One of the tools to bypass blocking and access the necessary resources is Shadowsocks - a protocol with an interesting history and an effective alternative to VPN. Let's figure out the nuances of its work.
What is Shadowsocks?
The Shadowsocks protocol was created in China to avoid the firewall systems of local Internet service providers and gain free access to the World Wide Web. Shadowsocks is widely used to bypass China's blockades, which were created to protect the population and the country from the influence of Western resources.
History of Shadowsocks
Shadowsocks was first posted as an initial commit on GitHub in 2012 by Chinese developer Clowwindy. The protocol became popular immediately, which prompted Clowwindy to work on it for several more years. At the same time, the Chinese programmer was working on the ShadowVPN project.
In 2015, Clowwindy left a message on GitHub that the police had asked him to stop working on his projects and remove the code from public access. After a while, the developer said he was fine and disappeared again.
After that story with the Shadowsocks creator Clowwindy, the development of the project was not stopped. A team of developers began to improve the protocol and now it is one of the most effective tools to overcome blocking. Shaddowsocks VPN is available almost from every provider.
Is Shadowsocks free? Shadowsocks is an open-source protocol that anyone can use for free to encrypt data.
What is Shadowsocks protocol used for and how does Shadowsocks work?
First, avoiding blocking is one of the purposes of using the protocol. It is always relevant, because analogs of the Chinese "Golden Shield" exist all over the world. For example, Ukrainian providers and mobile operators block access to Russian Internet resources and services. Shadowsocks is one of the best ways to access blocked resources.
Second, the protection of traffic and personal data. Dishonest Internet providers not only receive subscriber fees from customers, but also make extra money from collecting information about them. Information about user traffic sells on the big data market. Shadowsocks allows you to block an ISP's access to detailed information and content of your traffic.
Third, to connect to the Internet from unprotected locations. Using Shadowsocks, you can safely use the Internet by connecting to open wifi networks, for example, in cafes or other public places.
In many cases, Shadowsocks can be useful for commercial Internet tasks as well.
- Easy setup. Both server and clients are elementary to set up. The configuration fits into just 5 lines.
- Use of a QR-code to save the configuration. To connect an additional mobile device to Shadowsocks, it is enough to scan a QR-code from the running client program.
- Flexibility. There are client programs for any operating system: macOS, Android, iOS, Windows, Linux, and so on.
- Quite high speed capability compared to alternative VPN technologies. Internet connection speed loss while using Shadowsocks does not exceed 3-5%.
- Less computing load during encryption. It is especially relevant for mobile devices, because it saves battery power. The load reduction is also relevant for the server using VPS hosting for Shadowsocks. Not all hosting companies allow using virtual servers as VPN services, but Shadowsocks may be allowed.
- Flexible configuration. You can set up separate access for certain programs, while making exceptions for other websites. If you need to enter the payment system or the public services portal directly, you don't have to completely disconnect Shadowsocks every time.
- Built-in protection against DPI (Deep Packet Inspection), which is increasingly used by ISPs to detect "non-standard" user behavior. Shadowsocks simulates an HTTPS connection to a remote server. To do so, you should install the simple-obfs, a traffic obfuscation plugin. As a rule, it is already included in the standard package for the server part of Shadowsocks.
- Free access (as open source). You can rent the cheapest VPS server or use an existing one to work with Shadowsocks. Ideally, if your web-hosting provides unlimited traffic through VPS. In this case, setting up your own Shadowsocks server is even cheaper than a third-party VPN product.
- All connected users have equal rights. There is no user management. Therefore, only trusted persons can be given access.
- The documentation, although in English, is written by Chinese developers. This can cause difficulties when using it.
- There were no official audits of Shadowsocks.
- The code is quite simple and available to a wide audience, which creates a risk of fake Shadowsocks software packages.
- A secure connection is created only from a user to the Shadowsocks server. It was the initial task to organize this kind of channel. This limits the possibilities of Shadowsocks to create large-scale private virtual networks for commercial purposes.
- Inability to provide full anonymity.
VPN vs Shadowsocks
Blocking a certain resource means that you cannot access its IP address. Therefore, when you try to go to a blocked website, you first connect to your ISP's server and then to the website - and fail. If you use a proxy, you first connect to your ISP's server, then to the proxy server, and then access the website.
Is Shadowsocks safe? Shadowsocks is based on the SOCKS5 proxy protocol. It protects the connection using AEAD encryption, which is about the same principle as the SSH tunnel. Shadowsocks encryption method (AEAD) is considered simple encryption and therefore not the most secure.
Shadowsocks is quite similar to virtual private networks (VPNs), but the VPN has more complex encryption, which makes it more secure. However, simple Shadowsocks encryption is more difficult to identify because it looks identical to a regular HTTPS connection.
So, it's better to use Shadowsocks VPN with other protocols such as OpenVPN, Wireguard, and others.
Shadowsocks vs OpenVPN
When connecting to a network via VPN, a specific protocol such as OpenVPN, Wireguard, etc. is always used.
OpenVPN is considered one of the most secure protocols due to its strong encryption methods. It uses the OpenSSL library and supports various encryption algorithms such as ChaCha, AES 256, 3DES, Blowfish, Camellia, CAST-128 and AES.
The protocol is compatible with Windows, macOS, Linux, Android, and iOS, and is adaptable to TCP and UDP for easy access through firewalls, making OpenVPN popular.
The main difference between OpenVPN and Shadowsocks is the encryption method, as OpenVPN provides a more reliable and secure connection. However, using these two protocols together will improve your experience of anonymous online connectivity.
How to use Shadowsocks
What you need for Shadowsocks
First of all, as with a VPN, you need a server in a country where the desired content is not blocked. You will install Shadowsocks on this server. We have a ready-made solution - a server specifically for Shadowsocks.
You will also need to know how to connect via SSH. The step-by-step process of connecting using SSH is described in this article.
Do not forget to install the mobile client and the client for PC to use Shadowsocks.
How to use Shadowsocks on Windows
Before you start enjoying the benefits of a secure connection, buy an Amnezia VPN server.
Use this link to download the client (the latest version will be at the top of the page).
An email with the access keys will be sent to your email address. Use them to log in.
Select the manual configuration, as shown in the screenshot, then open the "OpenVPN over ShadowSocks" tab.
Press connect. You can check the connection at https://browserleaks.com/ip
Done! You can use Shadowsocks and bypass blocking.
How to setup Shadowsocks on Android
In the program, click the add server icon. You can manually enter all the data, specifying the server (IP address, instead of example.shadowsocks.org), port, password, and encryption method by clicking on "Manual Settings".
You can even go a simpler way - scan the QR-code. Click on "Scan QR code" and point the camera at the computer screen. You can generate a QR-code with the settings by following this link: just enter the server data.
After that, all you have to do in the main menu is to press a button and a secure connection will be established. The speed may vary due to different phone processors and quality of connection. You can also disable the connection through Shadowsocks by pressing this button.
Shadowsocks is a simple and effective way to bypass blocking and protect against all kinds of unwanted surveillance of your traffic. It does not create a heavy load on the server and mobile client devices. It can be used as additional software for VPS operation.
Thanks to the fact that the technology has not been abandoned, today Shadowsocks is a great alternative to virtual private networks.