1

I am thinking about using shadowsocks to bypass some Internet restrictions impose by government. In order to that I need to be sure that traffic betweeen shadowsocks client and shadowsocks server encrypted because at the moment my ISP uses SNI to detect connection to blocked resources.

Searching on the Internet doesn't yield a definitive answer because some VPN providers claim that Shadowsocks traffic is not secure compared to VPN.

  • What information you need apart from what can be easily found on the home page for the project? To cite from https://shadowsocks.org/en/index.html - *"Flexible Encryption Secured with industry level encryption algorithm. Flexible to support custom algorithms."*. Sounds like encryption to me. *"some VPN providers claim"* - please add the relevant references. But in general: an **application** proxy is not a virtual private **network**. It does not secure all network traffic, only selected application traffic. – Steffen Ullrich Apr 12 '22 at 15:24
  • If you want another alternative, try using obfs4 tor bridge, or snowflake tor bridge, but this will be slower than VPN (but will get you access to major blocked resources) – dcom-launch Apr 12 '22 at 16:12

1 Answers1

1

It's encrypted? Yes, it is encrypted.

So VPN providers are lying? No, more or less.

some VPN providers claim that Shadowsocks traffic is not secure compared to VPN.

It's because they are comparing two different things. Shadowsocks is a proxy, and a VPN is, well, a VPN.

A proxy is an endpoint that you use as an intermediary to access another system. So if you configure your browser to use Shadowsocks for all traffic and for resolving DNS, everything will be sent encrypted to the Shadowsocks server before being sent to the internet. Your ISP, your government and your colleagues on the same network will not be able to see exact what you are accessing.

A VPN is a network connection. The N means network. So if your default gateway is the VPN endpoint, every connection will go thru the VPN and it will protect all applications on your system, not only the ones you configured the proxy.

So it's easier to just connect the VPN and protect everything than to have to configure a proxy server on every application. If you use only a proxy, it could be possible for you to, for example, download a PDF file that loads a remote resource, and the PDF viewer would use the default network to download it, so the traffic would not be protected by the proxy.

I would say that a VPN is more secure just for that. But if you correctly configure your client, they both have the same security. The difference will be the encryption used, not if one is proxy and the other is VPN.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
  • Thanks a lot for your response. The goal here is not to draw too much of attention. Hence, I don't want to use VPN to hide my entire traffic. I only want to hide some bits of it. – Petro Korobeyko Apr 12 '22 at 18:59