-
southerntofu
hello, maybe stupid question: is there a XEP for s2s network censorship circumvention? maybe something like BOSH for S2S?
-
southerntofu
someone was asking about that on lemmy.ml in a thread about nation-wide censorship of networks
-
Link Mauve
southerntofu, if your sole censorship threat is that some ports are blocked, you can run an XMPP service on port 443.
-
Licaon_Kter
SRVs to the rescue? southerntofu see XEP-0368
-
southerntofu
yes i'm aware (though i don't think s2s on port 443 would work?) the question was more about chinese great firewall type of censorship, eg. my server can't communicate with yours
-
southerntofu
ah ok 443 is possible for s2s with SRV thanks :)
-
Link Mauve
(southerntofu, why wouldn’t it?)
-
jonas’
southerntofu, with the chinese great firewall, not even a VPN rescues you
-
jonas’
you’re lost there, they’re experts in traffic analysis
-
jonas’
they can distinguish facebook vs. google even when tunneled through a VPN just by traffic patterns
-
southerntofu
though i'm not sure it would be indistinguishable from HTTPS trafic
-
jonas’
they’re really open about that, you can read their papers :)
-
Martin
But they don't seem to care about xmpp yet. It just worked without any VPN when I was in China.
-
jonas’
southerntofu, it would, easily. HTTPS connections don’t live that long, the packet sizes, rates and reply/response correlations differ
-
southerntofu
jonas’, yeah there's still quite a lot you can do especially for a two-directional protocol like XMPP.. i mean people still use something-thats-like-a-VPN in China to access the rest of the network :)
-
southerntofu
btu sure correlation attacks are a thing
-
southerntofu
so my question was more like is BOSH for S2S possible? eg. REAL HTTPS for s2s connections?
-
Link Mauve
southerntofu, this wouldn’t solve the issue jonas’ is mentioning.
-
southerntofu
indeed no, just make it harder
-
jonas’
barely, at the cost of making everything else terrible
-
southerntofu
i'm not familiar with details, but i heard tor project had good experiences with maskerading trafic as WWW to circumvent censorship (snowflake?)
-
jonas’
I’d then rather look into similar measures on the s2s layer, instead of making s2s go over HTTPS and making everything terrible
-
southerntofu
anyway thanks for the answer in my view the real answer is to run some censorship-circumvention on top of existing services, not try to integrate imperfect solution in every service :)
-
Tim
See "shapeshifting" https://www.pluggabletransports.info/transports/ (I've never tried it.)
-
xorman
do you know of any reactions XEP?
-
moparisthebest
xorman: https://xmpp.org/extensions/xep-0444.html
-
xorman
thx
-
xorman
I saw a discussion days ago about cryptocurrency integration talking mostly about payments, but really chat-currencies integration happens mostly around (monetizing) reactions