Just look for any VPNs that are advertised specifically for China, Russia, or Iran. These are the cutting edge tech, they may not be so privacy-friendly as Mullvad, but they will certainly work.
So the solution is no-name providers using random ad-hoc hackery, chosen according to a criterion more or less custom designed to lead you into watering hole attacks.
Right.
1) The problem is very difficult and requires a lot of engineering resources 2) It's very hard to make money in these countries for many reasons, including sanctions or the government restricting payments (Alipay, WeChatPay, etc)
The immediate response would be: "If the problem is so difficult, how can it be solved if not be well-known, well-established providers?"
The answer is simple: the crowdsourcing power of open source combined with billions of people with a huge incentive to get around government blocking.
Perhaps you should stop and think about why people living in countries where governments actually censor a lot hardly use these "well-established providers" to circumvent censorship. Tip: it's not because they're stupid.
Yeah, maybe V* and derivatives are random ad-hoc hackery, but they also are the well-known standard now.
1. there was a presentation about several admins in a hostile country who had been arrested because someone from Harvard pinged a server they ran as part of IPv4 measurement. The suggestion was to avoid measuring countries with strong censorship laws to prevent accidental imprisonment of innocent IT.
2. similar presentation about ToR project struggling to find fresh egress/ingress addresses. Authoritarian countries were making lists of any IP addresses that were known ToR IPs and prosecuting/imprisoning users associated with them as a result of traffic on those addresses.
I would be extremely careful trying to bypass authoritarian restrictions unless I was 110% confident what I was doing.
If I was working for a secret service for these countries, I would set up many "VPNs that are advertised specifically for x" as honeypots to gather data about any dissidents.
VLESS / v2ray works in Russia, as far as I know.
1. They are in most cases run by national spy agencies.
2. They will at least appear to work, i.e., they will provide you with access to websites that are blocked by the country you are in. Depending on which country's spies run the system, they may actually work in the sense of hiding your traffic from that country's spies, or they may mark you as a specific target and save all your traffic for later analysis.
My inclination is to prefer free (open-source) software that isn't controlled by a company which can use that control against its users.
First, you use well-known cloud or dedicated hoster. All your traffic is now tied to the single IP address of that hoster. It may be linked to you by visiting two different sites from the same IP address. Furthermore, this hoster is legally required to do anything with your VPN machine on demand of corresponding state actors (this is not a speculative scenario; i. e. Linode literally silently MitMed one of their customers on German request). Going ever further, residential and company IPs have quite different rules when it comes to law enforcement. Seeding Linux ISOs from your residential IP will be overlooked almost everywhere (sorry, Germany again), but seeding Linux ISOs from AWS can easily be a criminal offense.
Second, you use some shady abuse-proof hosting company, which keeps no logs (or at least says that) and accepts payments in XMR. Now you're logging in to your bank account from an IP address that is used to seedbox pirate content or something even more illegal, and you still don't know if anyone meddles with your VPN instance looking for crypto wallet keys in your traffic.
VPN services have a lot of "good" customers for a small amount of IP addresses, so even if they have some "bad" actors, their IPs as a whole remain "good enough". And, as the number of customers is big, each IP cannot be reliably tied to a specific customer without access logs.
On the one hand they do DPI with ML.
On the other hand a major player is open!
Something is not right here...
What you need is open protocols and hundreds of thousands of small servers only known to their owners and their family/friends
If you’re worried about ending up on a list, using things that look like VPNs while the VPNs are locked down is likely to do so.
Also… your neighbors in Myanmar didn’t do a lockdown during the genocide and things got pretty fucking dire as a result. People have taken different lessons from this. I’m not sure what the right answer is, and which is the greater evil. Deplatforming and arresting people for inciting riots and hate speech is probably the best you can do to maintain life and liberty for the most people.
The genocide in Myanmar was incited _by_ the government there; giving it more power to censor it's citizens' communications would have done absolutely nothing to help the people being genocided. Genocides don't just suddenly happen; the vast majority of genocide over the past century (including Indonesian genocides against ethnically Chinese Indonesians) had the support of the state.
