1. 15

  2. 2

    The downside of course is by publishing this work, the state censors may test and fix their own systems.

    1. 2

      The point of geneva is to automatically discover countermeasures to bypass censorship measures. This effort seems to be grounded upon the prior assumption that implementing censorship measures that don’t degrade usability so much as to render the Internet useless for the regimes’ desired uses will be more difficult to implement than it will be to find countermeasures for those measures. That doesn’t seem like a bad prior given that the underlying protocols were not designed to support censorship (or even more generally accepted controls over information such as copyright).

      Even if this simply results in censoring nations deploying geneva for testing and patching their own vulnerabilities in their censorship systems, this increases the cost to the censor (potentially significantly) which I suspect the authors would regard as win.

    2. 1

      It’s probably not that simple but shouldn’t https or TLS make DPI useless? How can they inspect something that’s encrypted?

      1. 1

        That only works until the censor installs its CA on your end device. Alternatively the censor might resort to SNI blocking, and you are out of luck.