Over the last months, I have been working on a pluggable transport protocol called "ScrambleSuit" [1, 2]. It is one---but not the only---answer to active probing as done by the Great Firewall of China. Active probing allows the GFW to detect and block vanilla as well as obfs2 Tor bridges; and perhaps also obfs3 in the future. ScrambleSuit uses a secret which is shared out-of-band. In practice, this will be a long password distributed by BridgeDB. A ScrambleSuit server only responds if the client is able to prove knowledge of the shared secret. Besides, the protocol is able to randomise its packet length distribution and inter arrival times. The protocol header understands packet padding, so it would be possible to improve traffic analysis defence in the future. While ScrambleSuit will obviously work with Tor, it is also supposed to support protocols other than Tor---as long as they understand SOCKS. This should make it possible to tunnel, e.g., VPN traffic over ScrambleSuit. Implementation-wise, the protocol is a set of Python modules for obfsproxy. The source code is now available but still under development [3]; so please don't use it on real systems just yet. There are also two open tickets which need to be resolved before ScrambleSuit can publish its shared secret to BridgeDB [4, 5]. [1] http://www.cs.kau.se/philwint/scramblesuit/ [2] https://en.wikipedia.org/wiki/A_Scanner_Darkly [3] https://gitweb.torproject.org/user/phw/scramblesuit.git [4] https://trac.torproject.org/projects/tor/ticket/8929 [5] https://trac.torproject.org/projects/tor/ticket/8979 Cheers, Philipp