Encrypting your internet traffic is the first step towards achieving privacy and security. How freely you can browse the web varies whether you’re using plain old HTTPS, trusting a VPN, or accessing the Tor network to stay anonymous.
But what can you do when your privacy and security measures are used against you?
Here’s how one of the Tor Project tools can help you get around strict censorship and surveillance.
The Weakness of Encrypted Web Traffic
Encrypting web traffic isn’t anything new. The majority of websites nowadays communicate using HTTPS and have a valid SSL certificate to safeguard users’ personal and financial information.
But while most encrypted communication protocols are near impenetrable, they can still be recognized and blocked. For instance, your ISP or local government can ban VPNs altogether and ban all traffic going to VPN servers. Similarly, the same is being done around the globe with traffic going through the Tor network.
The demand isn’t for users to stop using encrypted web traffic. After all, you need HTTPS to, at least, protect your login credentials, notably passwords. So instead of abandoning virtual tunneling and traffic encryption, can you simply disguise it as everyday HTTPS traffic?
What Is Obfsproxy?
Obfsproxy is a Tor subproject built to mask how online traffic looks to network monitoring tools. The name is short for “obfuscate proxy”, meaning to obscure or mask the fact that web traffic is going through a proxy.
Still, Obfsproxy isn’t just a side-project that’s added to the Onion browser. In some places, it’s essential to access and use the internet freely.
When routing your traffic through multiple endpoints, Tor uses the SSL communication protocol. By blocking SSL traffic, your government and ISP can stop you from using the Tor network. That’s exactly what happened in Iran in February 2011, preventing thousands of Iranians from using the Tor network altogether.
While one answer to masking your Tor traffic would be to use Tor over a VPN, this drastically reduces your internet speeds. Also, it’s not a viable option if you live somewhere where VPNs are either banned or under strict regulations.
Obfsproxy wraps web traffic—whether it’s SSL, VPN, or via Tor—in a layer of HTTPS encryption, making it look like everyday online activity.
How Does Obfsproxy Works?
In order to understand how Obfsproxy (or any traffic camouflage technology) works, you first need to understand what they’re up against.
Deep Packet Inspection (DPI) is a type of data processing that inspects data moving through a network. You can find such algorithms in all kinds of network monitoring tools such as Wireshark and Glasswire.
While they can’t decrypt network traffic, they are able to look at the hints data packets publicly give. This allows them to determine the type of encryption, whether it’s SSL, HTTPS, Bittorrent, or VPN.
DPIs and network monitoring tools aren’t strictly for surveillance. In some instances, these tools can take direct actions and prevent a cyberattack or stop you from connecting to a suspicious server.
You can’t entirely avoid DPIs, but you can hide your traffic in plain sight. Depending on the policy, anything from Tor to VPNs and even self-hosted proxies could be blocked. All Obfsproxy does is make your ultra-secure and anonymous browsing look like everyday web surfing.
But Can’t Obfsproxy be Detected and Blocked?
It can be tricky to add an encryption layer without a trace. But Obfsproxy is different. Its developers managed to add a wrapper around Tor’s traffic without leaving any evidence.
The handshake used in the additional obfuscation encryption has no recognizable bytes patterns. It establishes encrypted communication without alerting network monitors to changes.
Still, Obfsproxy only hides one aspect of your Tor traffic. There are still other telling data such as the timing, volume, and the data packet’s secondary characteristics that advanced DPI can still detect and block.
Where Can You Use Obfsproxy?
Obfsproxy isn’t an edit to the Tor network but a separate addition. That made it relatively easy to design and deploy on Tor without making lots of fundamental changes to it.
But that also means Tor traffic obfuscation can work in places other than Tor. For starters, if you’re into customizing your VPN connection, you can use Obfsproxy with OpenVPN and Wireguard protocols. However, you’ll need to configure Obfsproxy on both the VPN app and the server. So be prepared for a lot of complex work but with a worthy reward.
Obfsproxy was made to specifically hide Tor traffic from prying governments like China and Iran, but obfuscation technology itself goes beyond Obfsproxy.
Stunnel, for one, is an open-source obfuscation technology that’s been around since the 1990s. Similar to Obfsproxy, it can mask SSL/TLS traffic to appear like HTML. It also allows you to speak with servers that don’t natively support SSL/TLS without downgrading your encryption.
For purely evading censorship, Shadowsocks was created in 2012 to evade Chinese internet censorship and firewall. Unlike Stunnel and Obfsproxy, you can use Shadowsocks on its own without a VPN.
If you want the benefits of traffic camouflage without putting in all the work or simply don’t have the technical skills, you can go the direct route with a handful of commercial VPNs.
For example, Surfshark’s camouflage mode uses OpenVPN protocols, either TCP or UDP, to mask your traffic. The OpenVPN XOR Scramble takes a simpler approach by replacing the value of each bit of data. And while it barely affects the connection speeds, its simplicity means it’s not always effective, especially against advanced blocks.
Another option is Mullvad VPN. It works with Tor’s Obfsproxy through Wireguard protocol—although it’s slightly more expensive and technical than other VPNs on the market.
The War on Online Freedom
Whether it’s government censorship, a nosy ISP, or a streaming service, there’s always someone who doesn’t want you to encrypt your data. The need for obfuscation technology has evolved from journalists and human rights activists in certain countries to the average internet user.
Fortunately, tech companies are adapting fast. A lot of VPNs now offer built-in traffic camouflage mode and there are tons of tutorials online to help you take your privacy and security into your own hands.
Want to mask yourself and avoid being tracked on the internet? Here are some of the best ways to browse the web anonymously.
About The Author