Comment by ignoramous

3 years ago

For folks looking to bypass these rudimentary DPI blocks, you don't really need a VPN. DoH + one of these should be enough

On Windows:

- GoodbyeDPI: https://github.com/ValdikSS/GoodbyeDPI (https://ntc.party/c/community-software/goodbyedpi/8)

On Mac / Linux:

- GreenTunnel: https://github.com/SadeghHayeri/GreenTunnel (https://www.npmjs.com/package/green-tunnel)

On Android:

- Intra: https://github.com/jigsaw-code/intra (https://play.google.com/store/apps/details?id=app.intra)

- (I co-maintain this) Rethink DNS + Firewall: https://github.com/celzero/rethink-app (https://play.google.com/store/apps/details?id=com.celzero.br...)

60 comments

ignoramous

Reply
themitigating  3 years ago

How about standing up to the people who implemented the ban and their supporters. I don't understand why we are working around oppression.

  • InCityDreams  3 years ago

    ...I'll guess you've never been hit by an indian policeman with a stick? And they don't wear bodycams. My point being: your words are empty if you're not actualky there. Just imagine what happened pre-body cam (USA/ UK etc) and multiply that by many, throw in a LOT of judicial corruption and 'standing up to' becomes a little more difficult than it would at first appear. Circumnavigation may be the best option at the moment.

  • jMyles  3 years ago

    It seems to me that modifying the world so that the oppressive policy becomes irrelevant is always preferable.

    And when that's not possible, heck yeah, stand up to power with truth in hand.

  • OneLeggedCat  3 years ago

    What would be your favorite way of standing up to the people who implemented the ban and their supporters?

    • themitigating  3 years ago

      Punishing them financially through boycotts, cutting off friends and family, voting them out, and terminating their employment.

      Whatever can be done obviously

  • HideousKojima  3 years ago

    How, exactly, do you propose doing that? Do you mean hiring lawyers to try and get the court's decision reversed? Or lobbying to get legislation passed to prevent courts from being able to do things like this in the future? And if the court's decision doesn't get reversed and/or the legislation doesn't pass, what then?

melvyn2  3 years ago

OP claims it’s SNI based and not DNS based, so switching DNS providers likely won’t do anything.

  • ignoramous  3 years ago

    > OP claims it's SNI based and not DNS based, so switching DNS providers likely won’t do anything.

    All the apps listed do get past most rudimentary SNI-based blocks, incl GoodbyeDPI which is pretty sophisticated. One still needs DoH because (unencrypted) DNS is the weakest link.

hexagonwin  3 years ago

Is there a way to run one of these on the router level, using something like OpenWrt? DoH already works really well.

Ayesh  3 years ago

> On Android:

Most phones nowadays should have DoT support built-in nowadays.

  • ignoramous  3 years ago

    > Most phones nowadays should have DoT support built-in nowadays.

    DoT does help even if it can be trivially blocked (more than one way to do so, but blocking TCP on port 853 would do the trick)... DoT cannot help bypass SNI-based censorship (unless apps implement domain-fronting).

    • josephcsible  3 years ago

      > DoT does help even if it can be trivially blocked (more than one way to do so, but blocking TCP on port 853 would do the trick)...

      Indeed, and this is exactly why DoH is better than DoT.

      > DoT cannot help bypass SNI-based censorship (unless apps implement domain-fronting).

      TLS ECH will. I can't wait for it to become mainstream.