Technology

If you are using WireGuard or OpenVPN to bypass strict firewalls (whether it's a university campus, a corporate network, or a country-wide national firewall), you might have noticed that they are getting blocked faster than ever.

We are currently witnessing a massive shift in how Deep Packet Inspection (DPI) works. The cat-and-mouse game has moved from simple IP blocks to advanced heuristics. Here is a technical breakdown of how modern firewalls catch you, and why traditional VPNs are becoming obsolete for censorship evasion.

Era 1: The Simple Days (IP & Port Blocking) Ten years ago, censorship was simple. Firewalls maintained blacklists of IP addresses and blocked standard VPN ports (like UDP 1194 for OpenVPN). The evasion tactic was equally simple: change your server IP or run OpenVPN on TCP port 443.

Era 2: Deep Packet Inspection & SNI Filtering When moving ports wasn't enough, firewalls started looking inside the packets. Whenever you visit a secure website (HTTPS), your browser sends a Server Name Indication (SNI) packet in plaintext before the encryption starts. It literally broadcasts: "Hello, I want to connect to reddit.com." DPI firewalls simply read this SNI and drop the connection.

When you use a traditional VPN, the DPI inspects the handshake. OpenVPN has a highly recognizable packet structure. WireGuard is better, but it has fixed packet lengths and specific byte patterns at the very beginning of the UDP payload. The firewall spots this signature in milliseconds and drops the traffic.

Era 3 (Present): Active Probing & ML Fingerprinting This is where it gets scary. Modern firewalls (like the Great Firewall of China or advanced corporate systems) no longer rely purely on static signatures. They use Active Probing and Machine Learning.

Entropy Analysis: VPN traffic is heavily encrypted, meaning the data looks like pure random noise (high entropy). Normal web browsing (HTTPS) has specific patterns of entropy. Firewalls now flag connections that look "too random" for too long. Packet Size and Timing: When you watch a YouTube video, the packets flow in a specific rhythm (large bursts followed by pauses). When you type in an SSH terminal, it’s tiny packets with long delays. ML algorithms analyze the sequence of packet sizes and timing to guess what you are doing inside the encrypted tunnel. They can easily fingerprint a WireGuard connection just by how it "breathes." Active Probing: If a firewall suspects you are running a hidden proxy on a VPS, it will instantly send its own crafted requests to your server. If your server responds in a way that confirms it's a proxy (or just drops the connection weirdly), the firewall blacklists your IP immediately. The Solution: Plausible Deniability via TLS Mimicry To survive Era 3, your traffic cannot look like a VPN. It must look exactly like the most boring, standard traffic on the internet: A normal user browsing a normal website via HTTPS.

This is the philosophy behind next-generation protocols like VLESS + Reality. Instead of using custom VPN protocols, Reality hides your traffic inside a standard TLS 1.3 connection.

Destination Mimicry: The proxy server masquerades as a legitimate, allowed domain (e.g., www.microsoft.com). Zero Fingerprints: It eliminates custom TLS fingerprints (like JA3/JA4). When the firewall inspects the connection, it sees a valid TLS Client Hello and a mathematically perfect certificate response from "Microsoft." Resistance to Probing: If the firewall actively probes your server, the server acts exactly like the mimicked website. The firewall leaves you alone, assuming you are just downloading Windows updates. Conclusion We are entering an era where encryption is not enough; you need obfuscation. If you are self-hosting, I highly recommend looking into the Sing-box core and moving away from WireGuard if you face active DPI blocks.

A quick note: I've been so obsessed with TLS obfuscation recently that I decided to build a minimalist service around it for people who don't want to manage their own VPS. It's called Celestride — a passwordless, zero-log Reality proxy. If you are struggling with university or corporate firewalls blocking your VPN, we have a free 5-day trial, I'd love to hear how it performs against your local DPI!

Let me know what you guys think about the future of obfuscation in the comments. Are you still surviving with standard WireGuard?

cross-posted from: https://lemmy.ml/post/48865817

After many months of design, development, gathering feedback, and testing, today we’re releasing a big update with Mastodon 4.6. The headliner of this release is Collections, a way to create and share curated collections of profiles. Part of Mastodon’s work ethos is our commitment to trust and safety, so we’ve put a lot of thought and care into the design of this feature to avoid some of the pitfalls and abuse people have experienced with similar features on other platforms, while focusing on its primary goal: Helping new users discover more of the Fediverse.

The Firefox 152.0 release binaries are now available ahead of tomorrow's official unveiling. With Firefox 152 there is now the JPEG-XL support code being compiled by default for the release albeit still disabled at run-time by default behind a preference for now.

Merged for the Firefox 152 release cycle was this change to now build the JPEG-XL image format support code by default on the beta and release builds of Firefox. Previously it was only enabled as standard on Firefox Nightly builds. Those interested in JPEG-XL on Firefox for now still need to go to the Firefox Labs to enable the preference but at least for beta/release builds the support is now compiled by default to ease the experimental testing.

cross-posted from: https://lemmy.ml/post/48812123

KDE Plasma is a popular desktop (and mobile too) environment for GNU/Linux and other UNIX-like operating systems. In addition to other hardware, it also powers the desktop mode of the Steam Deck gaming handheld. The KDE community today announced the latest release: Plasma 6.7.

This new major release brings back the Oxygen and Air themes from the KDE 4 era, including the Horos wallpaper. The ability to switch virtual desktops independently for each output/display was added. It is now easier to toggle between light and dark mode directly from the Brightness & Color widget. You can now test microphones from the audio settings, and assign a custom global keyboard shortcut for "push-to-talk" microphone un-mute. If you have Plasma keyboard enabled and a physical keyboard key is long-pressed a selection of related special characters is presented to choose from. When it comes to printing it is now much easier to connect to shared printers on Windows networks, and a new print queue management tool offers more power than ever before. Vietnamese lunar calendar was added, and you can now select the default system calendar application. It is now possible to set mouse and tablet stylus pointers to be synced. ICC color profile can now be applied when HDR mode is active. Graphical performance has been improved and power usage lowered for CPU-rendered applications, some full-screen applications and on Intel graphics hardware. This release also features an experimental preview of the Union theming engine, which is based on web-like CSS definitions and will make creating and using new themes easier in the future.

For complete list of new features and changes check out the KDE Plasma 6.7 release announcement and the complete changelog.

Posts on Reddit suggest that some customers who upgraded their accounts after Fable’s release are being offered refunds.

One Reddit post shows what looks like an email sent to the customer from Anthropic, informing them access to Fable 5 has been withdrawn and offering a “prorated refund” if they click a link and select the option to cancel their plan by June 20.

The email states that “refunds are only available to eligible people who purchased a plan or upgraded their plan between 10:00 AM PDT on June 9, 2026, and 12:00 AM PDT on June 14, 2026." Fable was released on June 9.

A tiny snippet of user-generated text as short as 13 words long is often enough to manipulate the AI agents that power tools like ChatGPT and Google’s AI search, new research shows. The study suggests that it is trivially easy for brands to inject promotional content on sites like Reddit, Quora, and Wikipedia with the end goal of poisoning or manipulating the output of AI tools.

The preprint research, done by Hal Triedman, Tingwei Zhang, and Vitaly Shmatikov of Cornell University, is called “Deep-research agents can be poisoned via user-generated content” and provides a mechanism and research basis for a problem that has been noticed by Reddit moderators and Wikipedia editors, namely that their websites are getting flooded with promotional content from brands trying to do AEO, or AI-engine optimization. 404 Media has repeatedly reported on this booming industry, in which brands try to promote their product by seeding the websites that AI tools most often cite and scrape from with inauthentic and spammy content.

The Cornell research finds that deep research agents, which are the real-time scrapers that tools like Google AI search and ChatGPT use to retrieve web content with citations in response to user queries, cite user-generated content from sites like Reddit or Wikipedia in roughly half of all queries, and that nearly a quarter of all citations come from user-generated websites. The paper suggests that what we have been seeing is basically Redditor suggests you put glue on your pizza as a service, or an end-to-end attack against the systems that increasingly dominate the ways that people access information online. The researchers found that “a single poisoned Reddit comment can influence generated outputs for an entire cluster of related [AI] queries,” the paper said.

“We show that a tiny snippet—just 13 words—of retrieved text on a UGC website like Reddit, Wikipedia, Quora, Facebook, etc. can change AI agents to output spam / scam content pretty consistently,” Triedman told 404 Media.

The Trump administration’s decision to halt all foreign use of Anthropic’s most-capable AI models was prompted by conversations between Amazon.com AMZN -1.23%decrease; down pointing triangle Chief Executive Andy Jassy and U.S. officials including Treasury Secretary Scott Bessent, people familiar with the matter said.

Researchers at Amazon had used a series of prompts to get Anthropic’s Fable 5 model to provide them with information that could be used to aid cyberattacks and was supposed to be off-limits, Jassy told the officials, according to people familiar with the matter. Tech industry executives have been in regular touch with the administration about the power of cutting-edge AI tools.

X has refused to take down dozens of social media posts reported as “hate, abuse or harassment” in which prominent UK politicians, including Kemi Badenoch, have been racially abused.

In May, researchers from the social inclusion thinktank British Future reported 30 posts from this year in which the Conservative party leader was called the N-word. In each case the researchers used the platform’s “hate, abuse or harassment” reporting option. X refused to act in the majority of cases, despite repeated requests.

The Guardian understands X routinely takes action only when posts are reported to it as illegal under the UK’s Online Safety Act. In those cases, it restricts visibility in the UK, leaving the post unrestricted in other jurisdictions.

cross-posted from: https://piefed.world/c/tech/p/1194305/ai-s-biggest-impact-in-healthcare-is-in-revenue-optimization-used-to-raise-your-medical

Comments

• Reddit.