We can also break down users by country. The largest contingent of Snowflake users are in Iran, which has been the case since the Mahsa Amini protests in 2022 1. The graph shows also a large number of users apparently from the United States, but we believe that may be partly the result of geolocation errors, and many of them are actually from Iran. After Iran, the countries with the most Snowflake users are Russia and China.

  • MigratingtoLemmy@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    10 months ago

    Can someone help me understand how this might be a better idea than using an SSL-VPN such as OpenVPN/SoftEther and connecting to TOR from the VPN endpoint instead of using Snowflake?

    I’d like to use my own infrastructure and am also looking for comparisons/security analysis of Snowflake

    • Pantherina@feddit.deOP
      link
      fedilink
      arrow-up
      1
      ·
      10 months ago

      The Proxy is for people that can not access the Tor network.

      For your own comfort/anonymity using a VPN is the better option.

      • MigratingtoLemmy@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        10 months ago

        If they could run their own SSL-VPNs and then access TOR through them, like I described, would there be a point in Snowflake?

        • moonpiedumplings@programming.dev
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          10 months ago

          They could. But in countries where internet access is restricted by authorities, running any more than an insignificant amount of traffic over a VPN, even protocols as stealthy as the ones that make them indistinguishable from website (http/s) traffic, can be noticable… and being noticed can get you killed.

          Snowflake, on the other hand, runs proxies to users of the snowflake browser extension, who act as entry points. It’s named so because connections are ephemeral, and last for a short time, like snowflakes. This makes it much harder to distinguish.

          It’s not only about what internet traffic, it’s also about where.

          And of course, the how is relevant too. Not many people want to spend the time to set up an ssl vpn (and multiple people using it makes it easier to spot).

          You need to understand what you’re asking when you suggest people set up their own proxy. You’re asking them to learn a skill, most likely in their free time (free time and energy they may not even have), and without many resources to learn (censored internet), and then rest their lives and livelihoods on that skill. Depending on the regime, maybe the lives of their friends and family, as well.

          Comparatively, it’s like two clicks to select snowflake as an entrypoint in the tor browser configuration options.

          • MigratingtoLemmy@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            9 months ago

            I completely understand the point about Snowflake having been created for use in such scenarios.

            Your comment raised a couple of interesting points though.

            1. If governments are able to identify SSL-VPN traffic, then the VPN technology isn’t working as expected. That’s a failing from the VPN’s side in that case. One way in which I could clearly see such traffic being compromised is by logging the hops that traffic takes, and realising that everything is going through a single point, I.e. a VPN. But if one were to use a revolving VPN, that shouldn’t be a problem in theory.
            2. My original question was more in the line of “what tech does snowflake use that distinguishes itself from SSL-VPNs in terms of masking traffic?”
            3. Since you raised the point about snowflake connections being ephemeral, I’ll assume that snowflake connections are automatically rotated across available peers without the user having to set it up? However, just like with the rest of TOR, most governments can rent a bunch of cloud infrastructure and deal with deanonymising this part of the chain too.

            And let’s be honest here: TOR isn’t exactly the most private network on the planet. It’s well known that TOR devs collaborate with the 5 eyes and have backdoors built in, alongside the American agencies having access to a lot of the traffic on TOR to be able to mathematically deduce origin and destination of traffic including up to the point of clearnet IP addresses.

        • Pantherina@feddit.deOP
          link
          fedilink
          arrow-up
          1
          ·
          10 months ago

          Snowflake works for people that may not be able to get crypto or anonymous cash per letter. How would they pay the VPN?

          • MigratingtoLemmy@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            10 months ago

            Ah, I forgot that Monero in exchange for cash might not be an option here. Apologies, you’re right. With that, I’d also like a comparison of security between these two approaches

            • Pantherina@feddit.deOP
              link
              fedilink
              arrow-up
              1
              ·
              10 months ago

              Snowflake is encrypted but I dont know with what protocol. TLS at least so at least as secure as the regular internet including all banking sites.

              Yeah, Snowflake being tied to this one use case also prevents abuse. Imagine having “free VPN ran on my Computer for the Iranians”, that would be abused like hell.