Snowflake (Transport)

Snowflake is a pluggable transport that tunnels blocked but lawful traffic through short-lived volunteer proxies running inside ordinary web browsers, using WebRTC so the connection resembles an everyday peer-to-peer video or voice call. Because countless volunteers spin proxies up and down constantly, there is no stable list of addresses for a censor to enumerate and block.

Three moving parts

The system has a client, a broker, and many ephemeral browser proxies. Volunteers visit a page or install an extension that turns their browser into a temporary proxy. A central broker matches a censored client to an available volunteer, after which the two establish a direct WebRTC data channel. The client's traffic then rides that channel out to the wider network.

Why it is hard to block

WebRTC is the same technology behind mainstream video conferencing, so blanket-blocking it carries heavy collateral damage. The matchmaking step uses a censorship-resistant signaling path (historically via domain fronting), and the proxies themselves are disposable and ever-changing. This combination of a moving target and dual-use traffic makes Snowflake resilient even where static proxies are quickly discovered.

For the signaling technique behind the broker and the protocol Snowflake hides within, see the domain fronting and traffic obfuscation glossary entries.