Just look for any VPNs that are advertised specifically for China, Russia, or Iran. These are the cutting edge tech, they may not be so privacy-friendly as Mullvad, but they will certainly work.
So the solution is no-name providers using random ad-hoc hackery, chosen according to a criterion more or less custom designed to lead you into watering hole attacks.
Right.
Yeah, maybe V* and derivatives are random ad-hoc hackery, but they also are the well-known standard now.
A lot of people use Telegram and think it's private, too.
What about the part about choosing your VPN provider in the way most likely to get you an untrustworthy one who's after you personally?
1) The problem is very difficult and requires a lot of engineering resources 2) It's very hard to make money in these countries for many reasons, including sanctions or the government restricting payments (Alipay, WeChatPay, etc)
The immediate response would be: "If the problem is so difficult, how can it be solved if not be well-known, well-established providers?"
The answer is simple: the crowdsourcing power of open source combined with billions of people with a huge incentive to get around government blocking.
Perhaps you should stop and think about why people living in countries where governments actually censor a lot hardly use these "well-established providers" to circumvent censorship. Tip: it's not because they're stupid.
Tor and I2P, for example, don't actually make money anywhere. Which is not to say that they work for any of the users in all of these places, or for all of the users in any of these places.
> The answer is simple: the crowdsourcing power of open source combined with billions of people with a huge incentive to get around government blocking.
The actual answer is that (a) they're using so many different weird approaches that the censors and/or secret police can't easily keep up with the whack-a-mole, and (b) they're relying on folklore and survivorship bias to tell them what "works", without really knowing when or how it might fail, or even whether it's already failing.
Oh, and most of them are playing for the limited stakes of being blocked, rather than for the larger stakes of being arrested. Or at least they think they are.
Maybe that's "solving" it, maybe not.
The part about the unreliable ad-hockery is also true, albeit less critical. The fact is that you don't know what your adversary is doing now, and you definitely don't know what they're going to to roll out next. You don't have to be stupid to decide to take that risk, but you also don't have to be particularly stupid to not think about that risk in the first place, especially when people are egging you on to take it.
The greater purpose underlying both is to keep people from unknowingly getting in over their heads. I have seen lots of people do actually stupid things, up close and personal, especially when given instructions without the appropriate cautions.
And "services and providers" doesn't necessarily mean commercial VPNs. In fact those were way down the list of what I had in mind. Your own VPS is a "provider". So is Tor or I2P (not that those won't usually run into problems). So is your personal friend in another country.
1. there was a presentation about several admins in a hostile country who had been arrested because someone from Harvard pinged a server they ran as part of IPv4 measurement. The suggestion was to avoid measuring countries with strong censorship laws to prevent accidental imprisonment of innocent IT.
2. similar presentation about ToR project struggling to find fresh egress/ingress addresses. Authoritarian countries were making lists of any IP addresses that were known ToR IPs and prosecuting/imprisoning users associated with them as a result of traffic on those addresses.
I would be extremely careful trying to bypass authoritarian restrictions unless I was 110% confident what I was doing.
Please re-read my post then. I do not call to look for VPN for your or anyone's particular country, I call to look for VPNs for these specific countries because they have the current bleeding edge blocking tech, and if VPN works there now, it will 100% work in every other country. If you're in China, you don't have to look for Chinese VPNs, some of Russian ones will work there too.
To actually bypass this, you need your own network. Does anyone know of any sneakernet protocols that would be useful here?
Tor is great, and they do great research on censorship circumvention, but it isn't used at any significant scale in these countries.