Hacker News new | past | comments | ask | show | jobs | submit login

While not usual for places like coffee shops, i've seen cruises and hotels do DPI since probably a sizable amount of revenue can be generated from fast wifi access or by unblocking all sites.



Yep that is always an issue. Not sure how a hypothetical QUIC tunnel would avoid that, though. Would appreciate any info you can provide on mitigating deep packet inspection blocking techniques.


I've been tempted to write a quick-and-dirty websocket tunnel for quite some time. Let's see how they DPI any of that without breaking anything else.


Why not just use an HTTP CONNECT proxy running over HTTPS?


You could do that? Well, you probably could.

But there are some "proactive" DPIs that make a request themselves before letting you through. Would this protect against that? It's easy to set up a regular web server that would serve what everyone would see as an ordinary personal website, except when you make a request to a secret URL.


You could require authentication (and as other posters pointed out, make sure to spoof any wrong authentications for maximum deniability).

It is also simple to serve some pages over HTTP alongside the proxy functionality so that the server appears to be a typical web server. Just turn on mod_proxy_connect in addition to your existing httpd configuration if you use Apache for example.

I use this method on my domains, although I've never tried using it from within e.g. China




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: