[anyfactor]

> If you switch on the Snowflake below and leave the browser tab open, a user can connect through your new proxy!

I am not even sure, if I am getting this right. If I embed an iframe in my website, traffic from Tor users will get tunneled through my user visitor's IP? How does consent works with relay.love? Does my website vistor's IP show up as TOR exit node?

[worldofmatthew]

It not an exit. But by default someone has to knowingly run the Snowflake applet but webmasters could modify the code to automatically essentially start a Tor guard in someones browser. Though, that would be very evil to abuse someones resources like that.

That example has the users consent before starting.

[KRAKRISMOTT]

That's already how many shady VPN software work. Remember if a VPN is "free", you are the product. Web scraping companies pay $$$$ for residential and mobile IPs.

[drusepth]

Friendly reminder that it's not just free VPNs that sell your data; many of the paid VPNs do also.

[bebop404]

Yes, but running a Snowflake doesn't expose your IP to the website being visited, and therefore you're safe from abuse complaints/prosecution, unlike the people who run the exit nodes.

[Fnoord]

Yeah, those proprietary VPN apps.

"If you don't control the routing, you're being routed."

To be fair, ProtonVPN allows you to export their config. It seems to be an exception to your rule.

[jeroenhd]

You can disable WebRTC in most decent browsers if you're afraid this will be abused. WebRTC can be used for worse things (like port scanning your internal network) and for great things (video calling with millisecond latency, Peertube).

However, it should be noted that this mechanism doesn't just allow remote sockets to be created through Javascript. It can only communicate with other servers that either use some version of WebRTC/WebSockets or plaintext services that ignore the extra protocol overhead as garbage and happily parse the rest (some IRC servers and WebSockets are a nice example).

As you can see in the technical overview, people use peer to peer technology to connect to your browser, which then uses WebSockets to communicate with a WebSocket server for a normal Tor entry point.

[ec109685]

What a strange thing not to require browser consent for.

[notRobot]

It asks for the user's consent.

[ec109685]

Not in safari, but maybe it wasn’t actually working.