Shadowsocks

Last updated

Shadowsocks
Original author(s) Clowwindy
Initial release20 April 2012;11 years ago (2012-04-20) [1] [2]
Stable release(s) [±]
rust1.11.2 [3]   OOjs UI icon edit-ltr-progressive.svg / 24 July 2021; 28 November 2021; 17 December 2021; 22 March 2022; 5 April 2022; 13 March 2023; 23 September 2023; 26 November 2023;Error: first parameter cannot be parsed as a date or time. (24 July 2021; 28 November 2021; 17 December 2021; 22 March 2022; 5 April 2022; 13 March 2023; 23 September 2023; 26 November 2023)
windows4.4.1.0 [4]   OOjs UI icon edit-ltr-progressive.svg / 8 February 2022;2 years ago (8 February 2022)
android5.3.3 [5]   OOjs UI icon edit-ltr-progressive.svg / 7 February 2023;13 months ago (7 February 2023)
X-NG1.10.2 [6]   OOjs UI icon edit-ltr-progressive.svg / 29 March 2023;11 months ago (29 March 2023)
Repository
Written in Python; Rust; C#; Kotlin; Swift; Objective-C; C; Go; C++   OOjs UI icon edit-ltr-progressive.svg
Operating system Unix-like operating system
Microsoft Windows
Android
iOS   OOjs UI icon edit-ltr-progressive.svg
Type communication protocol
free software
Internet censorship circumvention   OOjs UI icon edit-ltr-progressive.svg
Website shadowsocks.org   OOjs UI icon edit-ltr-progressive.svg

Shadowsocks is a free and open-source encryption protocol project, widely used in China to circumvent Internet censorship. It was created in 2012 by a Chinese programmer named "clowwindy", and multiple implementations of the protocol have been made available since. [7] [8] Shadowsocks is not a proxy on its own, but (typically) is the client software to help connect to a third-party SOCKS5 proxy, which is similar to a Secure Shell (SSH) tunnel. Once connected, internet traffic can then be directed through the proxy. [9] Unlike an SSH tunnel, shadowsocks can also proxy User Datagram Protocol (UDP) traffic.

Contents

Takedown

On 22 August 2015, "clowwindy" announced in a GitHub thread that they had been contacted by the police and could no longer maintain the project. [10] The code of the project was subsequently branched with a removal notice. [11] [12] [13] [14] Three days later, on 25 August, another proxy application, GoAgent, also had its GitHub repository removed. [12] [13] The removal of the projects received media attention, with some speculating about a possible connection between those removals and a distributed-denial-of-service attack targeting GitHub which occurred several days later. [15] Danny O'Brien, from Electronic Frontier Foundation, published a statement on the matter. [16]

Despite the takedown, collaborators of the project have continued the development of the project.

Server implementations

The original Python implementation can still be installed using the Pip Python package manager, but the contents of its GitHub repository have been removed. [17] [18] Other server implementations include one in Go, Rust, and C using the libev event loop library; C++ with a Qt GUI; and Perl. The Go and Perl implementations are not updated regularly and may have been abandoned. [18] [19] [20] [21]

Client implementations

All of the server implementations listed above also support operating in client mode. There are also client-only implementations available for Windows (shadowsocks-win), macOS (ShadowsocksX-NG), Android (shadowsocks-android), and iOS (Wingy). [22] Many clients, including shadowsocks-win and shadowsocks-android, support redirecting all system traffic over Shadowsocks, not just applications that have been explicitly configured to do so, allowing Shadowsocks to be used similarly to a VPN. If an application doesn't support proxy servers, a proxifier can be used to redirect the application to the Shadowsocks client. Some proxifiers, such as Proxycap, support Shadowsocks directly, thus avoiding the need for a Shadowsocks client, but some require a client.

Net::Shadowsocks

Net::Shadowsocks is name of the Perl implementation of Shadowsocks protocol client and server available on CPAN. [23]

ShadowsocksR

ShadowsocksR is a fork of the original Shadowsocks project, claimed to be superior in terms of security and stability. Upon release, it was found to violate the License by not having the source code of the C# client available. [24] It was also criticized for its solution to the alleged security issues in the source project. Shadowsocks is currently under development, while development of ShadowsocksR has stopped. [25]

Similar projects

Shadowsocks is similar to The Tor Project's Pluggable Transport (PT) idea. PT makes it hard for Internet Service Providers to detect Tor traffic. They also both use a socks proxy interface. Whereas Shadowsocks is simpler, Obfs4 used in PT is more obfuscated. [26] Unlike Obfs4, Shadowsocks is not resistant to Active Probing. [27] The most similar PT to Shadowsocks is Obfs3.

See also

Related Research Articles

The Comprehensive Perl Archive Network (CPAN) is a repository of over 250,000 software modules and accompanying documentation for 39,000 distributions, written in the Perl programming language by over 12,000 contributors. CPAN can denote either the archive network or the Perl program that acts as an interface to the network and as an automated software installer. Most software on CPAN is free and open source software.

The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.

SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded. A SOCKS server accepts incoming client connection on TCP port 1080, as defined in RFC 1928.

The Invisible Internet Project (I2P) is an anonymous network layer that allows for censorship-resistant, peer-to-peer communication. Anonymous connections are achieved by encrypting the user's traffic, and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world. Given the high number of possible paths the traffic can transit, a third party watching a full connection is unlikely. The software that implements this layer is called an "I2P router", and a computer running I2P is called an "I2P node". I2P is free and open sourced, and is published under multiple licenses.

<span class="mw-page-title-main">HTTP pipelining</span>

HTTP pipelining is a feature of HTTP/1.1, which allows multiple HTTP requests to be sent over a single TCP connection without waiting for the corresponding responses. HTTP/1.1 requires servers to respond to pipelined requests correctly, with non-pipelined but valid responses even if server does not support HTTP pipelining. Despite this requirement, many legacy HTTP/1.1 servers do not support pipelining correctly, forcing most HTTP clients to not use HTTP pipelining.

<span class="mw-page-title-main">Git</span> Software for version control of files

Git is a distributed version control system that tracks changes in any set of computer files, usually used for coordinating work among programmers who are collaboratively developing source code during software development.

Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. The extension allows a server to present one of multiple possible certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. This also allows a proxy to forward client traffic to the right server during TLS/SSL handshake. The desired hostname is not encrypted in the original SNI extension, so an eavesdropper can see which site is being requested. The SNI extension was specified in 2003 in RFC 3546

In computing, SPICE is a remote-display system built for virtual environments which allows users to view a computing "desktop" environment – not only on its computer-server machine, but also from anywhere on the Internet – using a wide variety of machine architectures.

FastCGI is a binary protocol for interfacing interactive programs with a web server. It is a variation on the earlier Common Gateway Interface (CGI). FastCGI's main aim is to reduce the overhead related to interfacing between web server and CGI programs, allowing a server to handle more web page requests per unit of time.

DNSCrypt is a network protocol that authenticates and encrypts Domain Name System (DNS) traffic between the user's computer and recursive name servers. DNSCrypt wraps unmodified DNS traffic between a client and a DNS resolver in a cryptographic construction, preventing eavesdropping and forgery by a man-in-the-middle.

QUIC is a general-purpose transport layer network protocol initially designed by Jim Roskind at Google, implemented, and deployed in 2012, announced publicly in 2013 as experimentation broadened, and described at an IETF meeting. QUIC is used by more than half of all connections from the Chrome web browser to Google's servers. Microsoft Edge, Firefox, and Safari support it.

<span class="mw-page-title-main">Tox (protocol)</span> Distributed protocol for telephony and instant messaging

Tox is a peer-to-peer instant-messaging and video-calling protocol that offers end-to-end encryption. The stated goal of the project is to provide secure yet easily accessible communication for everyone. A reference implementation of the protocol is published as free and open-source software under the terms of the GNU GPL-3.0-or-later.

<span class="mw-page-title-main">Matrix (protocol)</span> Networking protocol for real-time communication and data synchronization

Matrix is an open standard and communication protocol for real-time communication. It aims to make real-time communication work seamlessly between different service providers, in the way that standard Simple Mail Transfer Protocol email currently does for store-and-forward email service, by allowing users with accounts at one communications service provider to communicate with users of a different service provider via online chat, voice over IP, and videotelephony. It therefore serves a similar purpose to protocols like XMPP, but is not based on any existing communication protocol.

GitHub has been the target of censorship from governments using methods ranging from local Internet service provider blocks, intermediary blocking using methods such as DNS hijacking and man-in-the-middle attacks, and denial-of-service attacks on GitHub's servers from countries including China, India, Iraq, Russia, and Turkey. In all of these cases, GitHub has been eventually unblocked after backlash from users and technology businesses or compliance from GitHub.

<span class="mw-page-title-main">OMEMO</span> Extension to XMPP for multi-client end-to-end encryption

OMEMO is an extension to the Extensible Messaging and Presence Protocol (XMPP) for multi-client end-to-end encryption developed by Andreas Straub. According to Straub, OMEMO uses the Double Ratchet Algorithm "to provide multi-end to multi-end encryption, allowing messages to be synchronized securely across multiple clients, even if some of them are offline". The name "OMEMO" is a recursive acronym for "OMEMO Multi-End Message and Object Encryption". It is an open standard based on the Double Ratchet Algorithm and the Personal Eventing Protocol . OMEMO offers future and forward secrecy and deniability with message synchronization and offline delivery.

The Signal Protocol is a non-federated cryptographic protocol that provides end-to-end encryption for voice and instant messaging conversations. The protocol was developed by Open Whisper Systems in 2013 and was first introduced in the open-source TextSecure app, which later became Signal. Several closed-source applications have implemented the protocol, such as WhatsApp, which is said to encrypt the conversations of "more than a billion people worldwide" or Google who provides end-to-end encryption by default to all RCS-based conversations between users of their Google Messages app for one-to-one conversations. Facebook Messenger also say they offer the protocol for optional Secret Conversations, as does Skype for its Private Conversations.

Wire is an encrypted communication and collaboration app created by Wire Swiss. It is available for iOS, Android, Windows, macOS, Linux, and web browsers such as Firefox. Wire offers a collaboration suite featuring messenger, voice calls, video calls, conference calls, file-sharing, and external collaboration – all protected by a secure end-to-end-encryption. Wire offers three solutions built on its security technology: Wire Pro – which offers Wire's collaboration feature for businesses, Wire Enterprise – includes Wire Pro capabilities with added features for large-scale or regulated organizations, and Wire Red – the on-demand crisis collaboration suite. They also offer Wire Personal, which is a secure messaging app for personal use.

The JSON Meta Application Protocol (JMAP) is a set of related open Internet Standard protocols for handling email. JMAP is implemented using JSON APIs over HTTP and has been developed as an alternative to IMAP/SMTP and proprietary email APIs such as Gmail and Outlook. Additional protocols and data models being built on top of the core of JMAP for handling contacts and calendar synchronization are meant to be potential replacements for CardDAV and CalDAV, and other support is currently in the works.

<span class="mw-page-title-main">MsQuic</span> Microsoft open source library

MsQuic is a free and open source implementation of the IETF QUIC protocol written in C that is officially supported on the Microsoft Windows, Linux, and Xbox platforms. The project also provides libraries for macOS and Android, which are unsupported. It is designed to be a cross-platform general purpose QUIC library optimized for client and server applications benefitting from maximal throughput and minimal latency. By the end of 2021 the codebase had over 200,000 lines of production code, with 50,000 lines of "core" code, sharable across platforms. The source code is licensed under MIT License and available on GitHub.

<span class="mw-page-title-main">Nostr</span> Decentralized social networking protocol

Nostr is a decentralized network protocol for a distributed social networking system. The name is an acronym for "Notes and Other Stuff Transmitted by Relays". It was designed with goals of censorship-resistance in mind.

References

  1. "发一个自用了一年多的翻墙工具 shadowsocks". Archived from the original on 22 April 2012. Retrieved 15 December 2016.
  2. "Shadowsocks 的前世后生". GFW BLOG. Retrieved 15 December 2016.
  3. "Release 1.11.2".
  4. "Release 4.4.1.0".
  5. "Release v5.3.3 · shadowsocks/shadowsocks-android · GitHub".
  6. "Release v1.10.2 · shadowsocks/ShadowsocksX-NG · GitHub".
  7. clowwindy (20 April 2012). "initial commit" . Retrieved 10 June 2016 via GitHub.
  8. "Ports and Clients" . Retrieved 10 June 2016 via GitHub.
  9. "Shadowsocks – Protocol". shadowsocks.org. Archived from the original on 4 December 2015. Retrieved 11 January 2018.
  10. clowwindy (22 August 2015). "Adopting iOS 9 network extension points". Archived from the original on 22 August 2015. Retrieved 10 June 2016 via GitHub. Two days ago the police came to me and wanted me to stop working on this. Today they asked me to delete all the code from GitHub. I have no choice but to obey. I hope one day I'll live in a country where I have freedom to write any code I like without fearing.
  11. clowwindy (22 August 2015). "shadowsocks/shadowsocks@938bba3" . Retrieved 10 June 2016 via GitHub.
  12. 1 2 Rudolph, Josh (25 August 2015). "Circumvention Tool Deleted After Police Visit Developer". China Digital Times . Retrieved 10 June 2016.
  13. 1 2 Percy (26 August 2016). "中国开发者被警察要求删除软件" [Chinese coder ordered to delete software by police] (in Chinese). GreatFire . Retrieved 10 June 2016.
  14. Kan, Michael (30 August 2015). "China intensifies Internet censorship ahead of military parade". PC World . International Data Group . Retrieved 10 June 2016.
  15. Cimpanu, Catalin (29 August 2015). "Recent GitHub DDOS Linked to Chinese Government and Two GitHub Projects". Softpedia . Retrieved 10 June 2016.
  16. O'Brien, Danny (28 August 2015). "Speech that Enables Speech: China Takes Aim at Its Coders". Electronic Frontier Foundation . Retrieved 10 June 2016.
  17. "Shadowsocks". GitHub.
  18. 1 2 "Shadowsocks Servers". Shadowsocks. Archived from the original on 15 July 2019. Retrieved 11 January 2018.
  19. zhou0 (18 December 2017), shadowsocks-perl: An asynchronous, non-blocking shadowsocks client and server written in Perl , retrieved 11 January 2018{{citation}}: CS1 maint: numeric names: authors list (link)
  20. shadowsocks-go: go port of shadowsocks, shadowsocks, 10 January 2018, retrieved 11 January 2018
  21. shadowsocks-rust: A Rust port of shadowsocks , retrieved 12 October 2019
  22. "Shadowsocks - Clients". shadowsocks.org. Archived from the original on 29 June 2019. Retrieved 11 January 2018.
  23. "Net::Shadowsocks - the asynchronous, non-blocking shadowsocks client and server". Archived from the original on 7 April 2017. Retrieved 6 April 2017 via CPAN.
  24. clowwindy (18 August 2015). "AppData & temp & 当前目录" (in Chinese). Retrieved 10 June 2016 via GitHub.
  25. "Long-term Shadowsocks Plan: ShadowsocksR versus Shadowsocks2 · Issue #501 · StreisandEffect/Streisand". GitHub .
  26. https://censorbib.nymity.ch/pdf/Deng2017a.pdf [ bare URL PDF ]
  27. "How China Detects and Blocks Shadowsocks · Issue #22 · net4people/BBS". GitHub .
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.