Attempt to avoid ``censorship of encrypted communication'' by China's Internet censorship ``Great Firewall''

In China, a national censorship system ` ` Great Firewall (Golden Shield) '' is deployed to monitor domestic Internet communications. The `` Great Firewall Report '', which is investigating the mechanism of the Great Firewall, analyzed the analysis results of `` censorship for encrypted communication '' that began in 2021 and devised a censorship avoidance measure.

How the Great Firewall of China Detects and Blocks Fully Encrypted Traffic
https://gfw.report/publications/usenixsecurity23/en/

Our joint work at #USENIXSecurity23 exposed & bypassed the Great Firewall of China's latest censorship weapon that can block fully encrypted traffic in real-time. This impacts popular tools with millions of users like #Shadowsocks , #VMess , and #Obfs4 . https:/ /t.co/IXp4fA9gpF https://t.co/iEuUMZn3Gb pic.twitter.com/rusvXoDXWe

— gfw.report (@gfw_report) April 28, 2023

Within China, the Great Firewall restricts access to various websites and content. Below is an article that records the situation when you actually connect to the Internet in China and ``cannot connect to Twitter or Facebook'' and ``search results related to the Tiananmen Incident are not displayed''. The article is from 2012, but the Great Firewall continues to operate even at the time of writing the article.

I have tried locally what happens when I access a website regulated by the Chinese government - GIGAZINE

In China, applications that enable free Internet communication are gaining popularity, and ' Shadowsocks ', ' VMess ', and ' obfs4 ', which can encrypt communication contents and avoid censorship, were widely used. However, in November 2021, it was confirmed that censorship by the Great Firewall extended to ``encrypted communications,'' making free use of the Internet even more difficult.

We confirm that the GFW has now been able to dynamically block any seemingly random traffic in real time. Such capability potentially affects a large set of censorship circumvention protocols, including but not limited to Shadowsocks and VMess. A detailed report is coming soon.

— gfw.report (@gfw_report) November 17, 2021

The Great Firewall Report sent and received data between China and the United States to analyze the mechanism by which the Great Firewall censors 'encrypted communications' and confirmed the response of the Great Firewall. As a result, the Great Firewall reads the ``first part of the communication data'' and determines that communication that does not meet certain conditions is encrypted by ``Shadowsocks'', ``VMess'', ``obfs4'', etc. and blocks it. It became clear.

Specifically, the Great Firewall blocks communications that do not meet any of the following conditions.
・popcount(pkt)/len(pkt)≤3.4 or popcount(pkt)/len(pkt)≥4.6
・ASCII characters whose first 6 bytes can be displayed
・ASCII characters that can display more than 50% of the data
・Consecutive 20 or more ASCII characters that can be displayed
・The protocol fingerprint of TLS or HTTPS matches

The Great Firewall Report has notified the development teams such as 'Shadowsocks', 'VMess' and 'obfs4' of the above conditions, and it is said that those encryption applications have been able to bypass the Great Firewall again.