[salawat]

What you are homing in on is the problem of trust.

And yes. It is a problem. If your upstream does skulduggerous things, you can't "route around it" from the standpoint of being an endpoint. Your packets will go where your ISP says they go.

Unless...

You take a bit of the routing decision out of their hands, which takes a bit of footwork on your part. For instance, setting up a VPN to a network zone unpolluted by the faulty prefix announcement, which is basically going to be any non downstream of the hostile ISP provider.

Once you're out of that routing zone, normal network visibility is restored. Odds are even a national scale backbone provider is not going to be able to effectively block traffic that's routing out to a proxy, so all the the ISP has really done is made life more difficult for people unaware of how to set up such an arrangement.

Which now that you know about this, it is your duty to spread the knowledge of how to do so far and wide. If someone wants to block it, then that's all the justification needed for frustrating those efforts.

[dilyevsky]

VPN traffic is trivially blocked at the ISP level which has been proven by china, russia and others. So no you can't really prevent mass censorship with technology.

[Forbo]

And trivially circumvented, which has been proven by Tor. https://support.torproject.org/censorship/connecting-from-ch...

[dilyevsky]

Lol trivial as in running your own bridge outside of great firewall?

[Forbo]

As is stated in the link I posted, you don't have to run your own bridge. With snowflake, there are more entry nodes than ever, and you don't need to know anything about them in advance.

[dilyevsky]

Yes and it’s been classified and blocked before (though not for long). Eventually they will just start blocking fastly completely or whoever else will agree to domain front them and that’s that