top | item 46762346

(no title)

e-khadem | 1 month ago

Lol. That was _before_ these new restrictions. And don't assume that you could setup a simple wireguard server and be done with it. No, it had to be a proper low fingerprint method (e.g., you had to hide the tls-in-tls timing pattern and do traffic shaping). Now, something like dnstt sometimes works, sometimes doesn't. You may be able to open gmail in 10 minutes if it does, and you explicitly have to block the fonts.

discuss

yard2010|1 month ago

Dam I feel so sorry for you :( At first I thought like gp, bypass it, then I realized you don't have the privilege to bypass it and leave trails behind. It's not like using a vpn to watch netflix of another country, as netflix won't knock on your door.

I wish you all the best. Stay safe my friend.

N19PEDL2|1 month ago

> it had to be a proper low fingerprint method (e.g., you had to hide the tls-in-tls timing pattern and do traffic shaping).

Can anyone recommend a good book, video course or other material to learn more about these topics?

e-khadem|1 month ago

FOCI papers[1] are great IMO, but some of submissions are just an academic curiosity, not a practical solution that works for the average Joe at a low cost and scale. For practical methods that are heavily used, you can take a look at popular opensource implementations and their documentation. Sing-box, Xray core, hiddify (their patches on top of xray and singbox), shadowsocks and shadowtls, and many more. ShadowTLS provides a good starting point with a fairly detailed documentation and clearly describes the development process.

The way that I see it, its not just a technical problem anymore. It's about making the methods as diverse as possible and to some extent messing up the network for everyone. In other words, we should increase the cost and the collateral damage of widespread censorship. As an anecdotal data point, the network was quite tightly controlled / monitored around 2023 in Iran and nothing worked reliably. Eventually people (ab)used the network (for example the tls fragments method) to the extent that most of the useful and unrelated websites (e.g., anything behind cloudflare, most of the Hetzner IPv4 addresses, and more) stopped working or were blocked. This was an unacceptably high collateral damage for the censors (?), so they "eased" some of the restrictions. Vless and Trojan were the same at that time and didn't work or were blocked very quickly, but they started working ~reliably again until very recently.

[1] https://www.petsymposium.org/foci/

nerdsniper|1 month ago

https://people.cs.umass.edu/~amir/papers/parrot.pdf

Here's an overview. Be warned, the conclusion is:

> We enumerate the requirements that a censorship-resistant system must satisfy to successfully mimic another protocol and conclude that “unobservability by imitation” is a fundamentally flawed approach.

haute_cuisine|1 month ago

What about SSH? Does it work? If yes, you can use some TUI browser as it would only pass updated SSH screen

breppp|1 month ago

sorry if it came out as patronizing, I was genuinely curious as to the difficulty of bypassing these