What are the hidden risks of using this extension?

Crumpled6273@lemmy.ca · 8 hours

I have been using it for more than a week and now am worried about the consequences that I am not sure are true or not!

I am worried that by allowing random users to surf using my network to prevent surveillance, someone will use my address to do malicious things, and I will get into legal consequences. Also, what if many services blacklist my IP address so eventually I get a lot of restrictions in my browing experience.

Furthermore, will this extension increase my fingerprint?

Are these thoughts valid, or am I just overthinking? If anyone knows, please comment.

pineapple@lemmy.ml · 7 hours

You cannot get into legal trouble for snowflake afaik. Its only a bridge, not an exit node. This means that websites the other person visits will see the exit nodes public ip, not yours.

Running a vpn for snowflake will only slow down the other persons connection without giving you much better security.

If it helps I’ve been running snowflake on my main browser for about a year now with no issues (not saying this is definitive proof for anything though.)

pcouy@lemmy.pierre-couy.fr · 7 hours

This lets people use your computer as an entry point into the Tor network and camouflage the traffic as a video call between you and them (if the regular, publicly known, entry nodes are blocked by their ISP or gouvernement). The snowflake extension will then forward people’s traffic through the Tor network, and services they use will only see a tor exit node’s IP, not yours. As long as you trust Tor to be secure and anonymous (I personally have very high trust in its guarantees), you don’t have to worry about legal consequences or being blocked by services.

I used to run a few (public) tor relays (entry or middle nodes, not exit ones), including one from my home network and IP. Never had any issue except for one service which blocked everything that had anything to do with Tor. I reached out for their admin, who claimed Tor users can show up with any node’s IP (which they definetly can’t, only exit nodes will forward traffic to the regular internet)

PortNull@lemmy.dbzer0.com · 6 hours

https://forum.torproject.org/t/are-there-any-risks-to-running-standalone-snowflake-on-home-network-if-so-how-significant-are-they/16710/5

As others have said, you are as safe as running a non exit node

dwt@feddit.org · 7 hours

Definitely possible to get into legal consequences in Germany, because we have a law that makes you responsible for actions of strangers on your network. That’s why we front clubs /associations (not sure how to properly translate that) to take the legal risk for this.

For example freifunk e.v. http://freifunk.net/

Someone else will have to comment for the legal situation in the us though.

M1k3y@discuss.tchncs.de · 7 hours

Snowflake is different though, because you just forward encrypted traffic from users into tor. Your just a bridge from one network into another and don’t send any malicious data data to random servers. Only the exit nodes have that legal issue.

Obinice@lemmy.world · 3 hours

Functionally it may be different, but if I’m sat at a table with another user, next to a criminal gun salesman and their customer, the salesman passes me a gun, and I pass the gun to the other user, who then passes it to the customer, am I not just as guilty of facilitating that illegal exchange?

I understand that one could try to make that argument aimed at an ISP or internet infrastructure in general, but in this case the added element is that we are individuals, we know people are often using these services for illicit means, and we still choose to facilitate their use.

Honestly I don’t know if I agree with my own argument 100%, but it’s something someone could argue, and it’s worth some thought before deciding to become a part of that shadowy community. Especially knowing there’s a good chance at some point you’re a willing link in the chain for criminal activity, even if it probably can’t be traced back to you.

Hmm, food for thought I suppose.

bright_side_@piefed.world · 1 hour

I think what you’re writing is true, though that is the legal/moral part. If it is technically not possible to identify you, then the risk of legal problems is not there. If

hikaru755@lemmy.world · 5 hours

That’s a bit outdated by now, Störerhaftung doesn’t apply anymore for other people’s action on your WiFi

LurkingLuddite@piefed.social · 6 hours

Everyone is focused on the exit, when clearly there is still a vulnerability to the entrance side. If someone is identified as a bad actor, you do not want your own personal address showing up all over in the logs of who they’ve been conversing with… Regardless of what can be proven as to the nature of conversations, you will now have eyes on you.

So yes, a VPN is useful, just not for all the reasons the comments so far are addressing.

GreenShimada@lemmy.world · 7 hours

I am worried that by allowing random users to surf using my network to prevent surveillance, someone will use my address to do malicious things, and I will get into legal consequences.

Yeah. That’s not a hidden risk, that’s an up-front risk you accept by using the extension. You may want to not let it keep running while the browser is closed, which would reduce how long the connection lets others use your IP.

All extensions make a fingerprint more identifiable. This is usually only used with Tor if a Tor connection is blocked, so if you’re just using this on Chrome or stock FF, yes, it will be very unique.

You’re having valid thoughts - but what are you trying to do? Why not just use a VPN?

Voxel@feddit.uk · 3 hours

Not all browser extensions are fingerprintable, only those that do by the website measureable differences to your browsing, which Snowflake, as far as I’m aware does not.

Scipitie@lemmy.dbzer0.com · 6 hours

This would only be correct if this would be an exit node, which it isn’t.

This extension is not about personal gain but supporting people who can’t enter the your network due to their local legislation.

Your fingerprinting argument only works for exit nodes - there you’re be absolutely right though!

Crumpled6273@lemmy.ca · 6 hours

My ISP just aggressively blocking VPN and running tor network 24*7 system-wide doesn’t make sense at all. To prevent network throttling I have to disable my VPN sometimes, and I only enable it when really needed which rarely bcz tor browser exist.

cubism_pitta@lemmy.world · 6 hours

Deleted as my comment was useless.

Crumpled6273@lemmy.ca · 6 hours

What you commented? And why it’s useless?

Law Abiding VPN User@feddit.org · 7 hours

never do it without a VPN, a good one that has a long, proven track record of recording nothing

pcouy@lemmy.pierre-couy.fr · 7 hours

How/why would a VPN be useful for this ?

comrade_twisty@feddit.org · 7 hours

It’s the opposite of useful it would break snowflake. You are setting up Snowflake in the first place to give users who have to deal with VPN and IP blocks the opportunity to connect to the onion network through you - if you hide the snowflake relay behind a VPN it is useless to those users.

Law Abiding VPN User@feddit.org · 6 hours

it would prevent your internet provider from seeing the activity of other people connecting through your PC

M1k3y@discuss.tchncs.de · 6 hours

What would a vpn do for you with snowflake? Hide your IP from tor entry nodes and the bridge user. I mean sure more vpn is always great, but running snowflake without a vpn seems less bad than surfing the web without a vpn.

There are no legal risks in forwarding traffic to an entry node and your ISP knowing that you use snowflake also isnt really an issue.

Law Abiding VPN User@feddit.org · 6 hours

VPNs are commonly used by all kinds of people for mundane things. any kind of darknet kind of stuff is often associated with illegal activity and will be seen as suspicious by your internet provider

again, it can’t just be any VPN, Proton, Mullvad, Nym…and maybe iVPN if you don’t care about the number of locations you can connect through.

you also want to have a few other things open. Anything that makes additional noise in the connection. Even if you use Mullvad’s Daita feature, it’s good to have some extra noise being made while darknet-stuff is being used

oh…I skipped over the primary purpose. If they give you the third degree about using a VPN just say that you use it to keep yourself safe from crazy people online. You can’t play that plausible deniability card with things like snowflake and Tor, but you can with a VPN that’s available to average consumers