[jlund]

An aspiring censor could also "easily connect to the broader network" and masquerade as a federated server in order to discover others. This process could even be automated.

Federated services also require an identifier, and this identifier usually indicates where the user's account is located and how to connect with them (e.g. user@domain.com). As people share these identifiers, the aspiring censor can just keep adding new entries to the blacklist.

[seba_dos1]

At least in case of XMPP, the client doesn't need to be able to connect to other domains, so as long as you can connect to your own server outside of the censorship's reach (which could be accessible for c2s connections in a completely different way than for s2s), you should be fine.

[Paul-ish]

How do you ensure the censor doesn't block the major c2s connections? I suspect most techniques are too technical for your average user.

[Boulth]

Modern clients can connect via port 443. There is also support for XMPP via WebSockets, that looks like regular HTTPS traffic.

[majewsky]

Sure, but they can just block the IP.

[Boulth]

Yes, but it's always possible to block IP (targeted attack). Federated with a big amount of small servers make it hard to automate. You can block several hosts but the rest of the network would work fine. And because of how federation in XMPP works you just need a one client to server connection to reach the entire network.

[Boulth]

In XMPP you cannot easily enumarete other servers s2s connections. If the censor connects as a client he can only see their own contacts.

As for sharing IDs if you post them publicly then of course they are revealed and can be blocked.