187:. The Hosts header domain, being a proxy, would be blocked by the censor if accessed directly; fronting hides its address from the censor and allows parties to evade blocks and access it. No traffic ever reaches the front domain specified in the DNS request and SNI extension; the CDN's frontend server is the only third-party in this interaction that can decrypt the Hosts header and know the true destination of the covert request. It is possible to emulate this same behaviour with host services that don't automatically forward requests, through a "reflector" web application.
20:
53:(CDNs) used as 'domain fronts', and the protection provided by HTTPS, censors are typically unable to differentiate circumvention ("domain-fronted") traffic from overt non-fronted traffic for any given domain name. As such they are forced to either allow all traffic to the domain front—including circumvention traffic—or block the domain front entirely, which may result in expensive collateral damage and has been likened to "blocking the rest of the Internet".
1949:
64:. The standard that defines the SNI extension discourages such a mismatch but does not forbid it. Many large cloud service providers, including Amazon, Microsoft, and Google, actively prohibit domain fronting, which has limited it as a censorship bypass technique. Pressure from censors in Russia and China is thought to have contributed to these prohibitions, but domain fronting can also be used maliciously.
175:) configured to automatically fulfill a request to view/access the domain specified in the Hosts header even after finding the SNI extension to have a different domain. This behaviour was and is not universal across hosting providers; there are services that validate if the same domain is used in the different layers of an HTTP request. A variation of the usual domain fronting technique, known as
399:
was structured. When requested to comment they said domain fronting had "never been a supported feature" and that the changes made were long-planned upgrades. Amazon claimed fronting was "already handled as a breach of AWS Terms of
Service" and implemented a set of changes that prohibited the obfuscation that allowed sites to masquerade as and use CloudFront domains of other websites as fronts.
429:, Google management came to question whether they wanted to act as a front for sites and services entire nation states wanted to block as domain fronting gained popular attention with apps like Signal implementing it. He called using fronting in a circumvention tool "now largely non-viable" in the countries it was needed. It is, however, still used by some services, such as Tor and Lantern.
1959:
398:
In April 2018, Google and Amazon both disabled domain fronting from their content delivery services by removing the idiosyncrasies in redirect schemes that allowed fronting to happen. Google broke domain fronting by removing the ability to use 'google.com' as a front domain by changing how their CDN
355:
The endurance of domain fronting as a method for censorship circumvention has been attributed to the expensive collateral damage of blocking. To block domain fronting, one must block all traffic to and from the fronts (CDNs and large providers), which by design are often relied on by countless other
190:
As a general rule, web services only forward requests to their own customers' domains, not arbitrary ones. It is necessary then for the blocked domains, that use domain fronting, to also be hosted by the same large provider as the innocuous sites they will be using as a front in their HTTPS requests
182:
If the request to access the Hosts header domain succeeds, to the censor or third parties monitoring connections, it appears that the CDN has internally forwarded the request to an uninteresting page within its network; this is the final connection they typically monitor. In circumvention scenarios,
152:
Due to encryption of the HTTPS hosts header by the HTTPS protocol, circumvention traffic is indistinguishable from 'legitimate' (non-fronted) traffic. Implementations of domain fronting supplement HTTPS with using large content delivery networks (such as various large CDNs) as their front domains,
156:
When
Telegram was blocked in April 2018 following a court ruling in Russia through ISP-blocking of the CDNs Telegram used as a front to evade blocks on its own IP addresses, 15.8 million IP addresses associated with Google and Amazon's CDN were blocked collaterally. This resulted in a large scale
120:
In a domain-fronted HTTPS request, one domain appears on the “outside” of an HTTPS request in plain text—in the DNS request and SNI extension—which will be what the client wants to pretend they are targeting in the connection establishment and is the one that is visible to censors, while a covert
215:
hosted in the same cloud, internet servers reading the plaintext address will forward the request to the correct recipient, the cloud. The cloud server will then negotiate an encrypted connection, ignore the unencrypted address, and deliver the message to the (different) address sent over the
211:: who is connecting to whom and when and how much they are communicating. A variant of domain fronting, domain hiding, passes an encrypted request for one resource (say, a website), concealed behind an unencrypted (plaintext) request for another resource. If both resources have their
153:
which are relied on by large parts of the web for functionality. To block the circumvention traffic, a censor will have to outright block the front domain. Blocking popular content delivery networks is economically, politically, and diplomatically infeasible for most censors.
67:
A newer variant of domain fronting, domain hiding, passes an encrypted request for one resource (say, a website), concealed behind an unencrypted (plaintext) request for another resource whose DNS records are stored in the same cloud. It has much the same effect.
347:, has been observed to have used domain fronting to discreetly gain unauthorised access to systems by pretending to be legitimate traffic from CDNs. Their technique used the meek plugin—developed by the Tor Project for its anonymity network—to avoid detection.
387:
was also affected. Initially
Microsoft (whose cloud is needed for Microsoft cloud services and live updates, among other things) did not follow, but in March 2021, Microsoft announced an intention of banning domain fronting in the
375:
servers. This blocked many unrelated web services (such as banking websites and mobile apps) that used content from the Google and Amazon clouds. It did not succeed in blocking
Telegram. The ban and blocks began on April 13, 2018.
1475:
248:, a secure messaging service, deployed domain fronting in builds of their apps from 2016 to 2018 to bypass blocks of direct connections to their servers from Egypt, Oman, Qatar and the United Arab Emirates.
1468:
1461:
1170:
529:
85:
The basis for domain fronting is using different domain names at different layers of communication with the servers (that supports multiple target domains; i.e.
1263:
422:
Digital rights advocates have commented that the move undermines people's ability to access and transmit information freely and securely in repressive states.
1059:
216:
encrypted channel. A third party spying on the connection can only read the plaintext, and is thus misled as to what resource the requester is connecting to.
1124:
121:
domain appears on the “inside”—in the HTTPS Host header, invisible to the censor under HTTPS encryption—which would be the actual target of the connection.
1189:
1420:
42:
to discreetly connect to a different target domain than that which is discernable to third parties monitoring the requests and connections.
169:
Domain fronting works with CDNs as—when served with two different domains in one request—they are (or historically speaking—they were; see
1380:
1484:
1326:
379:
On April 14, 2018, Google silently blocked domain fronting in their cloud, and on April 27, Amazon announced they were blocking it.
31:
1354:
1312:
886:
1288:
1097:
1003:
320:
Domain fronting has been used by private, and state-sponsored individuals and groups to cover their tracks and discreetly launch
1037:
596:
204:
549:
757:
1753:
443:
283:
1963:
1988:
97:(CDN). CDNs are used due to idiosyncrasies in how they route traffic and requests, which is what allows fronting to work.
1340:
929:
260:
uses an implementation of domain fronting called 'meek' in its official web browser to bypass blocks to the Tor network.
1993:
1953:
1824:
1504:
207:, and the actual content sent between them is encrypted. This conceals the content of the communication, but not the
1152:
623:
1983:
1559:
1116:
1628:
953:
905:"Open Whisper Systems >> Blog >> Doodles, stickers, and censorship circumvention for Signal Android"
407:
Various publications speculated that the effort by both Google and Amazon was in part due to pressure from the
203:) have an unencrypted initial message, where the requesting client contacts the server. Server and client then
200:
161:
for major banks, retail chains, and numerous websites; the manner of blocking was criticised for incompetence.
94:
90:
86:
50:
360:
drew the analogy that to block one domain fronted site you "have to block the rest of the
Internet as well."
1602:
257:
572:
117:(SNI) extension, and the HTTPS Host header. Ordinarily the same domain name is listed in all three places.
1544:
1032:
245:
114:
61:
46:
1648:
1554:
1208:"#14256 (Clarify whether Cloudflare's Universal SSL thing works with meek) – Tor Bug Tracker & Wiki"
977:
69:
19:
23:
After TLS encryption is established, the HTTP header reroutes to another domain hosted on the same CDN.
1775:
1549:
1519:
1499:
416:
364:
272:
268:
1207:
787:
1732:
1453:
720:
438:
408:
234:
1421:"Google and Amazon's move to block domain fronting will hurt activists under repressive regimes"
135:# but allowing www.google.com, a censor may be trivially bypassed using a domain-fronted request
904:
1607:
1509:
712:
523:
492:
468:
426:
357:
1448:
702:
372:
1814:
515:
389:
129:# the www.youtube.com webpage, which it is able to fetch and display. Here www.youtube.com
686:
Fifield, David; Lan, Chang; Hynes, Rod; Wegmann, Percy; Paxson, Vern (15 February 2015).
126:# wget sends a DNS query and connects to www.google.com but the HTTP Host header requests
1078:
297:
was affected, including pluggable transports obsf4, ScrambleSuite, meek, and meek_lite.
1747:
1534:
309:
158:
132:# is essentially domain-fronted by www.google.com; that is, by blocking www.youtube.com
1313:"Google ends "domain fronting," a crucial way for tools to evade censors - Access Now"
862:
1977:
1916:
1888:
1834:
1809:
1711:
1669:
1027:
687:
496:
448:
294:
1171:"Implementing Malware Command and Control Using Major CDNs and High-Traffic Domains"
651:
1932:
1633:
1597:
1587:
1579:
1524:
765:
724:
412:
337:
184:
35:
812:"Proxy: Domain Fronting, Sub-technique T1090.004 - Enterprise | MITRE ATT&CK®"
811:
1819:
1692:
1682:
1592:
321:
212:
1883:
1853:
1687:
1529:
1341:"Amazon Web Services starts blocking domain-fronting, following Google's lead"
930:"Amazon Web Services starts blocking domain-fronting, following Google's lead"
415:
blocking millions of Google and Amazon domains, in April 2018 as well, due to
380:
836:
716:
707:
1909:
1904:
1742:
1716:
1705:
1398:
1232:
1060:"Russia Bans 1.8 Million Amazon and Google IPs in Attempt to Block Telegram"
340:
305:
110:
109:
request, the destination domain name appears in three relevant places: the
1737:
1638:
887:"Google ends "domain fronting," a crucial way for tools to evade censors"
208:
1264:"Amazon blocks domain fronting, threatens to shut down Signal's account"
1863:
1858:
1843:
1759:
1698:
1677:
1447:
David
Fifield, Chang Lan, Rod Hynes, Percy Wegmann, Vern Paxson, 2015:
576:
325:
1289:"A Google update just created a big problem for anti-censorship tools"
1004:"A Google update just created a big problem for anti-censorship tools"
1781:
384:
368:
275:
as a domain front to resist attempts to block the service in Russia.
624:"Privacy 2019: Tor, Meek & The Rise And Fall Of Domain Fronting"
550:"DEF CON: New tool brings back 'domain fronting' as 'domain hiding'"
1623:
179:
fronting may work in this case, which leaves the SNI field blank.
106:
39:
18:
978:"Domain Fronting, Phishing Attacks, and What CISOs Need to Know"
57:
1457:
1946:
indicates that maintenance of the tool has been discontinued.
1848:
1355:"Amazon and Google bow to Russian censors in Telegram battle"
1098:"This is why Russia's attempts to block Telegram have failed"
1327:"Enhanced Domain Protections for Amazon CloudFront Requests"
688:"Blocking-resistant communication through domain fronting"
1117:"Russian Court Bans Telegram App After 18-Minute Hearing"
597:"U.S. Cloud Providers Face Backlash From China's Censors"
367:(a messaging app using domain fronting), by blocking all
363:
Russia faced such a problem when they attempted to block
1449:
Blocking-resistant communication through domain fronting
1190:"Securing our approach to domain fronting within Azure"
308:, a non-profit that assists users in circumventing the
1153:"Tor, Meek & The Rise And Fall Of Domain Fronting"
1925:
1897:
1876:
1833:
1802:
1795:
1768:
1725:
1668:
1661:
1616:
1577:
1570:
1492:
1381:"Russian Censor Gets Help From Amazon and Google"
788:"Russia's Telegram ban is a big, convoluted mess"
758:"The Death of Domain Fronting | What Lies Ahead?"
395:Cloudflare had disabled domain fronting in 2015.
56:Domain fronting is achieved by a mismatch of the
837:"Encrypt it or lose it: how encrypted SNI works"
681:
679:
677:
675:
673:
671:
16:Technique for Internet censorship circumvention
1021:
1019:
1017:
646:
644:
1469:
695:Proceedings on Privacy Enhancing Technologies
573:"Why You Don't Need Google's Domain Fronting"
8:
1146:
1144:
1142:
543:
541:
539:
72:is an application of the broader principle.
528:: CS1 maint: numeric names: authors list (
1799:
1665:
1574:
1476:
1462:
1454:
1257:
1255:
1253:
1233:"Domain fronting: pros and cons | NordVPN"
618:
616:
614:
612:
610:
199:Common secure internet connections (using
835:Ghedini, Alessandro (24 September 2018).
752:
750:
748:
746:
744:
742:
740:
706:
567:
565:
563:
183:the domain in the Hosts header will be a
514:Eastlake 3Rd, Donald E. (January 2011).
383:, another major cloud, also blocked it.
137:wget-q-O-https://www.google.com/--header
38:in different communication layers of an
861:Patton, Christopher (8 December 2020).
652:"doc/meek – Tor Bug Tracker & Wiki"
590:
588:
586:
484:
460:
146:'<title>.*</title>'
521:
1516:Censorship and blocking technologies
880:
878:
876:
312:, used domain fronting at one point.
7:
1958:
1115:MacFarquhar, Neil (13 April 2018).
548:Cimpanu, Catalin (August 8, 2020).
148:<title>YouTube</title>
1379:Bershidsky, Leonid (May 3, 2018).
1127:from the original on 13 April 2018
1077:Cimpanu, Catalin (June 18, 2020).
1002:Brandom, Russell (18 April 2018).
14:
1485:Internet censorship circumvention
1026:Marlinspike, Moxie (2018-05-01).
411:and its communications authority
225:Internet censorship circumvention
205:negotiate an encrypted connection
32:Internet censorship circumvention
1957:
1948:
1947:
1419:Dahir, Abdi Latif (3 May 2018).
954:"APT29 Domain Fronting With TOR"
1096:Burgess, Matt (28 April 2018).
1040:from the original on 2018-05-01
928:Brandom, Russell (2018-04-30).
885:White, Nathan (18 April 2018).
425:According to Signal's founder,
139:'Host: www.youtube.com'
1877:Physical circumvention methods
1262:Gallagher, Sean (2018-05-02).
1151:Mates, Matan (15 April 2019).
444:Telex (anti-censorship system)
170:
49:, the redirect systems of the
1:
1188:Jones, Emma (26 March 2021).
165:Leveraging request forwarding
1541:Blocks on specific websites
1505:Internet censorship in China
764:. 2018-06-11. Archived from
863:"Good-bye ESNI, hello ECH!"
2010:
786:Savov, Vlad (2018-04-17).
595:Dou, Eva; Barr, Alistair.
1941:
1629:IPv6 transition mechanism
516:"IETF RFC 6066 section 3"
87:Subject Alternative Names
51:content delivery networks
1662:Anti-censorship software
1079:"Russia unbans Telegram"
708:10.1515/popets-2015-0009
579:Project. April 24, 2018.
123:
95:content delivery network
1535:Great Firewall of China
1194:Microsoft Security Blog
733:– via De Gruyter.
601:The Wall Street Journal
1898:Relevant organizations
1617:Without a proxy server
1028:"A letter from Amazon"
497:"A letter from Amazon"
419:using them as fronts.
115:Server Name Indication
24:
1649:Refraction networking
258:Tor anonymity network
70:Refraction networking
47:security certificates
22:
1989:Secure communication
1726:Proprietary software
471:, creator of Signal.
101:Obfuscating requests
60:Host header and the
34:that uses different
1994:Internet censorship
1525:DNS cache poisoning
1520:IP address blocking
1500:Internet censorship
867:The Cloudflare Blog
841:The Cloudflare Blog
656:trac.torproject.org
273:Amazon Web Services
191:(for DNS and STI).
30:is a technique for
1803:Anonymous software
1769:Browser extensions
1287:Brandom, Russell.
1121:The New York Times
1058:Cimpanu, Catalin.
909:whispersystems.org
493:Marlinspike, Moxie
439:Collateral freedom
409:Russian government
356:web services. The
235:Lantern (software)
25:
1984:Computer security
1971:
1970:
1872:
1871:
1791:
1790:
1657:
1656:
1510:National intranet
469:Moxie Marlinspike
427:Moxie Marlinspike
358:Signal Foundation
76:Technical details
62:TLS SNI extension
45:Due to quirks in
2001:
1961:
1960:
1951:
1950:
1800:
1666:
1575:
1478:
1471:
1464:
1455:
1435:
1434:
1432:
1431:
1416:
1410:
1409:
1407:
1406:
1395:
1389:
1388:
1376:
1370:
1369:
1367:
1366:
1351:
1345:
1344:
1337:
1331:
1330:
1323:
1317:
1316:
1315:. 18 April 2018.
1309:
1303:
1302:
1300:
1299:
1284:
1278:
1277:
1275:
1274:
1259:
1248:
1247:
1245:
1244:
1229:
1223:
1222:
1220:
1218:
1204:
1198:
1197:
1185:
1179:
1178:
1175:www.cyberark.com
1167:
1161:
1160:
1148:
1137:
1136:
1134:
1132:
1112:
1106:
1105:
1093:
1087:
1086:
1074:
1068:
1067:
1064:BleepingComputer
1055:
1049:
1048:
1046:
1045:
1023:
1012:
1011:
999:
993:
992:
990:
989:
974:
968:
967:
965:
964:
950:
944:
943:
941:
940:
925:
919:
918:
916:
915:
901:
895:
894:
882:
871:
870:
858:
852:
851:
849:
847:
832:
826:
825:
823:
822:
816:attack.mitre.org
808:
802:
801:
799:
798:
783:
777:
776:
774:
773:
754:
735:
734:
732:
731:
710:
692:
683:
666:
665:
663:
662:
648:
639:
638:
636:
635:
620:
605:
604:
592:
581:
580:
569:
558:
557:
545:
534:
533:
527:
519:
511:
505:
504:
489:
472:
465:
324:and disseminate
147:
143:
140:
136:
133:
130:
127:
91:hosting provider
40:HTTPS connection
2009:
2008:
2004:
2003:
2002:
2000:
1999:
1998:
1974:
1973:
1972:
1967:
1937:
1921:
1893:
1868:
1829:
1787:
1764:
1721:
1653:
1644:Domain fronting
1612:
1566:
1560:Knowledge (XXG)
1488:
1482:
1444:
1439:
1438:
1429:
1427:
1418:
1417:
1413:
1404:
1402:
1397:
1396:
1392:
1378:
1377:
1373:
1364:
1362:
1353:
1352:
1348:
1339:
1338:
1334:
1325:
1324:
1320:
1311:
1310:
1306:
1297:
1295:
1286:
1285:
1281:
1272:
1270:
1261:
1260:
1251:
1242:
1240:
1231:
1230:
1226:
1216:
1214:
1212:Tor Bug Tracker
1206:
1205:
1201:
1187:
1186:
1182:
1169:
1168:
1164:
1150:
1149:
1140:
1130:
1128:
1114:
1113:
1109:
1095:
1094:
1090:
1076:
1075:
1071:
1057:
1056:
1052:
1043:
1041:
1025:
1024:
1015:
1001:
1000:
996:
987:
985:
976:
975:
971:
962:
960:
952:
951:
947:
938:
936:
927:
926:
922:
913:
911:
903:
902:
898:
884:
883:
874:
860:
859:
855:
845:
843:
834:
833:
829:
820:
818:
810:
809:
805:
796:
794:
785:
784:
780:
771:
769:
756:
755:
738:
729:
727:
690:
685:
684:
669:
660:
658:
650:
649:
642:
633:
631:
622:
621:
608:
594:
593:
584:
571:
570:
561:
547:
546:
537:
520:
513:
512:
508:
491:
490:
486:
481:
476:
475:
466:
462:
457:
435:
405:
390:Microsoft Azure
353:
334:
318:
303:
292:
281:
266:
254:
243:
232:
227:
222:
197:
167:
159:network outages
150:
149:
145:
141:
138:
134:
131:
128:
125:
103:
83:
78:
28:Domain fronting
17:
12:
11:
5:
2007:
2005:
1997:
1996:
1991:
1986:
1976:
1975:
1969:
1968:
1942:
1939:
1938:
1936:
1935:
1929:
1927:
1923:
1922:
1920:
1919:
1914:
1913:
1912:
1901:
1899:
1895:
1894:
1892:
1891:
1886:
1880:
1878:
1874:
1873:
1870:
1869:
1867:
1866:
1861:
1856:
1851:
1846:
1840:
1838:
1831:
1830:
1828:
1827:
1822:
1817:
1815:JAP (JonDonym)
1812:
1806:
1804:
1797:
1793:
1792:
1789:
1788:
1786:
1785:
1778:
1772:
1770:
1766:
1765:
1763:
1762:
1757:
1750:
1748:Hotspot Shield
1745:
1740:
1735:
1729:
1727:
1723:
1722:
1720:
1719:
1714:
1709:
1702:
1695:
1690:
1685:
1680:
1674:
1672:
1663:
1659:
1658:
1655:
1654:
1652:
1651:
1646:
1641:
1636:
1631:
1626:
1620:
1618:
1614:
1613:
1611:
1610:
1605:
1600:
1595:
1590:
1584:
1582:
1572:
1568:
1567:
1565:
1564:
1563:
1562:
1557:
1552:
1547:
1539:
1538:
1537:
1532:
1527:
1522:
1514:
1513:
1512:
1507:
1496:
1494:
1490:
1489:
1483:
1481:
1480:
1473:
1466:
1458:
1452:
1451:
1443:
1442:External links
1440:
1437:
1436:
1411:
1390:
1371:
1346:
1332:
1318:
1304:
1279:
1249:
1224:
1199:
1180:
1162:
1138:
1107:
1088:
1069:
1050:
1013:
994:
969:
945:
920:
896:
872:
853:
827:
803:
778:
736:
667:
640:
606:
582:
559:
535:
506:
495:(1 May 2018).
483:
482:
480:
477:
474:
473:
459:
458:
456:
453:
452:
451:
446:
441:
434:
431:
404:
401:
352:
349:
333:
330:
317:
314:
310:Great Firewall
302:
299:
291:
288:
286:was affected.
280:
277:
265:
262:
253:
250:
242:
239:
237:was affected.
231:
228:
226:
223:
221:
218:
196:
193:
166:
163:
124:
102:
99:
82:
79:
77:
74:
15:
13:
10:
9:
6:
4:
3:
2:
2006:
1995:
1992:
1990:
1987:
1985:
1982:
1981:
1979:
1966:
1965:
1956:
1955:
1945:
1940:
1934:
1931:
1930:
1928:
1924:
1918:
1917:Turkey Blocks
1915:
1911:
1908:
1907:
1906:
1903:
1902:
1900:
1896:
1890:
1889:USB dead drop
1887:
1885:
1882:
1881:
1879:
1875:
1865:
1862:
1860:
1857:
1855:
1852:
1850:
1847:
1845:
1842:
1841:
1839:
1836:
1835:Anonymous P2P
1832:
1826:
1823:
1821:
1818:
1816:
1813:
1811:
1808:
1807:
1805:
1801:
1798:
1794:
1784:
1783:
1779:
1777:
1774:
1773:
1771:
1767:
1761:
1758:
1756:
1755:
1751:
1749:
1746:
1744:
1741:
1739:
1736:
1734:
1731:
1730:
1728:
1724:
1718:
1715:
1713:
1710:
1708:
1707:
1703:
1701:
1700:
1696:
1694:
1691:
1689:
1686:
1684:
1681:
1679:
1676:
1675:
1673:
1671:
1670:Free software
1667:
1664:
1660:
1650:
1647:
1645:
1642:
1640:
1637:
1635:
1632:
1630:
1627:
1625:
1622:
1621:
1619:
1615:
1609:
1606:
1604:
1601:
1599:
1596:
1594:
1591:
1589:
1586:
1585:
1583:
1581:
1576:
1573:
1569:
1561:
1558:
1556:
1553:
1551:
1548:
1546:
1543:
1542:
1540:
1536:
1533:
1531:
1528:
1526:
1523:
1521:
1518:
1517:
1515:
1511:
1508:
1506:
1503:
1502:
1501:
1498:
1497:
1495:
1491:
1486:
1479:
1474:
1472:
1467:
1465:
1460:
1459:
1456:
1450:
1446:
1445:
1441:
1426:
1425:Quartz Africa
1422:
1415:
1412:
1400:
1394:
1391:
1386:
1382:
1375:
1372:
1360:
1356:
1350:
1347:
1343:. 2018-04-30.
1342:
1336:
1333:
1329:. 2018-04-27.
1328:
1322:
1319:
1314:
1308:
1305:
1294:
1290:
1283:
1280:
1269:
1265:
1258:
1256:
1254:
1250:
1238:
1234:
1228:
1225:
1213:
1209:
1203:
1200:
1195:
1191:
1184:
1181:
1176:
1172:
1166:
1163:
1158:
1154:
1147:
1145:
1143:
1139:
1126:
1122:
1118:
1111:
1108:
1103:
1099:
1092:
1089:
1084:
1080:
1073:
1070:
1065:
1061:
1054:
1051:
1039:
1035:
1034:
1029:
1022:
1020:
1018:
1014:
1009:
1005:
998:
995:
983:
979:
973:
970:
959:
955:
949:
946:
935:
931:
924:
921:
910:
906:
900:
897:
892:
888:
881:
879:
877:
873:
868:
864:
857:
854:
846:September 24,
842:
838:
831:
828:
817:
813:
807:
804:
793:
789:
782:
779:
768:on 2020-07-03
767:
763:
759:
753:
751:
749:
747:
745:
743:
741:
737:
726:
722:
718:
714:
709:
704:
700:
696:
689:
682:
680:
678:
676:
674:
672:
668:
657:
653:
647:
645:
641:
629:
625:
619:
617:
615:
613:
611:
607:
602:
598:
591:
589:
587:
583:
578:
574:
568:
566:
564:
560:
555:
551:
544:
542:
540:
536:
531:
525:
517:
510:
507:
502:
498:
494:
488:
485:
478:
470:
464:
461:
454:
450:
449:Encrypted SNI
447:
445:
442:
440:
437:
436:
432:
430:
428:
423:
420:
418:
414:
410:
402:
400:
396:
393:
391:
386:
382:
377:
374:
370:
366:
361:
359:
350:
348:
346:
343:, classed as
342:
339:
331:
329:
327:
323:
315:
313:
311:
307:
300:
298:
296:
289:
287:
285:
278:
276:
274:
270:
263:
261:
259:
251:
249:
247:
240:
238:
236:
229:
224:
219:
217:
214:
210:
206:
202:
195:Domain hiding
194:
192:
188:
186:
180:
178:
174:
173:
164:
162:
160:
154:
122:
118:
116:
112:
108:
100:
98:
96:
92:
89:) of a large
88:
80:
75:
73:
71:
65:
63:
59:
54:
52:
48:
43:
41:
37:
33:
29:
21:
1962:
1952:
1943:
1933:Great Cannon
1780:
1752:
1704:
1697:
1643:
1580:proxy server
1487:technologies
1428:. Retrieved
1424:
1414:
1403:. Retrieved
1393:
1384:
1374:
1363:. Retrieved
1361:. 2018-05-04
1359:Fast Company
1358:
1349:
1335:
1321:
1307:
1296:. Retrieved
1292:
1282:
1271:. Retrieved
1268:Ars Technica
1267:
1241:. Retrieved
1239:. 2019-07-12
1236:
1227:
1215:. Retrieved
1211:
1202:
1193:
1183:
1174:
1165:
1156:
1129:. Retrieved
1120:
1110:
1101:
1091:
1082:
1072:
1063:
1053:
1042:. Retrieved
1031:
1007:
997:
986:. Retrieved
984:. 2018-12-13
981:
972:
961:. Retrieved
957:
948:
937:. Retrieved
933:
923:
912:. Retrieved
908:
899:
890:
866:
856:
844:. Retrieved
840:
830:
819:. Retrieved
815:
806:
795:. Retrieved
791:
781:
770:. Retrieved
766:the original
761:
728:. Retrieved
701:(2): 46–64.
698:
694:
659:. Retrieved
655:
632:. Retrieved
630:. 2019-04-15
627:
600:
553:
509:
500:
487:
463:
424:
421:
413:Roskomnadzor
406:
397:
394:
378:
362:
354:
344:
338:hacker group
336:The Russian
335:
322:cyberattacks
319:
316:Cyberattacks
304:
293:
282:
267:
255:
244:
233:
198:
189:
181:
176:
171:
168:
155:
151:
119:
104:
84:
66:
55:
44:
36:domain names
27:
26:
1820:Flash proxy
1693:Outline VPN
1683:Shadowsocks
1593:Web proxies
1237:nordvpn.com
1157:SentinelOne
762:Finjan Blog
628:SentinelOne
252:Tor Browser
213:DNS records
1978:Categories
1884:Sneakernet
1854:StealthNet
1688:OnionShare
1571:Principles
1530:Wordfilter
1493:Background
1430:2020-09-16
1405:2018-11-14
1365:2018-05-09
1298:2018-04-19
1273:2020-09-16
1243:2020-09-16
1044:2020-09-16
988:2020-09-28
963:2020-09-28
939:2020-08-08
914:2017-01-04
891:Access Now
821:2020-09-28
797:2020-08-10
772:2020-06-30
730:2017-01-03
661:2017-01-04
634:2020-06-30
479:References
467:Quotes by
381:Cloudflare
177:domainless
172:§Disabling
113:, the TLS
1926:Reference
1910:FreeWeibo
1905:GreatFire
1825:Mixmaster
1796:Anonymity
1776:Snowflake
1743:Ultrasurf
1717:WireGuard
1706:PirateBox
1401:. Tass.ru
1385:Bloomberg
1293:The Verge
1008:The Verge
934:The Verge
792:The Verge
717:2299-0984
403:Reactions
351:Disabling
341:Cozy Bear
332:Cozy Bear
306:GreatFire
301:GreatFire
111:DNS query
1954:Category
1738:Freegate
1712:VPN Gate
1639:DNSCrypt
1545:Facebook
1131:13 April
1125:Archived
1102:Wired UK
1038:Archived
524:cite web
433:See also
417:Telegram
365:Telegram
269:Telegram
264:Telegram
209:metadata
1964:Commons
1944:Italics
1864:ZeroNet
1859:Tribler
1844:Freenet
1837:network
1760:Proxify
1733:Lantern
1699:GoAgent
1678:Psiphon
1578:With a
1555:Twitter
982:Cofense
958:FireEye
725:5626265
577:Psiphon
392:cloud.
326:malware
230:Lantern
1782:uProxy
1550:GitHub
1399:"Info"
1217:12 May
1033:Signal
723:
715:
501:Signal
385:Akamai
373:Amazon
369:Google
246:Signal
241:Signal
144:grep-o
105:In an
1754:Telex
1634:hosts
1624:HTTPS
1083:ZDNET
721:S2CID
691:(PDF)
554:ZDNET
455:Notes
345:APT29
284:Telex
279:Telex
271:used
220:Usage
185:proxy
107:HTTPS
93:or a
81:Basis
1219:2020
1133:2018
848:2018
713:ISSN
699:2015
530:link
371:and
256:The
58:HTTP
1849:I2P
1810:Tor
1608:PAC
1603:VPN
1598:SSH
1588:P2P
703:doi
295:Tor
290:Tor
201:TLS
1980::
1423:.
1383:.
1357:.
1291:.
1266:.
1252:^
1235:.
1210:.
1192:.
1173:.
1155:.
1141:^
1123:.
1119:.
1100:.
1081:.
1062:.
1036:.
1030:.
1016:^
1006:.
980:.
956:.
932:.
907:.
889:.
875:^
865:.
839:.
814:.
790:.
760:.
739:^
719:.
711:.
697:.
693:.
670:^
654:.
643:^
626:.
609:^
599:.
585:^
575:.
562:^
552:.
538:^
526:}}
522:{{
499:.
328:.
1477:e
1470:t
1463:v
1433:.
1408:.
1387:.
1368:.
1301:.
1276:.
1246:.
1221:.
1196:.
1177:.
1159:.
1135:.
1104:.
1085:.
1066:.
1047:.
1010:.
991:.
966:.
942:.
917:.
893:.
869:.
850:.
824:.
800:.
775:.
705::
664:.
637:.
603:.
556:.
532:)
518:.
503:.
142:|
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.