hi @cjd I was watching the PKT project and wondering how useful it would be for bypassing the deep packet inspection censorship that Russian gov started rolling out recently?
This suggests that cjdns and Wireguard handshake are completely opaque binary traffic:
https://crypto.pkt.cash/updates/cjdns-version-22-with-wireguard-based-encryption-pt-1/
No plaintext strings is important advantage as DPI specifically uses TLS SNI for target domain detection and blocking. How about entry points, directory servers and other potentially blockable resources?
@kravietz
This is quite tricky because "completely opaque binary traffic" is actually a liability, I mean if you're a dictator you're not going to say "I don't know what this is so I'd better let it pass", you're going to say "I don't know what this is so I'm going to block it"
So anti-DPI gets really complicated. One thing that PKT has going for it is bandwidth-hard proof of work, which creates monetary incentive to move data around the internet. This at least changes the dynamic a bit.
@kravietz
So you start blocking PacketCrypt data flows and it's just like before, except instead of a bunch of volunteers trying to write obfuscators (e.g. obsf-proxy), you have professional crypto miners with a commercial interest in figuring out how to get around that block.
Maybe they obfuscate, maybe they bounce, maybe they pay a tip to their friend at the telco to "mess up" the firewall config. Point is that when finance gets involved there is actually a possibility to make things happen.
@cjd Precisely, that's why I think that's a viable solution :)
On the other hand, the commercial aspect is a bit of a liability too in such countries - it's one thing to be a part of a "network of honest but naive volunteers" trying to circumvent censorship, and another to "run a money-making circumvention used by paedophiles and terrorists". That's unavoidably how state media will present it π
@kravietz
They'll tell you it's about money but I think the reality is it's about impact... i.e. as long as you're not really doing anything, nobody cares.
@cjd
Oh, I haven't mentioned Roscomnadzor also enforced compliance of ~10 major VPN vendors operating in Russia earlier this year by basically threatening them to be blocked if they don't comply. But they are all pretty traditional OpenVPN-based with static IP entry points, so easy to block. So a P2P dynamic VPN like PKT with Yggdrasil suddenly becomes an attractive option.