vpn protocols we use here nowadays are way more advanced than this, they mimic a TLS handshake with a legitimate (non blocked site, like google.com) and looks essentially like regular https traffic to that site
it looks like they are basically impossible to detect, given the failure to block them, outside of timing attacks (seeing if a request crosses Russia's border and comes back quickly after), however that is fully mitigated by just having having the vpn "disconnect" and route traffic directly to Russian unblocked sites, which would otherwise be able to perform such a timing attack detection
pretty interesting stuff, there are several versions of this system, and even the ones that have existed for a while work pretty well
Super interesting stuff, but won't this require multiple (possible untrustworthy / adversarial parties) to abide by your protocol? Like if you don't control all the nodes in the VPN then why can't the Kremlin just enforce a blacklist at said bad node?
you do/can control all the VPN nodes in this setup (most often just a single one) since your traffic doesn't actually go through the website you're masking under
and the nature of the protocol makes it extremely difficult to detect and thus get server IP banned, i got one server banned, but after that i implemented some practices (including directly connecting to websites that are inside Russia) and it's been working fine since then
it looks like they are basically impossible to detect, given the failure to block them, outside of timing attacks (seeing if a request crosses Russia's border and comes back quickly after), however that is fully mitigated by just having having the vpn "disconnect" and route traffic directly to Russian unblocked sites, which would otherwise be able to perform such a timing attack detection
pretty interesting stuff, there are several versions of this system, and even the ones that have existed for a while work pretty well