The GFW applies the fully-encrypted detector probabilistically and only to a targeted subset of IP address space. Each qualifying connection is blocked with probability p = 26.3% (geometric distribution fit over 109,489 affected IPs in a 10% IPv4 scan); residual censorship then blocks the same 3-tuple (client IP, server IP, server port) for 180 seconds after a first block. The detector only monitors ~26% of connections and targets specific IP ranges of popular data centers (VPS providers such as Alibaba US, Constant, DigitalOcean, Linode); large CDNs (Akamai, Cloudflare) and most residential/enterprise IPs are unaffected. 98% of scanned IPs were unaffected. Simulated on live university traffic, the rules would block ~0.6% of normal connections as collateral damage.

The GFW's fully-encrypted detector (deployed Nov 2021) operates by exempting likely-benign traffic and blocking the rest. Five inferred exemption rules applied to the first TCP payload (pkt): Ex1 — popcount(pkt)/len(pkt) ≤ 3.4 or ≥ 4.6 (bits/byte); Ex2 — first 6+ bytes are printable ASCII [0x20–0x7e]; Ex3 — more than 50% of bytes are printable ASCII; Ex4 — more than 20 contiguous printable ASCII bytes; Ex5 — first bytes match TLS or HTTP fingerprint. Traffic failing all five exemptions is blocked. Experiments confirmed all rules still held as of February 2023.

§4, Algorithm 1 detection

Drivel evaluates its design against the GFW's fully-encrypted-traffic detector (documented in Wu et al. 2023). The thesis demonstrates that switching to post-quantum primitives does not by itself change the traffic's appearance to a statistical censor classifier — the fully-encrypted detection problem is independent of the underlying cryptographic algorithm and must be addressed at the traffic-shaping layer regardless of key-exchange choice.

2025-himmelberger-drivel §3, §4 fully-encrypted-detectrandom-payload-detect

Drivel is an obfs4-style fully-encrypted proxy protocol that replaces obfs4's pre-quantum cryptographic primitives with post-quantum alternatives. It is one of the first circumvention protocols explicitly designed to remain secure under a quantum adversary, addressing the forward-secrecy threat to deployed circumvention traffic recorded today for future decryption.

2025-himmelberger-drivel §1, §2 fully-encrypted-detectrandom-payload-detect

Despite fully encrypted protocols existing since obfs2 in 2012, the first documented evidence of the GFW passively detecting them purely by randomness appeared only in 2021 — approximately a decade later — and was limited to certain foreign IP address ranges and a subsampled fraction of traffic. Meanwhile, the GFW had been discovering obfs2/obfs3 servers via active probing as early as 2013, indicating censors found active-probing-based address discovery cheaper and more reliable than passive statistical classifiers for this protocol family.

2023-fifield-comments §5 fully-encrypted-detectactive-probingrandom-payload-detect

The GFW detects Shadowsocks by flagging apparently high-entropy connections that are not TLS or HTTP, but this detection is brittle: connections are explicitly allowed if the first 6 bytes of the first packet of a flow are all printable ASCII characters (range 0x20–0x7E). Adding a 6-byte alphanumeric preamble to the Shadowsocks message definition is sufficient to bypass this heuristic and requires only a short patch to the protocol specification file.

2023-wails-proteus §3.2 random-payload-detectfully-encrypted-detectdpi

The October 2022 blocking wave is the confirmed operational deployment of the fully-encrypted-traffic detector later formalized in Wu et al. (USENIX Security 2023). The detector was therefore in live production from at least late 2022, more than a year before the academic paper describing it was published. This event establishes that the GFW's passive fully-encrypted classifier operates at scale in adversarial real-world conditions, not just in controlled experiments.

2022-blocking-tls-circumvention full post fully-encrypted-detectrandom-payload-detect

Current randomized-payload circumvention tools (obfs4/ScrambleSuit, SkypeMorph, VoIP-tunneling) rely on censors 'defaulting open' — treating unidentified traffic as innocuous. If censors instead block all traffic not explicitly recognizable as meaningful plaintext, these tools fail entirely. The paper notes anecdotal evidence this is already occurring, including blocking of some TLS 1.3 connections.

2021-kaptchuk-meteor §1 Introduction random-payload-detectfully-encrypted-detectdpi