←back to thread

Ask HN: The government of my country blocked VPN access. What should I use?

1309 points rickybule | 7 comments | 28 Aug 25 16:43 UTC | HN request time: 0.001s | source | bottom

Indonesia is currently in chaos. Earlier today, the government blocked access to Twitter & Discord knowing news spread mainly through those channels. Usually we can use Cloudflare's WARP to avoid it, but just today they blocked the access as well. What alternative should we use?
Show context
reisse ◴[29 Aug 25 01:31 UTC] No.45059003[source]
I also want to add here because a lot of people either mention Tor as a succesful solution, or mention why Tor is not a solution but state completely wrong reasons. And I have a good soapbox to stand once in a while.

Number one reason why Tor is dead is Cloudflare.

Let me digress here. In my opinion, Cloudflare does a lot more censoring than all state actors combined, because they singlehandedly decide if the IP you use is "trustworthy" or "not", and if they decided it is not, you're cut off from like half of the Internet, and the only thing you can do is to look for another one. I'd really like if their engineers understood what Orwellian mammoth have they created and resign, but for now they're only bragging without the realization. Or at least if any sane antitrust or comms agency shred their business in pieces.

And Cloudflare by default makes browsing with Tor unusable. Either you're stuck with endless captchas, or you're banned outright.

Number two reason why Tor is dead is all other antifraud protections combined. Try paying with Stripe through Tor. There is quite a big chance you'll get an "unknown error" of sorts on Stripe side. Try to watch Netflix in Tor - exit nodes are banned.

Everyone kept shouting "Tor bad, Tor for criminals", and it became a self-fulfilling prophecy. It's really hard to do just browse web normally in Tor, because all "normal" sites consider it bad. The "wrong" sites, however, who expect Tor visitors...

replies(3): >>45059323 #>>45061292 #>>45062482 #
brightball ◴[29 Aug 25 02:18 UTC] No.45059323[source]
I understand where you are coming from but there’s a flip side to this.

Cloudflare obfuscating such a huge segment of origin servers gives a privacy advantage to anyone using a private DNS, since most of the IPs you can be seen connecting to are just…Cloudflare.

replies(3): >>45059855 #>>45061263 #>>45064729 #
rsync ◴[29 Aug 25 03:34 UTC] No.45059855[source]
Or, at least, that’s how it would work if it wasn’t for SNI…
replies(1): >>45060303 #
1. allset_ ◴[29 Aug 25 04:45 UTC] No.45060303[source]
Cloud Flare supports ECH. https://developers.cloudflare.com/ssl/edge-certificates/ech/
replies(2): >>45067328 #>>45071818 #
2. immibis ◴[29 Aug 25 17:55 UTC] No.45067328[source]
China blocks ECH.
replies(1): >>45069876 #
3. majorchord ◴[29 Aug 25 21:54 UTC] No.45069876[source]
do you have a reliable source for this claim?
replies(1): >>45071842 #
4. 1vuio0pswjnm7 ◴[30 Aug 25 04:01 UTC] No.45071818[source]
Any examples of Cloudflare client websites that have enabled ECH
5. 1vuio0pswjnm7 ◴[30 Aug 25 04:05 UTC] No.45071842{3}[source]
China's use of SNI-based censorship is well-documented

For example, see

https://censorbib.nymity.ch/pdf/Niere2025a.pdf

replies(2): >>45076382 #>>45079784 #
6. ranger_danger ◴[30 Aug 25 17:21 UTC] No.45076382{4}[source]
Yes, but SNI is not ECH.
7. 1vuio0pswjnm7 ◴[31 Aug 25 02:24 UTC] No.45079784{4}[source]
China has blocked ESNI

https://gfw.report/blog/gfw_esni_blocking/en/

But SNI is not CH and ESNI is not ECH

Will China block ECH

ECH blocking has been detected in Russia

https://github.com/net4people/bbs/issues/417

According to Niere et al. (2025)

"Additionally, with the ECH extension not yet being widely used [17], [71] and focusing on privacy protection rather than censorship circumvention [60], it can be censored easily by blocking it entirely [14], [76]."

The paper describes various GFW bypass methods that currently work, including removing the SNI extension entirely

It does not mention anyone using ECH to bypass GFW

Perhaps it is too early to conclude "China blocks ECH" because ECH is not in widespread use