Camoufler defeats active probing of its server endpoints by keeping server IM IDs private (shared only out-of-band with trusted clients) and configuring the server to respond only to those trusted IDs. An adversary systematically probing IM IDs to find Camoufler servers would receive no response from the server, making enumeration futile. When E2M-encrypted IM providers could collude with a censor, an additional application-layer key exchange (DH with RSA-wrapped ephemeral key, AES-256, PFS via key deletion) prevents the provider from revealing plaintext even under coercion.

Large-file transfers via Camoufler (using Telegram as the IM channel) show modest overhead compared to direct wget: a 10 MB file takes 13.6s vs. 7.9s direct, 50 MB takes 52.1s vs. 35s, and 100 MB takes 93.3s vs. 68s. The overhead stems from the server downloading the complete file before forwarding it, but performance still substantially exceeds prior tunneling systems such as SWEET (email-based) and CovertCast (video-based), which the authors describe as incurring >10s even for small webpage loads.

§4, Table 1 evaluation

Traffic analysis comparing Camoufler clients (fetching blocked websites) to regular IM clients (exchanging multimedia) shows indistinguishable packet-exchange rates and packet-size distributions: a 1.3 MB document download via Camoufler peaked at >700 packets/s, matching the >800 packets/s spike from a 1.5 MB video download by a regular IM client. Packet sizes cluster identically in two bins (<100 bytes for ACKs; >1,200 bytes for data) regardless of whether the underlying content is a web page or a video.

§5.1 evaluation

Camoufler's blocking-resistance relies on collateral-damage economics: IM platforms had ~2.5 billion active users as of January 2019 (projected >3 billion by 2022) and are embedded in essential business and commercial operations (airline e-tickets, professional collaboration tools). Blocking all IM to disrupt Camoufler would require the censor to harm its own economy; the threat model requires only that the censor permits at least one IM platform, in which case Camoufler remains operational.

§3.1, §7 defense

Camoufler tunnels censored web traffic through real Instant Messaging applications (Signal, Telegram, WhatsApp, Slack, Skype), achieving a median page-load time of 3.6s (average 4.1s) over Signal and 2.3s median (average 2.7s) over Telegram for Alexa top-1,000 sites — compared to 120s for CovertCast loading BBC News and only 2.56 Kbps throughput for DeltaShaper. Over 90% of TTFB trials across 10 popular sites completed under 2s, with 50% under 1s.

§4 defense

The September 2025 leak of ~600 GB from Geedge Networks and the MESA Lab (Institute of Information Engineering, Chinese Academy of Sciences) is the largest known document disclosure from the GFW vendor ecosystem. It establishes a direct lineage: MESA Lab (founded 2012 by Fang Binxing's team, annual contracted revenue >35M RMB by 2016) spun out Geedge Networks in 2018, with MESA alumni filling key engineering roles (e.g. Zheng Chao as CTO). The leak includes ~64 GB of MESA git repositories, ~35 GB of MESA internal documents, ~15 GB of Geedge internal documents, and a ~3 GB Jira export — providing direct access to source code, work logs, and internal communications behind GFW R&D.

2025-geedge-mesa-leak §4 dpiactive-probingml-classifiersni-blockingfully-encrypted-detect

Internal Geedge documents confirm active contracts to deploy GFW-derived censorship and surveillance infrastructure in Myanmar, Pakistan, Ethiopia, Kazakhstan, and at least one additional unidentified country under the Belt and Road framework, in addition to domestic deployments in Xinjiang, Jiangsu, and Fujian. The exported product (the Tiangou Secure Gateway / TSG line) is not a stripped-down export variant — leaked TSG documentation shows DPI, active-probing, ML classifiers, and granular per-region traffic control rules that mirror the domestic GFW capability set.

2025-geedge-mesa-leak §5, §6 dpiactive-probingml-classifiersni-blockingdns-poisoningfully-encrypted-detecttraffic-shape

InterSecLab frames the Geedge/TSG export program as the commoditization of national firewall capability: rather than each censor state independently developing detection infrastructure, they contract Geedge for a turnkey system incorporating the cumulative R&D of MESA Lab (>10 years, National Science and Technology Progress Award winners). This structural shift means the marginal cost for an autocratic government to acquire GFW-grade censorship is now a procurement decision, not a multi-year engineering program. The report identifies that Geedge's relationship with the MESA Lab gives customer states indirect access to ongoing academic R&D improvements, not just a static product.

2025-interseclab-internet-coup §2, §6–§7 (InterSecLab report) dpiactive-probingml-classifier

InterSecLab's 76-page analysis of the Geedge/MESA leak (based on nine months of indexing and translating >100,000 documents) characterizes the Tiangou Secure Gateway (TSG) product line as a commercially deployable detection stack that combines deep packet inspection, real-time mobile subscriber monitoring, active probing, ML-based traffic classifiers, and granular per-region rule sets. TSG is not a research prototype — leaked documentation includes deployment timelines and client government interactions for Kazakhstan, Ethiopia, Pakistan, Myanmar, and one unnamed country, with censorship rules explicitly tailored to each region.

2025-interseclab-internet-coup §3–§5 (InterSecLab report) dpiactive-probingml-classifiersni-blockingip-blockingtraffic-shapefully-encrypted-detect

Justice for Myanmar documents that Geedge Networks supplied Myanmar's military junta with GFW-derived surveillance and censorship infrastructure under Belt and Road frameworks following the February 2021 coup. The deployed system (Tiangou Secure Gateway / TSG) incorporates the same DPI, active-probing, and ML-classifier capabilities as the domestic Chinese GFW, giving Myanmar one of the most technically capable censorship systems in Southeast Asia.

2025-jfm-silk-road-surveillance §3, §5 dpisni-blockingip-blockingtraffic-shapeml-classifieractive-probing

The paper proposes modeling HCS undetectability as a simulation-based cryptographic distinguishability problem: if traces produced by the real-world HCS channel are computationally indistinguishable from ideal-world application-channel traces (T_HCS ∼ T_simulator), the HCS achieves provable security against any adversary — passive or active. The simulation paradigm is parametric in adversary capability, meaning a single proof covers the full spectrum from passive SNI monitoring to active DPI.

2025-pereira-position §1, §2 dpitraffic-shapeactive-probing