All known network obfuscation techniques can be detected and blocked with active attacks and enough traffic[0]. The overall effectiveness for each method is based on the theoretical difficulty to distinguish the "obfuscated traffic" from "normal traffic" and the practical detection and blocking of the "obfuscated traffic" flows in practice around the world.
These techniques have working, well-tested implementations with many users.
| Protocol | Approach | *TPR | *FPR | Effectiveness | Notes |
|---|---|---|---|---|---|
| Obfs4 | Randomizer | 100% | 0.2% | Medium | Detectable with simple heuristics (having no fingerprint is itself a fingerprint). Relatively high false positive rate may limit censorship with known DPI techniques. Most commonly censored today by harvesting publicly available bridge IPs from Tor Project. Tor users behind GFW using obfs4 bridges provided by the Tor Project may want to use meek or find a private obfs4 bridge. It is unknown to what extent GFW actively blocks obfs4 traffic from private IPs. |
| Meek | Tunneling/Domain Fronting | 98% | 0.02% | Medium | Detectable with trained decision trees. Seems to have most success behind GFW. May have other privacy issues. |
| FTE | Mimicry | 100% | 0.003% | Low | Low/no use in Tor today, trivially detectable |
These techniques may or may not have working implementations. They require more time for assessment before being used with confidence.
| Protocol | Notes |
|---|---|
| DNS-Morph | Modification to obfs design to use DNS-based handshake |
| Snowflake | Uses temporary WebRTC proxies, similar to flash proxies but solves NAT problems |
These techniques are completely broken, depcreated in favor of a newer protocol or abandoned. They are listed for research purposes.
| Protocol | Approach | *TPR | *FPR |
|---|---|---|---|
| Obfs3 | Randomizer | 100% | 0.2% |
| ScrambleSuit | Randomizer | NA | NA |
| Dust | Randomizer | NA | NA |
| SkypeMorph | Mimicry | NA | NA |
| StegoTorus | Mimicry | NA | NA |
* True-positive (TPR) and false-positive (FPR) rates of detection are based on data set from [0]