Mullvad is adding QUIC, a UDP-based network protocol that keep the speed of UDP while adding the reliability of TCP, as an obfuscation technique.
A year ago, Mullvad only supported UDP over TCP obfuscation, which while working - in advanced censorship such as the GFW - was quite slow and unreliable, especially in mobile connections. The addition of Shadowsocks - a censorship evasion protocol that hides in https traffic- was a great addition for both stability and the strength of the circumvention.
Adding QUIC will enhance speed compared to Shadowsocks and stability compared to UDP over TCP.
But anyway this sounds great. Wireguard inside of QUIC is literally quick, and hopefully strong enough of an obfuscation to easily circumvent lots of firewalls and the like.
It wasnât. Shadowsocks is detectable for a long time now, and it was back when they added it. Thereâs no reason to keep it.
It doesnât work with GFW, Iran, Russia etc. Claiming that QUIC would help against advanced censors is stupid, since Iran, China and Russia all block QUIC. China doesnât do this at scale since it breaks some things, but more harsh censors do. QUIC encapsulation helps in work networks in EU and US at best.
I should add that Mullvad obfuscating connections to known, publicly listed, non-rotating servers is pure theatre. VPNs that work in China constantly rotate servers/hide behind CDNs.
I know from personal experience that UPD-over-TCP did work against GFW, about Quic I never claimed it will work against the GFW, it is best seen as a replacement for UDP over TCP
China doesnât mass block IPs for now as they still need acces to the outside world, ie they donât want to completely break connections with the outside. And I totally disagree with your caracterisation of âtheatreâ.
VPNs that work in China often proxy your traffic to a Chinese server, then connect to the outside, so zero privacy here.
Also, you donât seem to know how Chinese censors operate. They do not work on IP blocking, as this can easily be bypassed by just rotating IPs (especially with IPv6) Instead they intercept your traffic and make a dummy request to a domain they control. If the server that you connect to complies with the request, they will block it.
I already said why. The development is abandoned and it doesnât deliver on its promises.
They do block IP addresses of detected VPN servers, youâre simply uninformed. They do in fact not block cloudflare CDNs which are used for censorship circumvention, but i specifically mentioned that Mullvad doesnât implement such measures, and that their servers are publicly visible. Their servers are IP blocked in China. Thereâs no point in wasting DPI throughput on enumerated servers. This is true for all censored countries.
Both the Android and the Rust Shadowsocks client saw commits this week, with the Rust client even getting a release two weeks ago.
They probably do, but thatâs not their main way of blocking VPNs, it mainly relies on DPI and other more âflexibleâ techniques.
I can only speak from experience when I went to china for more than two weeks, in the province I was mullvad servers werenât IP blocked.
Yes, I agree, but generally speaking I would say China prefers to make it cumbersome and unreliable to access VPNs, not impossible. Because some still need to access outside for âlegitimateâ reasons (scientific research, business, etc.). Completely banning IPs mean you lose that + if IPs rotate there is some chance you block a legitimate service on this adress.
They do probably block some IPs, all I am saying is that it isnât their primary method of firewalling.