chgxvjh [he/him, comrade/them]

Fashtech is the more established term.

Fashware

I’d argue it’s not a question of intelligence but of network equipment. In many countries ISPs are private companies and there which complicates measures that require specialised equipment. Blocking DNS is basically free, routers can void IPs and IP ranges, broad checks for sequences in package payload are more expensive (scanning for Wireguard) and approaches to distinguish OpenVPN from other SSL even more.

I’d be careful with wireguard if VPN is illegal. OpenVPN has a SSL handshake. Wireguard has a Wireguard handshake.

OpenVPN fingerprinting exists too but it’s an actual effort. For Wireguard you just need tcpdump and a basic filter.

I think the Chinese VPN ban is a bit exaggerated

You can rent a server and run OpenVPN on that server on port 443. Maybe even with port sharing so that the server can act like a regular webserver too.

It’s easier to trace the traffic back to you if the server runs in your name but it’s pretty hard to tell that you are using VPN if you aren’t connecting to a known VPN provider.

I believe in the beginning no company was compliant, the courts didn’t want to destroy capitalism so they only fined the most egregious offenders and now courts are following the initial precedents and only convict in 1-2% of cases.

They are also keep ignoring earlier privacy laws so it’s not big surprise really.

Yeah the end of security updates severely exaggerated.