[anti-censorship-team] Future of Traffic obfusication

[Free Beer]

> Neat.

Yes, and all built with existing components.

In terms of your chart of Fri May 31 05:02:35 UTC 2019, the original Shadowsocks (SS) was at the look-like-nothing end. ShadowsocksR (SSR), by contrast, offers various experiments in protocol mimicry. Of course, as the censorship arms race escalates, you have to become more and more accurate in your mimicry.

There are mutterings on the Internet that _some_ original SS servers are now being detected. No one knows for sure what methods the Great Firewall (GFW) uses. Entropy analysis is one possibility. I see this was mentioned in your reference "Seeing through Network-Protocol Obfuscation."

Certain detection methods apply only to private servers. For example, the GFW may simply look to see whether the destination IP address belongs to one of the popular low-cost VPS providers with good latency to China. Traffic metrics may also play a part. If all of your traffic goes to one IP address, and you are the only person who sends traffic that IP address, then it sure looks like some kind of private proxy.

On the other hand, certain detection methods apply only to a public project like Tor. These include picking bridge IP addresses out of Github, and requesting new bridges by email every day for as long as it takes to enumerate them.

In both cases, we could call such methods "obfuscation agnostic." In other words, it doesn't matter how sophisticated your obfuscation techniques become. You need to think about protecting your server addresses from detection.


Sent with ProtonMail Secure Email.