This is the first blog post of a series where I put down the history and my thoughts on some proxy protocols. This series is dedicated to the server “Foci’s Corner”, because it’s semi-requested by one of its members. Thank you for your support!
– Doodle Huang
“Speech that Enables Speech” – that is how the EFF (Electronic Frontier Foundation) describes the technology that starts a new era of bypassing internet censorship, which has since been led by the open-source community!
Using a VPN connection with protocols like PPTP, L2TP, Cisco IPSec or OpenVPN was the most popular way of accessing the wider internet in China. However, these protocols were originally designed for enterprise scenarios, so not only are they quite slow for browsing the web, but also establish communications so “formally” (i.e. with predictable headers) that the Great Firewall could easily detect and block servers used to bypass it. So the censor was clearly on the winning side because VPN servers could stop working even if they were not leaked.
But just as many were about to give up on this cat-and-mouse game, a programmer decided to share a solution to this problem which had been “working stably for more than a year”, the entire time he kept this to himself. He admitted that the encryption method was simple, but “enough to fool the GFW.”
The programmer is clowwindy and his solution is Shadowsocks, an encrypted equivalent of SOCKS proxy. Although the protocol has long been detected and blocked by the GFW, it is still used in other countries that somehow believe in internet censorship and begin implementing it.
So what makes Shadowsocks different from traditional VPNs? My answer, which might surprise you, is simplicity. From an ISP’s perspective, data transmitted between server and client is completely random so it blends into normal internet traffic. Also, the fact that it is not a full-fledged VPN protocol also makes it easier to be deployed because there is no need to deal with routing tables or IP forwarding. This created what I believe is one of the largest informal sector in China – the private proxy server industry. To get around censorship, proxy servers are usually called “梯子” (“ladders”) and a service provider is called “机场” (“airport”). Apart from more modern protocols being used, the industry is in fact barely different from what it used to be when every service providers were using Shadowsocks.
The popularity Shadowsocks got proved that it was not your typical open-source project to be listed on a CV. On one day in 2015, clowwindy was paid a visit by the police and erased Shadowsocks’ repository under pressure. He expressed his simple wish:
I hope one day I’ll live in a country where I have freedom to write any code I like without fearing.
– clowwindy, 22/8/2015
Clowwindy did not include anything about politics in his “speech”, yet he was threatened to remove it simply because the codes he wrote opened the gateway to other voices which were otherwise unheard. This incident marked the beginning of the decades-long crackdown on censorship circumvention technologies.
Rest assured, clowwindy moved to America and has since been alive and well there. He stopped developing Shadowsocks altogether after that incident, but the open-source community has since picked it up. Deep down, I have always quietly admired the hero who stood up against censorship and kickstarted the open-source community around it.
(To be continued …)