To understand how Shadowsocks works, we’ll have to get a bit into the cyberweeds. Shadowsocks is based on a technique called proxying. Proxying grew popular in China during the early days of the Great Firewall—before it was truly “great.” In this setup, before connecting to the wider internet, you first connect to a computer other than your own. This other computer is called a “proxy server.” When you use a proxy, all your traffic is routed first through the proxy server, which could be located anywhere. So even if you’re in China, your proxy server in Australia can freely connect to Google, Facebook, and the like.
But the Great Firewall has since grown more powerful. Nowadays, even if you have a proxy server in Australia, the Great Firewall can identify and block traffic it doesn’t like from that server. It still knows you are requesting packets from Google—you’re just using a bit of an odd route for it. That’s where Shadowsocks comes in. It creates an encrypted connection between the Shadowsocks client on your local computer and the one running on your proxy server, using an open-source internet protocol called SOCKS5.
How is this different from a VPN? VPNs also work by rerouting and encrypting data. But most people who use them in China use one of a few large service providers. That makes it easy for the government to identify those providers and then block traffic from them. And VPNs usually rely on one of a few popular internet protocols, which tell computers how to talk to each other over the web. Chinese censors have been able to use machine learning to find “fingerprints” that identify traffic from VPNs using these protocols. These tactics don’t work so well on Shadowsocks, since it is a less centralized system.“Each person can configure it to look like their own thing. That way everybody’s not using the same protocol.”
Each Shadowsocks user creates his own proxy connection, and so each looks a little different from the outside. As a result, identifying this traffic is more difficult for the Great Firewall—that is to say, through Shadowsocks, it’s very hard for the firewall to distinguish traffic heading to an innocuous music video or a financial news article from traffic heading to Google or some other site blocked in China.
Leo Weese, a Hong Kong-based privacy advocate, likens VPNs to a professional freight forwarder, and Shadowsocks to having a package shipped to a friend who then re-addresses the item to the real intended recipient before putting it back in the mail. The former method is more lucrative as a business, but easier for authorities to detect and shut down. The latter is makeshift, but way more discreet.
What’s more, tech-savvy Shadowsocks users often customize their settings, making it even harder for the Great Firewall to detect them wholesale. People use VPNs to set up inter-company links, to set up a secure network. It wasn’t designed for the circumvention of censorship, but with Shadowsocks Each person can configure it to look like their own thing. That way everybody’s not using the same protocol.