So I’m currently using a shadowsocks service in china since it is just 100x much more faster than conventional vpns in china (protocols designed for bypassing firewall, relaying data through domestic servers)
However I see some that say that shadowsocks is a lot less secure than a vpn, however, I haven’t been able to get an answer why. Some say that not all data is routed, but special shadowsock apps allow routing of both UDP and TCP. Also, some say that shadowsocks doesn’t have proper encryption methods which doesn’t seem true? (I’m not really sure about this part)
The shadowsocks provider I use uses chacha20-ietf-poly1305 encryption
So… is it secure?
Are you using the Android Shadowsocks client? That is a true VPN and is very easy to use on Android.
However I see some that say that shadowsocks is a lot less secure than a vpn, however, I haven’t been able to get an answer why.
Shadowsocks is very well done and it does the job, as a VPN or as a proxy.
Also, some say that shadowsocks doesn’t have proper encryption methods which doesn’t seem true?
No, that’s totally wrong. In fact, shadowsocks gives you a nice choice of quality encryption.
The security in shadowsocks really depends on how the server is setup, i.e. the encryption key, and encryption method. Same goes to what you refer to as “VPN” — VPN is an umbrella that under it, there are secure protocols as there are mickey mouse security setups.
How does this work? I am planning on getting a VPN for my 1 month trip to China, but I am looking for more suggestions.
Shadowsocks is designed to be secure, it is open source. However, since the majority of the community is in China, old “stereotypes” about Shadowsocks still linger. But today, it’s a solid protocol. Also, chacha20-ietf is already secure enough, poly1305 slows it down and is not necessary. China has also recently started being able to accurately distinguis Shadowsocks servers and block them. So you should try the R variant of Shadowsocks called ShadowsocksR. There is a website with guides and tools for it but it’s Chinese. https://ssr.tools
The only problem with the Android client is that it leaks DNS.
I use surge for MacOS and IOS which is the only client (I think) that supports both UDP and TCP
That’s excellent news
Shadow socks providers give far better quality than their VPN counterparts and I would hate to have to go back for security/privacy
Agreed. But vanilla Shadowsocks with obfuscation plugins will also keep you under the radar.
Ahh OK thanks
Some SS services offer IPLCs (not their own lines obviously though) which bypasses GFW directly apparently
You can set the dns to your liking.
Shadowrocket for iOS supports UDP forwarding
Is it still recommended, even though [AFAIK] the dev is no longer updating it?
You can set to your liking, but it leaks.
simple-obfs was deprecated indeed, although it still does the job. New obfuscation plugins have emerged in the meantime: v2ray plugin for Shadowsocks, Cloak, the successor of GoQuiet. In other words, the future of Shadowsocks obfuscation never looked so promising.
Even if using DoH or DoT?
Any updates in that direction?
I am looking for an option to setup for a year in China.
Any recommendations are welcome!
I’m using SSR app, there is no option called DoH or DoT. I’ll try the standard SS app later and let you know.
Caonima.io native VPN client uses trojan protocol under the hood.
I’m using SSR app, there is no option called DoH or DoT
Neither DoH or DoT are options in an app.
You mean DNS over http and DNS over TLS? How do you use those with SS?