top | item 10101574

(no title)

hipaulshi | 10 years ago

For people who are not aware of this: Shadowsocks is a popular and very simple tool to circumvent Great Fire Wall in China. It is written to reduce characteristics in network traffic so that GFW cannot easily block it by deep traffic analysis. clowwindy is the original author.

discuss

bitinn|10 years ago

And to add more context: Shadowsocks isn't just a tool nowadays, it's a group of applications that target both developers and common folks.

People have built successful VPN services using Shadowsocks, and they are available on many platforms, like routers and embedded systems.

And the iOS version is more or less the author's recent efforts to build a VPN client that can run on non-jailbroken iPhone, much like Cisco AnyConnect.

I think shadowsocks' popularity as a whole concerns the chinese government, so they do their usual rooting out the leader thing: now that shadowsocks org is headless in the literal sense (no owner, no main repo), they hope its development will die out.

Coding_Cat|10 years ago

What is to stop any non-chinese person from rehosting the old code? I mean, they obviously wouldn't like it and if I was said person I'd never visit China's sphere of influence again...

njloof|10 years ago

Is this the same? http://liguangming.com/shadowrocket

verroq|10 years ago

Who is the target audience of this software and how does it work? Do non technical users set this up on a VPS provider and then connect to it? I'd imagine most developers in China would just SSH tunnel their way out.

hipaulshi|10 years ago

SSH dynamic port forwarding is no longer working for years. It is so easily picked up by GFW and minutes later it is gone together with the whole SSH connection. So does PPTP and L2TP VPN. GFW has been upgraded so many times for the past few years. The target audience is developers. The install is super simple via one line of `pip install`, the start code for daemon is also one line with the configuration inline or through <10 lines of json. On the client side the author and other contributors developed native clients that allow connection by supplying just 1 password and 1 server address. Super simple and highly reliable to this day.

jjgod|10 years ago

SSH tunnel is just too easy for the GFW to detect, it's so unstable that you cannot even browse the web with it.

Yes, setting up a VPS provider would be the most common way. There are Shadowsocks implementations that supports multiple users so that more than one person can use it simultaneously. There are also commercial solutions for Shadowsocks that you can just purchase an account instead of setting up your own server.

JonnyGreenwood|10 years ago

There are many import/export companies in China, they are also the target audience of this software. Gmail is important for them.

bitinn|10 years ago

SSH still work, but it's not designed to give a high throughput, so ideally one would not want to watch a youtube clip over SSH. And DPI can identify and kill SSH session when there are too much traffic happening over it (ie. no obfuscation is taking place to hide SSH traffic)

nialv7|10 years ago

I believe GFW doesn't do traffic analysis just yet. Otherwise shadowsocks won't stand a chance either.