Snowflake's sustained operation in heavily censored regions demonstrates that WebRTC must remain accessible to users, which in turn requires that TURN servers remain unblocked to support NAT traversal for peer-to-peer WebRTC connections. This transitive unblockability makes TURN service providers viable rendezvous channels for the Bridge Distribution Problem.

The proposed system adopts the turbo tunnel architecture to provide a reliability layer over lossy TURN relay paths and to allow traffic reassembly at a single bridge across multiple TURN proxies. Three encapsulation modes are specified: direct application data inside TURN messages, DTLS datagrams via WebRTC data channels, and video frames inside WebRTC media streams — the latter two mimicking the encapsulation strategies of existing WebRTC circumvention systems such as Snowflake and TorKameleon.

§2 System Design defense

TURN servers used by major applications such as Facebook Messenger for media relay are hypothesized to be less likely blocked in censored regions due to collateral damage to legitimate WebRTC traffic. Providers like Cloudflare, Metered Video, and ExpressTURN supply geographically distributed TURN infrastructure that can be used without any special configuration by a censorship evasion system.

§1 Introduction & Background defense

The system targets a threat model where the censor performs passive DPI to fingerprint and block the client-to-TURN-proxy channel, and also conducts active enumeration attacks to discover and block proxy endpoints. The paper explicitly notes that traffic splitting may introduce distinct fingerprints of its own that require empirical evaluation — acknowledging that multi-path approaches are not fingerprint-free.

§3.1 Threat Model defense

Traffic splitting across N TURN proxies (1 ≤ N ≤ M) is hypothesized to resist active probing because each TURN server responds to probing requests identically to a regular TURN server, providing no distinguishing signal. Additionally, proxy ephemerality combined with splitting allows on-the-fly migration to new proxies when existing ones are blocked, maintaining connectivity even under partial blocking.

§3.3 Censorship Evasion defense

InterSecLab's 76-page analysis of the Geedge/MESA leak (based on nine months of indexing and translating >100,000 documents) characterizes the Tiangou Secure Gateway (TSG) product line as a commercially deployable detection stack that combines deep packet inspection, real-time mobile subscriber monitoring, active probing, ML-based traffic classifiers, and granular per-region rule sets. TSG is not a research prototype — leaked documentation includes deployment timelines and client government interactions for Kazakhstan, Ethiopia, Pakistan, Myanmar, and one unnamed country, with censorship rules explicitly tailored to each region.

2025-interseclab-internet-coup §3–§5 (InterSecLab report) dpiactive-probingml-classifiersni-blockingip-blockingtraffic-shapefully-encrypted-detect

Justice for Myanmar documents that Geedge Networks supplied Myanmar's military junta with GFW-derived surveillance and censorship infrastructure under Belt and Road frameworks following the February 2021 coup. The deployed system (Tiangou Secure Gateway / TSG) incorporates the same DPI, active-probing, and ML-classifier capabilities as the domestic Chinese GFW, giving Myanmar one of the most technically capable censorship systems in Southeast Asia.

2025-jfm-silk-road-surveillance §3, §5 dpisni-blockingip-blockingtraffic-shapeml-classifieractive-probing

The paper defines Unauthenticated Push (UP) channels as a distinct archetype from signaling/rendezvous channels, characterized by three properties: strictly unidirectional delivery, no client authentication or account association required, and higher bandwidth (kilobytes to megabytes) to support software updates rather than just minimal proxy-address exchanges. This design deliberately shifts operational-security burden onto senders to approach receiver anonymity.

2025-vines-extended §1–§3 ip-blockingactive-probing

Separating the Broker role (a server that holds and manages bridge information) from both the rendezvous channel and the censorship evasion system enables modular protocol design: the rendezvous carrier can be swapped independently of the proxy system. The authors identify broker authentication and multi-broker load distribution as open problems not addressed in the current prototype.

2024-vilalonga-looking §3.1, §5 active-probingip-blocking

Residual censorship — where a censor detects an objectionable connection via one method and then blocks all traffic between the same 3-tuple (client IP + server IP + port) or 4-tuple (client IP + port + server IP + port) for a short duration — was documented in China, Iran, and Kazakhstan. This means a single detected circumvention attempt can trigger temporary IP-level blocking of the entire endpoint regardless of protocol.

2023-master-worldwide §4.3 ip-blockingdpiactive-probing

Following the invasion, Psiphon user counts and VPN usage in Russia increased many-fold and correlated with specific censorship events, while multiple access paths to Tor (direct connections, bridges, pluggable transports) were progressively blocked. Despite this surge, circumvention tools reached only a small fraction of all Russian Internet users, indicating that aggressive multi-vector blocking and lack of user awareness left most people unable to access censored resources.

2023-ramesh-network §6 ip-blockingdpiactive-probing