Comment by Kazik24
1 day ago
Applications based on QUIC and/or P2P might be an option. QUIC is designed to not be as easy to filter as TCP + TLS. But then right now it can be blocked by just blocking UDP. But if majority of the internet would use QUIC then blocking UDP would mean blocking most of the internet so the governments wouldn't be so eager do nationwide firewalls (hopefully).
Encrypted Client Hello is also a puzzle piece towards that - makes it much harder to kill TLS connections that are trying to reach specific websites. Also makes it easier to conceal proxies.
The adoption speed is critical, exactly because of what you're saying. It's easy for a wannabe authoritarian to make a decision to "just block all of ECH and QUIC traffic" if that breaks 0.8% of all traffic - but not if that breaks 80% of all traffic.
QUIC or any other technology still needs domain name and both the domain name ownership and DNS could be blocked by governments. Also IP could be blocked.
There is DNS over QUIC, and in case your current Connection ID or IP is blocked during the connection, QUIC can use multiple IPs and CIDs for single connection, and CIDs are negotiated in encrypted part of packet. It's a mechanism for migrating connection over changing networks. Servers can also take advantage of that.
Server could have multiple QUIC output nodes to migrate connection in case one of them is blocked. The output node network can be shared by many servers and DoQ endpoints so blocking it entirely would scare government.
This solution still needs to connect to some known IP in order to establish connection first. And the same goes for DoQ. To mitigate this we can use Encrypted Client Hello as other commenter mentioned and connect to a pool instead of single IP.