Among surveyed channels, Skyhook, PushRSS, SQS, AMPCache, and Meek satisfy all three UP channel properties (unidirectional, no client auth, higher bandwidth); CloudTransport and Raven do not because they require authenticated user accounts; Tor's email- and Telegram-based bridge distribution also fails the no-auth requirement. The analysis was prompted in part by the 2022 GFW entropy-based blocking event, which required software updates to be pushed to users before fully-encrypted protocols could resume functioning.

The paper enumerates five adversarial attack surfaces against a video-steganography UP channel: (1) wholesale blocking of the hosting platform, (2) mass-scanning and blocking encoded videos (noted as generally cost-prohibitive per the steganography literature), (3) enumerating videos via pseudorandom tags (feasible but hampered by tag-list overlap with unrelated content and time-window dynamics), (4) banning accounts posting encoded videos, and (5) tracking anticensorship users viewing encoded content. The pseudorandom tag window design specifically prevents preemptive enumeration because the top-n results for a tag at epoch t differ from those at t±1.

§2.1 detection

UP channels based on free third-party content hosting (video, audio, images, ML models) provide no-cost scalability: steganographic videos once uploaded are free to distribute to arbitrarily many users, and the channel sustains adversarial financial denial-of-service attacks without incurring operator costs. This contrasts with meek, SQS, AMPCache, and Skyhook, which face financial DoS risk because adversaries can drive up hosting costs by using those channels as intended.

§4 evaluation

The paper defines Unauthenticated Push (UP) channels as a distinct archetype from signaling/rendezvous channels, characterized by three properties: strictly unidirectional delivery, no client authentication or account association required, and higher bandwidth (kilobytes to megabytes) to support software updates rather than just minimal proxy-address exchanges. This design deliberately shifts operational-security burden onto senders to approach receiver anonymity.

§1–§3 defense

A concrete UP channel implementation uses keyed steganographic encoding embedded in videos posted to a public hosting service (e.g., flickr.com), addressed via a time-epoch pseudorandom tag generator drawn from publicly known trending-topic lists. Clients query the top-n videos matching the current epoch tag and attempt decryption; real-world video size variability supports data transmissions from a few kilobytes (configuration updates) to megabytes (software updates).

§2 defense

Stage 1 of the detection pipeline uses a lightweight heuristic: restrict analysis to IP addresses in "VPS-dense ASNs," which censors already target for resource-intensive inspection of fully-encrypted traffic. This pre-filter dramatically reduces the search space before applying the more expensive dual-role behavioral analysis. The evaluation was conducted without Stages 1 and 3 due to dataset limitations, meaning the reported 23% recall and 0.18% FPR are conservative lower bounds on the full pipeline's performance.

2026-almutairi-server §2.1, §2.2, §3.4 fully-encrypted-detectdpiml-classifier

Systematic measurement platforms (OONI, Censored Planet, Cloudflare Radar, NetBlocks) have inherent blind spots due to geographic coverage and protocol-specific test constraints; critical censorship discoveries — including GFW fully-encrypted protocol blocking and regional Chinese censorship — were first surfaced by user reports on forums and GitHub issue pages of circumvention tools, not by automated measurement infrastructure.

2026-zohaib-extended §1 measurement-platformfully-encrypted-detect

Two Iranian ASes apply a protocol allowlist that drops traffic not matching known application-layer protocol patterns (after ~6 packets), independently of the destination IP. Experiments with fresh /26 phantom subnets showed that prefixing Conjure connections with a plain HTTP GET payload evaded this blocking for four weeks, while TLS Client Hello-prefixed and SSH-prefixed connections were blocked within 72 hours (TLS) or 72 hours after port rotation (SSH). HTTP GET on port 80 was the only tested prefix that survived the full experiment window.

2025-alaraj-iran-refraction §4.4, §5 dpifully-encrypted-detect

Iran's June 2025 shutdown enforced a strict national protocol whitelist: only DNS (UDP/53), HTTP (port 80), and HTTPS (port 443) traffic from Iranian networks to external servers was forwarded; all other protocols—including OpenVPN (UDP/1194), SSH (port 22), and arbitrary TCP/UDP ports—were silently dropped without response by DPI at the border.

2025-aryapour-stealth-blackout §4.4 dpiport-blockingfully-encrypted-detect

The September 2025 leak of ~600 GB from Geedge Networks and the MESA Lab (Institute of Information Engineering, Chinese Academy of Sciences) is the largest known document disclosure from the GFW vendor ecosystem. It establishes a direct lineage: MESA Lab (founded 2012 by Fang Binxing's team, annual contracted revenue >35M RMB by 2016) spun out Geedge Networks in 2018, with MESA alumni filling key engineering roles (e.g. Zheng Chao as CTO). The leak includes ~64 GB of MESA git repositories, ~35 GB of MESA internal documents, ~15 GB of Geedge internal documents, and a ~3 GB Jira export — providing direct access to source code, work logs, and internal communications behind GFW R&D.

2025-geedge-mesa-leak §4 dpiactive-probingml-classifiersni-blockingfully-encrypted-detect

Internal Geedge documents confirm active contracts to deploy GFW-derived censorship and surveillance infrastructure in Myanmar, Pakistan, Ethiopia, Kazakhstan, and at least one additional unidentified country under the Belt and Road framework, in addition to domestic deployments in Xinjiang, Jiangsu, and Fujian. The exported product (the Tiangou Secure Gateway / TSG line) is not a stripped-down export variant — leaked TSG documentation shows DPI, active-probing, ML classifiers, and granular per-region traffic control rules that mirror the domestic GFW capability set.

2025-geedge-mesa-leak §5, §6 dpiactive-probingml-classifiersni-blockingdns-poisoningfully-encrypted-detecttraffic-shape