Censorship Circumvention Tools

We can divide the previously proposed circumvention systems into two main categories based upon what they primarily attempt to obfuscate: setup or usage. The setup category contains approaches that attempt to obfuscate the information about who will be communicating (e.g., IP address) and how (e.g., protocol identifiers). The usage category contains approaches that attempt to protect the usage of the approach during its employment. This entails obfuscating the user’s behaviors to make them look non-circumventing. For tools that do both forms of obfuscation, we classify it based upon which form the tool designers focused on or presented as novel.

Additionally, we can split the approaches into those that focus on polymorphism and those that focus on steganography for obfuscation. (Most use a bit of both.) Both are methods of obfuscating a feature of the traffic that an approach produces, such as packet sizes or the value of parameters in a cryptographic handshake, that could reflect a vulnerability enabling identification of the approach producing the traffic. Polymorphism is a way of spreading out behavior. Steganography is a way of looking like allowed communications.

Censorship Circumvention Tools. Rows show primary obfuscation method. Columns show the primary type of obfuscated feature. Bold denotes deployed approaches.
Polymorphism BridgeDB, Flash Proxy, VPN Gate, uProxy, CGIProxy, Ultrasurf, FreeGate, Psiphon, Lantern, GTunnel, Hotspot Shield, JAP, Your Freedom, Green SimurghMessageStreamEncryption, Obfs2, Obfs3, Obfs4, ScrambleSuit, Dust, GoHop
SteganographyCirripede, Decoy routing, Telex, GoAgent, Meek, OSS, TapDance, CloudTransport, CacheBrowser, ReboundDEFIANCE, Infranet, Identity-based Steganographic Tagging, Message in a Bottle, Trist, FOE, MailMyWeb, SkyF2F, Collage, CensorSpoofer, SkypeMorph, StegoTorus, FTE, Marionette, FreeWave, SWEET, Facade, Facet, Bit-smuggler, Castle, Rook