circumvention·corpus
/

2026-wkrp-snowflake-targeted-dtls-filtering

Snowflake-targeted DTLS filtering in Russia, starting 2026-03-30

@wkrp, @kad09, @cohosh, @theodorsm · net4people/bbs · 2026

canonical link →

Abstract

Russian censors began blocking Snowflake (Tor's WebRTC-based pluggable transport) on 2026-03-30 by detecting and filtering DTLS ClientHello messages with specific JA3/JA4 fingerprints. Snowflake bandwidth data shows ~99% success before March 30 dropping to near-total failure for standard proxies. Community analysis demonstrates that randomizing DTLS ClientHello via covert-dtls library (under development by Tor Anti-Censorship team) bypasses the filter.

Team notes

Auto-ingested via corpus-crawl. Tags proposed by Claude Haiku 4.5; review and tighten before relying. Critical blocking development: demonstrates DTLS fingerprinting (JA3/JA4) as viable censor technique. covert-dtls defense underway but requires proxy adoption; iptproxy integration pending.

Tags

censors
ru
techniques
tls-fingerprint
defenses
webrtc-pluggablerandomization
method
measurement-study

findings extracted from this paper

related papers