Shadowsocks: apa itu, bagaimana cara kerjanya, perbandingan dengan VPN.

We talk about the protocol, its mechanics, pros, cons, and also compare it with VPN.

What is Shadowsocks

Shadowsocks is a free tool for those who want to bypass restrictions in a simple but unpopular way. It is a network protocol with data encryption. It also helps with traffic and personal data protection. It is based on SOCKS5 technologies, and the source code is available on GitHub.

The project started in 2012. Chinese developer under the nickname Clowwindy uploaded the first Shadowsocks developmentson GitHub. The protocol helped bypass the restrictions of the "Great Firewall of China." The project became popular worldwide after its removal from GitHub, which attracted media attention. Journalists suggested a connection between the removal and the attack on GitHub that occurred a few days later.

Clowwindy stopped development in 2015 at the request of Chinese law enforcement authorities. Since then, the Shadowsocks community has been developing the project.

​

​

The map from the Freedom House website demonstrates in which countries Shadowsocks will definitely come in handy.

Shadowsocks is needed for similar tasks as VPN:

• Bypassing restrictions. Protocols are used to access blocked resources both within a country and by providers and operators.
• Protecting personal data. It is harder to gain access to traffic and personal data.
• Secure connection from unprotected points – for example, through free Wi-Fi.

How it works

With a standard network connection, the user accesses the internet directly through their provider. For example, if they want to visit a specific website, they first connect to the provider's router, and then to the website itself. If the government wants to block this website, they request that the provider block access to its IP address.

To bypass this restriction, proxies are used. In this case, a "mediator" – a proxy server – is established between the provider and the website. The connection still takes place through the provider, but they only know that the request is going to the proxy. Therefore, the connection to the website happens without restrictions, and the traffic goes back to the user's device. However, there are several problems with this approach, for example:

• Websites and providers can detect that you are using bypassing tools.
• The connection is not secure. Although you can use proxies with encryption or VPN, which most often encrypts traffic.

Shadowsocks is needed to solve these problems. It encrypts data and presents it as regular HTML traffic. The protocol is based on SOCKS5, about which there is an article on our blog. It also helps protect the connection through the AEAD algorithm.

AEAD uses the same principle as SSH tunneling, but in the case of AEAD, encrypted data includes information about the source and recipient. This makes it more difficult for malicious actors. Even if they intercept a message, they cannot forge the transmission of data.

Generally, AEAD ciphers are considered not as secure, according to discussions on Stack Exchange. But they are sufficient for a reliable connection and data protection.

The principle of Shadowsocks operation: the SS program is set up as a regular SOCKS5, but with the IP address 127.0.0.1. This IP is called Localhost, and the connection is made locally. That is, any program, such as a browser, connects to the same device on which it is running. Next, a connection is established between the local Shadowsocks component and the server, and in this connection, the traffic is already encrypted.

More details can be found in the video about bypassing the Great Firewall of China.

You can connect other applications to Shadowsocks, and the proxy will only work for selected applications. If an application does not support proxies, you can use, for example, Proxifier.

​

​

To install and configure Shadowsocks, you need to have some understanding of connections. What you need to start:

• Buy and configure a VPS server in a country where the desired content is not blocked, or use a ready-made proxy server. You can find them on Shadowsocks proxy websites.
• Client-server. There is a mobile application on Google Play, a PC program can be downloaded for Windows and Linux.

​

​

Then just install and launch the client, then configure the connection to the server: add the server's IP address, port, password, and encryption method.

Shadowsocks offers three connection modes.

1. Direct connection mode does not redirect your traffic through a proxy server. Preconfigured settings for certain applications work in this mode.
2. PAC mode: traffic will go through a proxy server when accessing blocked websites.
3. In global mode, all traffic is redirected through a proxy server.

Shadowsocks is capable of simulating an HTTPS connection to a remote server. This is necessary to mask the traffic. This way, the provider cannot understand what the user is browsing and what restrictions they are bypassing. This trick is possible after installing the simple-obfs traffic obfuscation plugin on the server.

Obfuscation is the masking and confusing of traffic. It can protect it from detection: the provider cannot determine that you are using Shadowsocks. Typically, encryption, variable renaming, adding unnecessary code, or solutions like Cloak, Stunnel, OpenVPN Scramble are used for this purpose.

The Chinese manage to track Shadowsocks usage through passive traffic analysis and active probing, and then block connections, despite obfuscation. First, the firewall looks for possible Shadowsocks connections. Then, in the second stage, it connects to the servers participating in these connections from its own IP addresses, as if it were a Shadowsocks client, and observes the server's responses.

Details on the problem-solving approach can be read on GitHub. But in any case, Shadowsocks still works better than VPN.

Advantages

1) Selective traffic obfuscation. You can specify which traffic to send through the provider and which through Shadowsocks. This allows you to bypass restrictions while maintaining access to some services.

Example: simultaneous operation of sites like Instagram and government online services. The first may be unavailable in your country, and the others only work with local IP addresses. If you use a VPN, you can browse Instagram, but you won't be able to access local services. However, some VPNs support split tunneling. With Shadowsocks, you can solve this problem: you can obfuscate Instagram traffic and simultaneously use other services.

2) Protection against DPI. DPI is a traffic inspection technology for monitoring work with specific applications. Shadowsocks is almost impossible to detect and block because it mimics a regular HTTPS connection. Therefore, the provider cannot detect "non-standard" user behavior.

3) Reliability. Shadowsocks does not disappear even if the connection is lost, if you only configure the connection through it. When the connection to the VPN server is lost, the traffic goes directly, and the provider sees all the information. This problem is partially solved by KillSwitch: an emergency button that cuts off the internet connection. But sometimes it doesn't work or doesn't exist.

4) Good throughput. With proper configuration, Shadowsocks works faster than other encryption methods, such as SSH tunneling and VPN. Approximate speed loss is not more than 3-5%.

5) Universality. There are client programs for any operating systems – Windows, MacOS, Linux (different distributions), Android, and iOS.

6) Reduced computational load during encryption. From the client's point of view, it saves battery life (relevant for mobile devices), and from the server's point of view, it saves on VPS/VDS hosting for Shadowsocks.

7) Cost savings. The cheapest VPS server will suit Shadowsocks. Ideally, if the hosting provider offers unlimited traffic with the use of VPS/VDS. This is much more advantageous than a paid VPN service. You can also use other people's proxies, but options from WannaFlix, 12VPN are much more expensive than your own server, about $10 per month.

For comparison: you can rent a VPS with 5 GB of memory, 0.5 GB of RAM, and unlimited traffic for $0.87. This is quite enough for Shadowsocks. The cheapest VPN services usually cost around $2 per month, which is twice as expensive, and you have to pay for a subscription for 2-3 years in advance. We don't consider free VPNs – they transmit data, limit speed and traffic.

Disadvantages

1) Complexity of use. You need to understand how PCs and connections work, but the configuration fits into 5 lines. VPN is much easier.

2) Risk of reduced connection speed. Depending on the obfuscators used, there is a chance that Shadowsocks will greatly reduce internet speed.

3) Limited application. Shadowsocks can be tried to change the region of Netflix, but this scheme works for a short time: the service monitors different bypass systems. It is also not the most reasonable solution for torrent files: if you rent a server, it is easy to determine your name and location, and then accuse you of copyright infringement.

4) Limited availability. Despite the popularity of Shadowsocks, it is difficult to purchase or connect to reliable VPS servers in some regions.

5) No official audit. Shadowsocks' open-source code has been reviewed by numerous experts. However, it has not undergone an official audit, unlike OpenVPN, for example. An official audit could have been conducted by the OSTIF foundation (Open Source Technology Improvement Fund), which was specifically created to enhance the security of similar projects. At the same time, the Shadowsocks code is quite simple, which creates a risk of distributing counterfeit software packages.

VPN vs Shadowsocks

VPN and Shadowsocks are different tools. The first is a virtual private network, which we wrote about in our blog, and the second is a proxy protocol. Technically, they both:

• Encrypt traffic
• Help bypass restrictions

But Shadowsocks implies simpler encryption and does not provide online anonymity. The project was initially developed not so much for security as for bypassing the Chinese firewall. However, this problem has been partially addressed in ShadowsocksR, which will be discussed at the end of the article. VPNs, on the other hand, usually apply complex AES-256 algorithms.

VPNs often have many additional features. For example, KillSwitch. VPN is a "trojan horse," so if it stops working, the traffic will go directly. In this case, it is easy to compromise the real IP address. KillSwitch protects against this: it instantly disconnects the internet connection if access to the VPN server is lost.

Finally, VPNs have a huge network of servers. You can access the internet from different countries – each time the IP address changes to the country of the selected server.

Conclusion: VPN is more convenient, secure, and easier to use. If you have access to it and it handles the tasks, use it. If you have difficulties, Shadowsocks should solve the problem: it is much better in countries where VPNs are blocked and where restrictions are difficult to bypass. With Shadowsocks, data resembles HTTPS traffic and does not raise suspicion. The use of multiple TCP connections helps achieve high speed. It is more beneficial for simple bypassing restrictions.

Shadowsocks vs VPN

SSR (ShadowsocksR)

Now Shadowsocks has a community and its own website. Therefore, enthusiasts can develop their solutions based on it. For example, after the closure of Shadowsocks in 2015, another developer breakwa11 claimed that SS is easy to detect. He created ShadowsocksR based on Shadowsocks with support for traffic obfuscation. Thus, ShadowsocksR is a fork of the original protocol, written in Python, with traffic obfuscation.

However, users more often recommend using the current version of Shadowsocks-Rust based on the Rust programming language.

Conclusion

Shadowsocks is an affordable and convenient tool for bypassing restrictions. Perhaps it will be useful for someone for connection protection as well. Of course, it includes fewer features than a VPN service but is slightly faster. However, for solving simple tasks, such as restoring access to blocked websites, it is optimal. It is easy to use and configure: there are many instructions available online on how to do everything.