Russia rolled out WHITELISTS and Snowflake, some Webtunnels and MORE THAN HALF OF INTERNET is complete dead and no one seems to notice!

HTTPS is practically dead because internet is hosted on 3 companies’ computers apparently. It is continuation of 16-20kb throttle that started here: [Russia] Censor has a new method of blocking · Issue #490 · net4people/bbs · GitHub on mobile providers at first which was used an excuse of (((DRONE ATTACKS))) and was complete a lie because it’s NOW EVERYWHERE IN THE COUNTRY!!!

Everything is banned unless it’s manually allowed and approved by the state, random domain fronts that snowflake uses wouldn’t work of course. WebTunnels likewise, if your bridge hosted on any of these: Cloudflare, Hetzner, OVH, Oracle, Amazon, Fastly, Akamai, Scaleway, Constant - THEN IT’S SCREWED! AS WELL AS MORE THAN HALF OF INTERNET AS WE KNOW IT!

Following is taken from this thread: Apparently, a new wave of Tor blocking is underway in Russia

Vanilla snowflake is dead. Since the whitelists, none of the cdn77 addresses used for bootstrapping work, there is not enough data since 16kb block. Logs showing connection getting stuck at 30%, no errors, just infinite keep-alive session in wireshark with origin front=any.cdn77.domain and its ip

Are there any cdn77 domains that can be used for bootstrapping that are in whitelists?

Jan 17 12:01:21.000 [notice] Managed proxy “client”: connected
Jan 17 12:01:21.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
Jan 17 12:01:22.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
Jan 17 12:01:22.000 [notice] Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
Jan 17 12:01:22.000 [notice] Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
Jan 17 12:01:22.000 [notice] Bootstrapped 30% (loading_status): Loading networkstatus consensus
Jan 17 12:01:24.000 [notice] Delaying directory fetches: No running bridges
Jan 17 12:01:32.000 [notice] new bridge descriptor ‘xxx’ 192.xxxManaged proxy “client”: trying a new proxy: sending reset packet in non-established state: state=Closed

Then it loops, gets stuck and continues being silent. I think censors don’t do 16kb block anymore, this is 0kb block now, because if on 14th I was able to wget some parts of media (around 20kb) from my website, now I get 0 bytes. Maybe it was deliberately done so low bandwidth things like snowflake or torrent trackers that use less than 16kb of data to fetch peers die as well? Is i2p bootstrap also screwed? Can someone check, my i2p runs 24/7 and I always made peer backups so never used bootstrap because of stuff like this, and yes, technically google amp cache is such backup too, but I’m talking vanilla

Does this apply to standalone Snowflake? I noticed lack of traffic and connections but still some from RU. Maybe just the keep alive stuff.

Not sure about there not being a way to bypass any of the restrictions put on some of the biggest hosting providers, but some connections are blocked to the throttling extent without any way to bypass that, I suppose.

and no one seems to notice!

Well, I made a post that seems to include these problems recently, there are plenty of comments on https://ntc.party, and on the net4people post that you linked. Does zapret help you with any kind of traffic? Especially the advanced configs.

I’d add that not only the super big providers are affected, other ones too.

It sometimes feels like you can’t expect something to work reliably. (random sites broken because of this)

Note that based on recent disclosures of data about TSPU - there are more than 1,4k of them and only they are worth an estimated $70 million dollars. “They support more than 130 Tb/s.”

well, if you find whitelisted sni from cdn77, then yeah, possibly. and dtls works after all, so snowflakes themselves will see traffic, it’s just connection never finalizes and freezes, so i’m not even sure what that webrtc traffic is really doing in wireshark, just going for no reason? like what happens at 30% bootstrap? maybe reevaluation of how snowflake works on fundamental level could be the next project for anti censorship team. someone in iran’s blackout thread on net4people mentioned that handshakes can be used to carry data, maybe make snowflake bootstrap carry peer data through handshakes tunnel since they are successful

webtunnel might have more chances of survival assuming someone hosting it does it away from major datacenters, i also heard webtunnel now has its own support for sni spoofing, which can help

The number of snowflake bridge connections has not shown any decline in recent days. There are reports on ntc.party, but they’re not very clear. There’s no reason to panic yet.

You’re confusing whitelists on mobile operators with CDN blocking on regular providers.

you are confusing whitelists on mobile operatores with CDN blocking on regular providers

@anon314893516 I still think that the problems with accessing certain hosting providers/websites/services on not-mobile internet connections are “blacklists”, not “whitelists”. Which means that the censor is manually deciding on which ASN’s should have “blocking problems“.

Are you using the latest version of Tor and lyrebird? I think the anti-censorship team modified the Snowflake bridge front a while back. So make sure you are using the latest ones: Snowflake and Conjure inaccessible due to CND77 blockage, try this workaround

Whew, isn’t that gonna be too obvious that you are doing that?

Interesting post from ntc.party

ставте dnstt. в иране ввели северную корею и dnstt доказал что только он и работает при полных белых списках. xray-core я нахрен сношу, он все равно нестабильный и постояно отваливается, то из-за dht, то из-за 16-20кб, то еще из-за каких-то mux’ов и flow’ов. РЕАЛЬНО ЗАТРАХАЛО УЖЕ. у меня даже тор сейчас стабильние чем этот ваш гребанный влесс который тут вечно хайпуют. как и на продуктах, НИКОГДА не доверяй дерьму где написано made in china. это шлак полный

The paradox is that Tor is extremely resistant to blocking. Thanks to extensive bypass methods, it’s practically impossible to block it without whitelisting. I often read complaints in the Russian-speaking community about speed and that Tor is being used by criminals. But it works, thanks to the developers. I started using this product more than 13 years ago. Even now that blocking has become irrelevant to me, it’s still a very useful tool in our world where governments increasingly want to spy on you.

First of all you should hide your DNS traffic from the ISP by using something like dnscrypt-proxy.
DNS traffic nowadays is still unencrypted by default and this makes it easy for your ISP to analyze it. dnscrypt-proxy can be configured for passing DNS queries through the Tor Network too.

Second you should use TLS SNI spoofing whenever possible.

Clear DNS traffic and TLS SNI unchanged tell your ISP clearly what hosts you are visiting.

An ISP can introduce new blocks based on data collected in the past from customers’ plaintext traffic.
So reduce plaintext traffic as much as possible.

I often read complaints in the Russian-speaking community about speed
and that Tor is being used by criminals.
I am really fed up about this attitude of “normies” towards digital
privacy tools. “Being used by criminals” generally means nothing and is
just a slogan that the government propaganda has placed in the minds of
the masses. Tor is no different than a pair of Nike shoes, or Toyota
pickup cars, in the sense that all are “being used by criminals.”

The ISPs don’t control/maintain the blocking in Russia - they “don’t configure” it, they “just install” the “black boxes” (as required by law for all ISPs) - which are centrally controlled by the censor.

As a result, the censor is probably able to directly collect the censor-DPI logs, or “attempted blocking circumvention” data.

From the user’s point of view it’s not really important who exactly blocks him/her. That wasn’t my main message. Simply assume that the ISP is forced by law.

I think what people trying to get at is that tor is more decentralized, many nodes, many people. Xray-core failure’s in its scalability. Your server relies on single point of failure that is not easy to change. To same extend you could argue i2p is more resilient to censorship than tor because it’s even more decentralized. And no I don’t confuse mobile whitelists with wired whitelists. They seem to de different, but the 16-20kb/s is now everywhere and seems like it’s only towards major hosting providers, including Cloudflare and half of internet is basically Cloudflare, it’s like banning cloudflare, but only leaving challenges.cloudflare.com as approved domain while banning the rest.

What concerned me is how little people talk about it… like people just accepted the north korea already, they don’t speak at all… it just happened over night, and… nothing

Hi everyone

I am quite new to snowflake and after trying a number of times to set up a tor relay i gave up. I down loaded snowflake and decided to try my luck.
this is a snap shot i took earlier . can anyone let me know if it look ok.

2026/01/28 10:47:08 In the last 1h0m0s, there were 102 connections. Traffic Relayed ↑ 73891 KB, ↓ 19317 KB.

there were 80 connections. Traffic Relayed ↑ 208011 KB, ↓ 49007 KB.

last 1h0m0s, there were 90 connections. Traffic Relayed ↑ 197811 KB, ↓ 57526 KB.

Looks OK to me. My snowflake puts out the same type of messages.
2026/01/28 13:45:57 In the last 1h0m0s, there were 25 completed successful connections. Traffic Relayed ↑ 54190 KB (15.05 KB/s), ↓13594 KB (3.78 KB/s)

Hi there,

if you start the proxy with -verbose you should see a line

NAT Type measurement: unknown -> unrestricted

unrestricted is what we want to see here.

Seems you’re on proxy version 2.10.x (2024-11); maybe update to latest release 2.11.0 (2025-03)?

A method for bypassing whitelists has been developed. It’s apparently based on a tunnel through the infrastructure of Russian IT companies like Yandex or VK. I haven’t yet studied this method in detail.

https://ntc.party/t/рабочий-обход-белых-списков/21884

The fact that it uses webrtc is very good sign. In an unbelievable twist of irony, censors allowed that protocol to exist in state mandated apps instead of making their own (stupidity or developers on our side?), and snowflake already uses it