On Thu, Sep 05, 2024 at 10:15:16PM -0400, Nathan of Guardian wrote:
On Thu, Sep 5, 2024, at 3:05 PM, David Fifield wrote:
Did something happen on 2024-08-13? Is this a new source of proxies with an implementation bug? Some kind of attack? (Against the bridge?)
We rolled out a new release of Orbot around then. Are you saying this is an issue with Snowflake proxies, not clients?
I can review more deeply tomorrow.
It is the proxy that reports the client IP address to the bridge, not the client. The "client IP address" is just the IP address of the proxy's WebRTC peer. The proxy attaches that information in a ?client_ip=X.X.X.X URL query parameter in its initial WebSocket HTTP request to the bridge.
I think it's unlikely that a change in Orbot would manifest this way. If that were the case, in the ratio N/D, the total D would stay the same, but the address-reporting fraction N would go down. (The same old bunch of proxies, except a few are malfunctioning and not reporting the address.) Whereas in this case, we have N staying the same, with D going up. Facially, that means that there are more proxies now than before, and the "new" ones are not reporting addresses.
One possibility, I suppose, is that an Orbot upgrade caused a subset of existing proxies not only to stop reporting client_ip, but also to fail connections, period. (Or fail probabilistically, perhaps.) That might cause the total number of apparent connections (D) to increase, while clients retry until they find a working proxy, keeping the number of client_ip connections (N) the same. I am not sure exactly at what point a "connection" is counted inside snowflake-server for purposes of the N/D ratio.