By SnowleopardJ


“We shouldn’t be afraid of darkness, but learn from it, influence it with love, and make it better.”

– SnowleopardJ


▪️ Under the shadow: Gen Z to Alpha

We are in an era of change, particularly for Gen Z and Gen Alpha in China, who have grown up amidst rapid technological advancement. The GFW has profoundly shaped their experiences, not only online but in real life. Before the 1990s, the internet was a concept unfamiliar to most people, and information was primarily obtained through books, newspapers, and other traditional sources. While in today’s society, the boundary between online and in-person life has been blurred.

As more people integrate online activities into their daily routines, relying on the internet as the go-to source for information, communication, payment, and various other tasks, the GFW plays a more significant role than ever before. With the restrictions imposed on information access, Gen Z, who entered the digital world during the formative period of the internet, and Gen Alpha, whose lives are even more immersed in digital information, face unprecedented challenges. These unique obstacles to the next generation, not only limit access to educational resources and diverse perspectives, but also impede their full participation in the broader community.

🗽 Bypass censorship

With the GFW intensifying as time passes, bypassing it has become more crucial now than ever. When regular VPNs fail, we need something more than that, something that goes beyond common VPN encryption. Something like…faking our digital identity. A combination of obfuscation and traffic shaping can be particularly effective in achieving this and maintaining stability. But what exactly are those?

Ready?

Okay. Here it is, while obfuscation disguise, traffic shaping prioritize.

That’s it. Simple as that.

That’s all you need to know if you think that explains enough.

Bear with me, though, let’s get into what they really are, and how they work.

Obfuscation & Traffic shaping:

During the classic process of visiting any website, your request is sent from your home broadband, passes through your ISP, then through the GFW, and finally reaches the destination (or…maybe not). Basically, you need to go through two parts: your Internet Service Provider (ISP) and the GFW.

Let’s start with the difficult one, the GFW. Because it can “see” and analyze your traffic, that’s how blockages are possible. But isn’t it weird that the GFW can tell what services you are using in the first place if your internet traffic is encrypted? Well, people usually don’t have all their traffic encrypted, and there are still services that don’t use encryption, which makes it worse. Even when secure protocols like HTTPS are used, the traffic isn’t 100% encrypted. Specifically with HTTPS, the protocol you use while browsing websites (like you are right now), certain elements remain in plaintext, including the header, domain name, certificate information, and more. This also applies to other services, including regular VPNs. Whenever you are using a VPN, such as WireGuard, even the GFW cannot see exactly what you are browsing, it does know that you are connecting to a VPN. And that’s all it needs; simply using a VPN would make the GFW block your traffic.

Then, closer to your home broadband, comes your ISP. They have something called Quality of Service (QoS) deployed within their system. What QoS does is perform quality control on network traffic. Remember those times when you’re browsing through YouTube, playing games, or transferring files, and suddenly your connection seems off? That’s because streaming, gaming, and file transferring require either low latency or large bandwidth, which are two of many aspects that your ISP controls with their QoS. Also, remember what we just went through? The GFW can “see” your traffic. Yes, your ISP does the same. QoS affects everything passing through the network. Why only some services seem obviously downgraded while others don’t is because services like messaging and email require only small amounts of data and are not highly time-sensitive. If they were, they would also experience significant packet loss, higher latency than usual, and so on.

Now that we know your ISP and the GFW can “see” your traffic, how can we get around it? Imagine we’re in a restaurant where guests with bookings are VIPs and have high priority, while walk-in guests have limited resources. Even though we didn’t book in advance, we still wanted that VIP treatment. What can we do? Well, we can pretend to be one of those VIPs. By shaping our traffic to mimic services such as VoIP calls via allowed websites, which have higher priority on the QoS lists of your ISP and are also generally allowed by the GFW.

That’s why the first thing for a VPN made specifically for censorship circumvention is obfuscation and traffic shaping. With those features embedded, the network traffic is disguised to appear indistinguishable from normal traffic. When it passes through your ISP, it has priority, and with the GFW, it is considered as “normal” or “harmless” traffic.

🚀 In-action:

To put theory into reality, we built a proxy network based on the V2Ray protocol and deployed it across global CDN networks. Then, numerous repetitive tests were conducted between 1800 and 2300 using the proxy network on a home broadband (China Telecom: 500 Mbps Downlink / 50 Mbps Uplink) in Shanghai, China.

Timestamp: Mar 07, 2024 18:28 (UTC+0800)

Youtube speed test

Youtube speed test

Timestamp: Mar 07, 2024 20:37 (UTC+0800)

Netflix speed test

Netflix speed test

Timestamp: Mar 07, 2024 21:42 (UTC+0800)

DNS leak test

DNS leak test

Timestamp: Mar 07, 2024 21:56 (UTC+0800)

IPv6 connectivity test

IPv6 connectivity test

Timestamp: Mar 07, 2024 21:56 (UTC+0800)

IPv6 connectivity test

IPv6 connectivity test


· Subscribe / 订阅: moaz.io/index.xml

· Donate / 捐赠: moaz.io/donate

· Post your writing / 发布你的写作: Guest Essays