i was reading a report about irgfw and here is the summarized version from me:
1. dns status: they are using graylisting for banning dns servers. clients can send messages but servers are unable to send the responses since irgfw drops them. between all available options for dns resolving dns over quic seems to be the only working protocol.
> my note: afaik sometimes udp or quic packets will be dropped by isps even in other countries. im not sure how much is this accurate. but if we consider this to be true, then doq won't help always.
2. udp status: they keep an ephemeral state on their system for each combination of port+ip in udp packets and they make a pseudo session to detect handshake patterns for different protocols. also it seems irgfw can learn new patterns as well. protocols such as wireguard are blocked using the same approach.
3. ip status: they have 3 lists, white list, gray list and black list. for an ip to be white it needs to be not used for vpn and proxies for at least 3 months or more. other ips are gray listed by default and they always process and analyze gray list ips traffic. one a graylisted ip detected as a vpn server or anything that needs to be blocked, they will move it to black ips. different isps have different rules for black ips such as randomly dropping packets, dropping tls handshakes to interrupt safe connections and more.
ipv6: its less censored and some mobile operators support it and that seems its more free than ipv4 for now. but irgfw base rules like white, black and gray listings still work there.
4. dpi: they were using active probe model and after that they started using passive probe model which is more efficient for them.
based on current checks last month they stopped complex checks and filters after about 2 years. but this probably means they are getting ready for next time if something important happened on the country to make the network censored again and put it under higher rate of checks.
original report: http://irgfw.report/projects/project1
> note: i wrote this randomly at night on my mobile. so please don't consider typos and...
i was reading a report about irgfw and here is the summarized version from me:
1. dns status: they are using graylisting for banning dns servers. clients can send messages but servers are unable to send the responses since irgfw drops them. between all available options for dns resolving dns over quic seems to be the only working protocol.
> my note: afaik sometimes udp or quic packets will be dropped by isps even in other countries. im not sure how much is this accurate. but if we consider this to be true, then doq won't help always.
2. udp status: they keep an ephemeral state on their system for each combination of port+ip in udp packets and they make a pseudo session to detect handshake patterns for different protocols. also it seems irgfw can learn new patterns as well. protocols such as wireguard are blocked using the same approach.
3. ip status: they have 3 lists, white list, gray list and black list. for an ip to be white it needs to be not used for vpn and proxies for at least 3 months or more. other ips are gray listed by default and they always process and analyze gray list ips traffic. one a graylisted ip detected as a vpn server or anything that needs to be blocked, they will move it to black ips. different isps have different rules for black ips such as randomly dropping packets, dropping tls handshakes to interrupt safe connections and more.
ipv6: its less censored and some mobile operators support it and that seems its more free than ipv4 for now. but irgfw base rules like white, black and gray listings still work there.
4. dpi: they were using active probe model and after that they started using passive probe model which is more efficient for them.
based on current checks last month they stopped complex checks and filters after about 2 years. but this probably means they are getting ready for next time if something important happened on the country to make the network censored again and put it under higher rate of checks.
original report: http://irgfw.report/projects/project1
> note: i wrote this randomly at night on my mobile. so please don't consider typos and...
you can request to relays and obtain backups.
Is there a way to send a message to multiple people? Sort of a private chat sort of thing. #asknostr
nip-29 groups maybe.
1. self-host.
2. our nip-05 service which will be available soon. we announce it on nostr:nprofile1qqst72lw22q3f8rux5846y4wxt63f3uxflcsspgc9aqhs5uv93ppqpcpzdmhxue69uhhqatjwpkx2urpvuhx2ue0elpm48.
i see everyone predicting nostr. nostr is weidr enough to be unpredictable.
#weirdest-r
yes. 2 years ago they limited internet to a local network. someone believe there was still access to outside, but i can sat most of people wasn't able to use public internet. not sure how much it took.
umm, they are stupid. thanks. 🪼
it's not. probably.
by efficient i mean something with a super lightweight and simple configuration. sometimes with low resource usage and probably a way to be managed using a gui or something. then individuals can run random nodes over the country, make this more unstoppable.
im not sure if this affects the process for people to come here. a new community can use its own language, that's the point. lack of content in different topics compared to other social medias is a good point, but im talking about times when we don't have any access to these social medias at all.
yes, im thinking about something similar. small relays even temporary ones with small communities.
but then we need some efficient implementations of relays.
nostr:nprofile1qqsrhuxx8l9ex335q7he0f09aej04zpazpl0ne2cgukyawd24mayt8gprfmhxue69uhhq7tjv9kkjepwve5kzar2v9nzucm0d5hszxmhwden5te0wfjkccte9emk2um5v4exucn5vvhxxmmd9uq3xamnwvaz7tmhda6zuat50phjummwv5hsx7c9z9 i think this should do the work and explain the question/topic clearly.
i was looking at nostr relay map on nostrudel nip-66 client and i saw lack of relays on middle east, where we really need to reach the vision of nostr and make the freedom speech possible for everyone. we know that there is a high possibility for these countries to lose their access to public internet as the government did this before for more than a week. i thought what if we run relays on local ips to at least keep the thing up internally for people.
but based on my current knowledge this is not possible since there is kyc on server providers everywhere and its easy to find the server and owner. the question here is what we can do in this situation? the best answer i reached is to keep relays separate, small and bought using different identities. and the most important one we need a way to change the form of envelopes.
last time this happened, wrote a simple messaging service and we used it with a limited number of friends. but for a bigger network im not sure how can we hide it!?!
also, there is some reports about irgfw which ill try to summarize it and share it in english here.
i think for this purpose chinese nostriches can help since i know they have a limited internet too and i can see they are running some relays. i would be happy if you know any of them and mention them here.
#asknostr #censorship #irgfw