My question is quite simple but the answer is a little difficult in my opinion:
Consider a contract for a server which has still 6 month till the end and the initial setup of a bridge is burned in one country lets call it “RI”. It is still working in a country lets call it “UR” but the usage is constantly declining. A test run of a standalone snowflake on this IP shows its still available in both countries. To make use of this server, I’d like to “recycle” it. I know a change of IP or an additional IP would be the best solution, but this is not available in all cases.
Am I putting the users in risk because the IP is already known by the censors and additionally most likely at some point the country “RI” and “UR” might exchange their “selectors”?
It seams the censors are having different block lists for UDP and TCP at the moment…
So, is it the responsibility of the user or is it my responsibility to stop providing the service, when I know it has been detected by a censor?
Do you mean risk of waiting until yet another snowflake will be allocated?
If not, there should be examples when users had problems because of trying to access censored bridges/snowflakes.
Maybe you would put the users at risk but i think it is inevitable. As far as i know there is no guarantee for any user that bridges or snowflake proxies they get aren’t known to censors already. So completely hiding your usage of tor is currently not part of the security promises tor gives.
At the moment i would try to get as much usage of the server as possible, either as bridge or as snowflake.
Maybe someday we can avoid having known bridges but then we probably need some infrastructure to notify operators when their bridge gets blocked/discovered and the community would have to move a lot faster to stay ahead of censors. Also it would be quite difficult to see when a censor knows about a bridge but doesn’t block it to find connecting users.
I don’t think you are putting the users at risk by reusing the IP. The only risk is that the censors block all the traffic to that IP so users can’t use your proxy, but most censors will let UDP traffic happen even if there was a bridge in that IP before.
I didn’t want to reply initially, because this is more of a policy question rather than a technical one.
My personal opinion: Snowflake, as a piece of censorship circumvention software, should be about censorship circumvention, and not about anonymity and hiding from the government. If it gives the user access to whatever they want to get access to, then it’s good enough. If the law enforcement finds out that you used to use Snowflake at some point, this is not a Snowflake’s concern.
Of course, providing both would be nice, but the latter should just be “nice to have” and not something that Snowflake guarantees.
With that said, if we only consider how good Snowflake is at giving you access to Tor, I do think it’s worth keeping the server up. As you said, it’s working for both Rian and Urssia, so if it’s working then it’s working.