I am thinking about using shadowsocks to bypass some Internet restrictions impose by government. In order to that I need to be sure that traffic betweeen shadowsocks client and shadowsocks server encrypted because at the moment my ISP uses SNI to detect connection to blocked resources.
Searching on the Internet doesn't yield a definitive answer because some VPN providers claim that Shadowsocks traffic is not secure compared to VPN.
It's encrypted? Yes, it is encrypted.
So VPN providers are lying? No, more or less.
some VPN providers claim that Shadowsocks traffic is not secure compared to VPN.
It's because they are comparing two different things. Shadowsocks is a proxy, and a VPN is, well, a VPN.
A proxy is an endpoint that you use as an intermediary to access another system. So if you configure your browser to use Shadowsocks for all traffic and for resolving DNS, everything will be sent encrypted to the Shadowsocks server before being sent to the internet. Your ISP, your government and your colleagues on the same network will not be able to see exact what you are accessing.
A VPN is a network connection. The N means network. So if your default gateway is the VPN endpoint, every connection will go thru the VPN and it will protect all applications on your system, not only the ones you configured the proxy.
So it's easier to just connect the VPN and protect everything than to have to configure a proxy server on every application. If you use only a proxy, it could be possible for you to, for example, download a PDF file that loads a remote resource, and the PDF viewer would use the default network to download it, so the traffic would not be protected by the proxy.
I would say that a VPN is more secure just for that. But if you correctly configure your client, they both have the same security. The difference will be the encryption used, not if one is proxy and the other is VPN.
