amount of work has been done by the Tor team to achieve the possibility of having a second Snowflake server. But we didn’t quite get to the point of anyone being able to run one, and not just for Tor.
What are significant technical challenges you expect to solve during the project, if any?
The biggest potential problem as I see it ensuring the security for Snowflake proxies. Since we want the proxies to obey clients’ requests to connect to arbitrary addresses, we need to make sure that this cannot be used for things like DDOS, or gaining unauthorized access to a proxy’s local network.
The second one is making a smooth transition from the current state of the Snowflake software to the proposed one. Millions of people depend on Snowflake, so it is hard to move fast in this environment.
Describe the ecosystem of the project, and how you will engage with relevant actors and promote the outcomes?
As was said above, the Snowflake network/technology is maintained by the Tor team, which I’m not a part of. I have not talked much about the plan of action for this idea with the Tor team, except for discussing the idea itself on the issue tracker (and the reception is not bad).
So, we might meet some resistance.
However, a “stone soup” approach can be employed, where cooperation with the Tor team is not required. We can make a separate “staging” Snowflake network for testing purposes, and then, once the Tor team is convinced that it’s working, they might accept to merge the two networks together.