#USENIX #USENIXSecurity

New #censorship analysis publication from #GFWReport: https://gfw.report/publications/usenixsecurity23/en/

TL;DR,
1. The mechanism is passive, and is only run on TCP.
2, When censorship is active, packets are dropped if from the client.
3. Traffic would be exempt if...
* Randomness doesn't exceed 85%.
* At least the first 6 bytes, or over half of the bytes are printable.
* There are at least 20 successive printable bytes.
* The fingerprint matches a TLS or HTTP connection.
4. Iranian censorship closely resembles Chinese censorship.