South Korea Expands Site Blocking Efforts with SNI Eavesdropping

Tell us how you'll expell all normalfags from the internet, go on.

The only way to surpass this level of goobermint crap is to become a hacker. Look at china.

Yes, because of the recent censorship fiasco dnscrypt/DNS-over-TLS/DNS-over-HTTPS clients have just begun to be widely distributed to the Korean public. Tor isn't widely used because it is too slow for streaming and downloading torrents. If the internet censorship gets off the hook like China I'll be renting a VPS and setting up obfs4/Shadowsocks/whatever Chinese use to evade their internet censorship.

Stock up burner SIMs and credits.
root.zone local copy, dnscrypt + socks5 proxies from China.
As plan B, make batman meshnets for organized comms.
Ultrasurf, freegate, psiphon or similar. You may also use VPN on top of it or just vanilla but if VPN ports are blocked by kike ISP you can assign a different rport and try portscanning these (UDP/TCP). If UDP is blocked in the NAT or some IPv4 NAT problem, use common udp ports for apps like google or games or find an ipv6 provider.
Build a 10KM directional wifi beam @pic and if you manage to still have internet during a shutdown, try to share it as much as possible, can also be used for comms with a wifi messaging app GnuPG signed to your liking.
5G is your friend but use outdoor antennas!
Contact the UNHR (sadly not the best choice but whatever), go to wikileaks and other non-MSM news sites.

Attached: FF.jpg (560x289, 91.22K)

Meek is not enough. All it does is fake the SNI header and dns. But this can be bypassed because meek takes time to do that and that time can be measured and used to block clients. Or the real dns request could be poisined before you make the fake dns request to say azure.

The real solution is to disable SNI altogther and encrypt your dns requests. Or just have a offline dns cache.

So how do you disable your SNI in TLS? Comment it out of the code? I couldn't find a single standard TLS library that allow you to disable it whether by commandline arguement or configure build time options. It seems SNI was added in SSL 2.0 as a backdoor of sorts. As you could just collect the SNI of packets and use that to correlate where traffic was going and coming from based on the time it was collected. It is essentially a backdoor in the protocol for spying purposes.

North Korea has more strict rule for the Internet than China. In North Korea, only permitted people can connect to the Internet. Others only can use Kwangmyong, or a national intranet service.

how's the Kwangmyong? are there penpal services? internet chess? Secret NK-only StarCraft2 service?

Supposedly TLS 1.3 was about to deprecate SNI among other things but that made middleboxes that was designed to monitor your internet traffic crap out and they had to put them back. Maybe that's why.

Kwangmyong is a just simple network like Internet but it is an intranet censored by the North Korean government.

en.wikipedia.org/wiki/Kwangmyong_(network)