Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use the snowflake bridge lines returned by the circumvention map API when using the "Ask Tor" feature #983

Open
cohosh opened this issue Sep 26, 2023 · 2 comments
Open

Use the snowflake bridge lines returned by the circumvention map API when using the "Ask Tor" feature #983

cohosh opened this issue Sep 26, 2023 · 2 comments
Assignees
@n8fr8 @tladesignz @bitmold

Comments

@cohosh
Copy link
Contributor

cohosh commented Sep 26, 2023

Orbot now provides an "Ask Tor" feature that will use the circumvention settings API at https://bridges.torproject.org/moat/circumvention/map to choose the best bridges (or lack thereof) based on a user's location.

Looking at Orbot's code for parsing circumvention map results, I noticed that while Orbot will use the suggested bridge lines if the bridge is of type "obfs4", it uses its own builtin snowflake bridge lines if the bridge type is "snowflake". This issue is to use the suggested snowflake bridge returned from the API call rather than the builtin ones.

One of the advantages of the circumvention map API is that we can update it quickly in response to censorship events without having to wait for a release cycle to update builtin bridges. If for example a uTLS fingerprint gets censored in a specific place, we can update the provided snowflake bridge lines immediately. Or, more recently we had to update snowflake bridge lines to fix a problem with the builtin domain front.

As an aside, I'm not very familiar with Kotlin and I'm curious about how the radio button selection works when iterating through the circumventionApiBridges. If only one radio button option can be selected at a time, does Orbot only select the first provided bridge in practice and not iterate through all the bridges in the list?
@n8fr8
Copy link
Member

n8fr8 commented Oct 3, 2023

Our logic for parsing the API results is basic, and just our first pass. I think we didn't realize the depth of information that could be provided if snowflake or other non obfs4 options were listed. This is good to know, and a good time for us to update that logic.

@tladesignz how does Orbot iOS handle this?

@tladesignz
Copy link
Collaborator

@tladesignz how does Orbot iOS handle this?

Until recently, Orbot Apple did the same, but because the rate of changes to Snowflake configuration increased in the recent months, I added updating the built-in configuration via the cirumvention API last week to the IPtProxyUI library, which is used in multiple apps:
tladesignz/IPtProxyUI-ios@1fab4c3

I'll release a new Orbot Apple version this week containing the changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@n8fr8 n8fr8

@tladesignz tladesignz

@bitmold bitmold

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@n8fr8 @tladesignz @bitmold @cohosh