Definition
Snowflake is a pluggable transport that tunnels blocked but lawful traffic through short-lived volunteer proxies running inside ordinary web browsers, using WebRTC so the connection resembles an everyday peer-to-peer video or voice call. Its name captures the design: each volunteer proxy is a snowflake — small, unique, and ephemeral. Because countless volunteers spin proxies up and down constantly, there is no stable list of addresses for a censor to enumerate and block, which is exactly the weakness that kills static proxy systems.
Snowflake's lineage explains its shape. Earlier circumvention generations each taught a lesson: static private proxies taught that fixed addresses get enumerated and blocked; centralized fronted tunnels taught that routing everything through one cloud choke point is expensive and revocable. Snowflake's designers answered both at once by making the proxy layer radically plural and radically cheap — if a proxy costs nothing to run and nothing to lose, then blocking proxies stops being a winning strategy, because the population regenerates faster than any blocklist can track. It is the circumvention arms race resolved not by hiding better in one place, but by existing briefly in ten thousand places at once.
Three moving parts
The system has a client, a broker, and a swarm of ephemeral browser proxies. Volunteers in uncensored regions visit a web page or install a browser extension that quietly turns their browser into a temporary relay — no server administration, no port forwarding, no technical skill required; closing the tab ends the shift. When a censored client needs a connection, it contacts a central broker, which performs matchmaking: pairing the client with a currently available volunteer. The two then establish a direct WebRTC data channel, and the client's traffic rides that channel out to the wider network, onward to its destination. The volunteer sees only encrypted bytes in transit — not their content, and not what the user is doing.
Why it is hard to block
Three properties compound. First, the proxy population is huge, ever-changing, and made of residential IP addresses — blocklisting them is chasing weather. Second, the traffic is protocol-camouflaged: WebRTC is the same technology behind mainstream video conferencing, so a censor cannot blanket-block it without breaking video calls for everyone, an example of the collateral-freedom principle where circumvention shelters behind traffic too valuable to sacrifice. Even deep packet inspection struggles here, because a Snowflake session and a legitimate call look structurally alike, though censors keep probing for subtler fingerprints in the connection-setup handshakes. Third, the matchmaking step is itself hardened: the broker is reached through censorship-resistant signaling channels — historically domain fronting, since broadened to related fronting techniques — so the rendezvous is as hard to cut off as the tunnels.
Honest limits
Snowflake buys reachability, not speed — traffic bounced through a stranger's browser adds latency and rides whatever uplink the volunteer happens to have, and when a volunteer closes the tab, the client must be matched to a fresh proxy. It is engineered for availability under blocking, and it proved that design in practice: during national-scale censorship events, Snowflake usage has repeatedly surged as one of the few paths that kept working while conventional VPN protocols were being fingerprinted and dropped.
Why it belongs in this glossary
Snowflake is also a beautiful piece of decentralization engineering, and the parallel to Bitcoin's ethos is direct: resilience comes not from one hardened fortress but from thousands of small, voluntary, easily replaced participants — the same logic that makes a network of home nodes and garage miners harder to shut down than any datacenter. It demonstrates lawful-privacy infrastructure as a volunteer commons: an ordinary person with a browser tab can help someone elsewhere reach uncensored information, at near-zero cost and risk. For the signaling technique behind the broker and the broader discipline Snowflake belongs to, see the domain fronting and traffic obfuscation entries, and compare obfs4 for the look-like-nothing alternative approach.
In Simple Terms
Snowflake is a pluggable transport that tunnels blocked but lawful traffic through short-lived volunteer proxies running inside ordinary web browsers, using WebRTC so the connection…
