I made a post on Use Snowflake in Whonix to Bypass Tor censorship
Below are the three non-trivial tasks required to integrate snowflake into Whonix. I unfortunately do not have enough time to implement all of them.
- Find an acceptable way to get snowflake binary into Whonix-gateway. Some options are:
- Transferring binary from whonix-workstation to whonix-gateway can be hacky. It is also not always secure because whonix-workstation is not always be trusted.
- Shipping TBB in whonix-gateway results in a bigger Whonix-gateway image. Users may accidentally/mistakenly use TBB in whonix-gateway, which completely defeats the purpose of Whonix.
- Enable Debian unstable repo to install snowflake: snowflake - Debian Package Tracker This is not ideal and can probably be very messy.
- Shipping snowflake binary from Whonix repo requires packaging and cost extra maintenance for Whonix developers.
- Letting user themselves download TBB in Whonix-gatway creates a chicken-egg problem: users in censored area needs snowflake to connect to the Tor network to download TBB in the first place.
I personally prefer shipping TBB in whonix-gateway, this way we can always get the latest pluggable transports shipped by TBB. We may consider using script to rm core components of the TBB to prevent users from using TBB in whonix-gateway by accident or by mistake.
-
Find an acceptable way to allow resolving
-frontdomains in whonix-gateway; or find an acceptable way to modify/etc/hosts. -
Modify tor-control-pannel/anon-connection-wizard to provide the
snowflakeoption. And keep an eye on upstream torrc changes and sync any changes to tor-control-pannel/anon-connection-wizard.