What is Shadowsocks? The underground VPN alternative that …
This summer Chinese authorities deepened a crackdown on virtual private networks (VPNs)—tools that help internet users inside the mainland access the open, uncensored web. While not a blanket ban, the new restrictions are shifting the services out of their legal grey area and further toward a black one. In July alone, one popular made-in-China VPN abruptly ceased operations, Apple removed dozens of VPN apps from its China-facing app store, and some international hotels stopped offering VPN services as part of their in-house the government was targeting VPN usage well before the latest push. Ever since president Xi Jinping took office in 2012, activating a VPN in China has been a constant headache—speeds are slow, and connectivity frequently lapses. Especially before major political events (like this year’s upcoming party congress in October), it’s not uncommon for connections to drop immediately, or not even form at response to these difficulties, China’s tech-savvy programmers have been relying on another, lesser-known tool to access the open internet. It’s called Shadowsocks, and it’s an open-source proxy built for the specific purpose of jumping China’s Great Firewall. While the government has made efforts to curb its spread, it’s likely to remain difficult to is Shadowsocks different from a VPN? To understand how Shadowsocks works, we’ll have to get a bit into the cyberweeds. Shadowsocks is based on a technique called proxying. Proxying grew popular in China during the early days of the Great Firewall—before it was truly “great. ” In this setup, before connecting to the wider internet, you first connect to a computer other than your own. This other computer is called a “proxy server. ” When you use a proxy, all your traffic is routed first through the proxy server, which could be located anywhere. So even if you’re in China, your proxy server in Australia can freely connect to Google, Facebook, and the the Great Firewall has since grown more powerful. Nowadays, even if you have a proxy server in Australia, the Great Firewall can identify and block traffic it doesn’t like from that server. It still knows you are requesting packets from Google—you’re just using a bit of an odd route for it. That’s where Shadowsocks comes in. It creates an encrypted connection between the Shadowsocks client on your local computer and the one running on your proxy server, using an open-source internet protocol called is this different from a VPN? VPNs also work by rerouting and encrypting data. But most people who use them in China use one of a few large service providers. That makes it easy for the government to identify those providers and then block traffic from them. And VPNs usually rely on one of a few popular internet protocols, which tell computers how to talk to each other over the web. Chinese censors have been able to use machine learning to find “fingerprints” that identify traffic from VPNs using these protocols. These tactics don’t work so well on Shadowsocks, since it is a less centralized system. “Each person can configure it to look like their own thing. That way everybody’s not using the same protocol. ”Each Shadowsocks user creates his own proxy connection, and so each looks a little different from the outside. As a result, identifying this traffic is more difficult for the Great Firewall—that is to say, through Shadowsocks, it’s very hard for the firewall to distinguish traffic heading to an innocuous music video or a financial news article from traffic heading to Google or some other site blocked in Weese, a Hong Kong-based privacy advocate, likens VPNs to a professional freight forwarder, and Shadowsocks to having a package shipped to a friend who then re-addresses the item to the real intended recipient before putting it back in the mail. The former method is more lucrative as a business, but easier for authorities to detect and shut down. The latter is makeshift, but way more ’s more, tech-savvy Shadowsocks users often customize their settings, making it even harder for the Great Firewall to detect them wholesale. “People use VPNs to set up inter-company links, to set up a secure network. It wasn’t designed for the circumvention of censorship, ” says Larry Salibra, a Hong Kong-based privacy advocate. With Shadowsocks, he adds, “Each person can configure it to look like their own thing. ”Calling all codersIf you’re a luddite, you’ll probably have a hard time setting up Shadowsocks. One common method to use it requires renting out a virtual private server (VPS) located outside of China and capable of running Shadowsocks. Then users must log in to the server using their computer’s terminal, and enter the Shadowsocks code. Next, using a Shadowsocks client app (there are many, both free and paid), users input the server location and password and access the server. After that, they can browse the internet adowsocks is often difficult to set up because it originated as a for-coders, by-coders tool. The software first reached the public in 2012 via Github, when a developer using the pseudonym “Clowwindy” uploaded it to the code repository. Word-of-mouth spread among other Chinese developers, as well as on Twitter, which has long been a hub for anti-firewall Chinese programmers. A community formed around Shadowsocks. Employees at some of the world’s largest tech companies—both Chinese and international—work together in their free time to maintain the software’s code. Developers have built third-party apps to run it, each touting various custom features. “Shadowsocks is a great invention… Until now, there’s still no evidence that it can be identified and get stopped by the Great Firewall. ”One such developer is the creator behind Potatso, a Shadowsocks client for iOS. Based in Suzhou and employed at a US-based software company, he grew frustrated at the firewall’s block on Google and Github (the latter is blocked intermittently), both of which he relied on to code for work. He built Potatso during nights and weekends out of frustration with other Shadowsocks clients, and eventually put it in the app store. “Shadowsocks is a great invention, ” he says, asking to remain anonymous. “Until now, there’s still no evidence that it can be identified and get stopped by the Great Firewall. ”Not quite underground, not quite above groundIt’s difficult to know how many people use Shadowsocks. The developers for Potatso and Surge, another iOS client, separately told Quartz their paid apps have gathered enough downloads to make for a lucrative hobby on top of other work. But neither could estimate the popularity of the core Shadowsocks, anecdotes suggest that the software has reached at least some people in China who aren’t professional developers. One Shadowsocks user Quartz spoke to says he relies on it to watch videos on Vimeo and YouTube. Both sites are blocked in China, but he visits regularly for his job at a production company. Another Shadowsocks user, 25-year-old Steffie Chao, told Quartz she began using the software four years ago. While preparing to study abroad, she used a VPN to access YouTube and watch university lectures. When her VPN stopped working, she searched for an alternative and discovered Shadowsocks on a Chinese-language internet forum. She ran it on her computer using some rudimentary coding skills she picked up in a the very least, Shadowsocks is widespread enough that Chinese authorities are aware of its existence. The government has made some attempts to clip its wings. In 2015, around the time of a parade in China celebrating the 70th anniversary of WWII, Clowwindy posted a message on Github announcing he had been visited by the police, and would have to stop working on Shadowsocks. And when Apple removed dozens of firewall-jumping apps from its Chinese-facing app store, it didn’t just target VPNs—several Shadowsocks apps were removed as well, including Shadowsocks will continue to live on. That’s in part because the code is open-source, meaning that anyone can maintain, alter it, and release it in a different form (the source code remains on Github, it’s simply more difficult to find there than it was previously) Shadowsocks give us hope for freedom on China’s internet? Yes and the one hand, it’s unlikely that any Shadowsocks app will ever become as widespread as brand-name VPNs, like VyperVPN or AnchorFree. According to Weese, the privacy advocate, Shadowsocks’s underlying technology is difficult to “scale” business-wise compared to a VPN. That means that even though Shadowsocks might be a better tool for jumping the Great Firewall, VPNs will have an advantage when it comes to reaching that there’s a lot of incentive for an enterprising Chinese coder to build and promote a “mainstream, ” easy-to-use Shadowsocks app. After all, if it gets popular enough in China, authorities could take notice, and there could be serious consequences (link in Chinese)—or more government effort towards figuring out how to detect and block adowsocks might not be the “perfect weapon” to defeat the Great Firewall once and for all. But it will likely lurk in the dark for some Huang contributed to reporting.
Shadowsocks for Android – Guides | Mullvad VPN
Unable to surf the entire web because you’re stuck behind a restrictive firewall? Then Shadowsocks might be your answer.
In this Android guide, we’ll walk you through the steps to use this proxy to connect to Mullvad’s servers using the OpenVPN client.
What is Shadowsocks?
Please see our Intro to Shadowsocks guide.
Requirements
To use this guide, you need
an Android device
to have completed our guide on setting up Mullvad on Android before continuing.
Set-up instructions
1. Set up the Shadowsocks app
From the Play Store on your device, search for and install the Shadowsocks app (from TrueNight) or get the Shadowsocks FOSS app from F-Droid
Open the app once it has installed.
Tap on the ☰ menu icon, then Settings.
Tap on Service mode and select Proxy only.
Tap on your device’s back button.
Tap on the plus icon and select Manual Settings.
Tap on Server, change the number to the IP address of one of our bridge servers (uncheck OpenVPN and WireGuard on the Servers page), and click OK. To get the IP address you can ping the hostname, for example ping
Tap on Remote Port, change the number to “443”, and click OK.
Tap on Password, change the entry to “23#dfsbbb”, and click OK.
Tap on Encrypt Method, select CHACHA20, and click OK.
Tap on the checkmark icon to save your settings.
2. Set up the OpenVPN app
First install OpenVPN for Android
Download OpenVPN configuration file for Android from our website and make sure Connect via bridges is checked
Open the OpenVPN for Android app.
Tap on the + icon and tap on import and then select the OpenVPN configuration file that you downloaded in step #2
Tap on the edit icon next to the profile you want to use as your exit location.
In the top menu, tap on ADVANCED, CUSTOM OPTIONS
Add the line: socks-proxy 127. 0. 1 1080
Swipe the top menu until you see ALLOWED APPS. Tap on it.
Make sure that VPN is used for all apps but exclude selected is enabled.
Scroll down the list and enable Shadowsocks.
3. Connect using Shadowsocks
In the Shadowsocks app, select your new configuration and then tap on the connect icon (a paper airplane)
In the OpenVPN app, connect to the server you just finished editing by tapping on the name (not the edit icon) of the profile. The first time you connect to a profile, you will be asked for a username and password:
username – use your Mullvad account number (without any spaces)
password – use the letter m
Both apps should show as being connected. Congrats!
Test your connection with our Connection check. Note that it will only show the OpenVPN exit server, not the Shadowsocks server.
Shadowsocks vs. VPNs — Everything You Need to Know
If you have ever taken interest in the Great Firewall of China, you have probably heard of Shadowsocks. It is often mistaken for a VPN-based technology — but while some of the functions overlap, Shadowsocks and VPNs are two completely different things.
This article will help you understand the different aspects of the two technologies. We will also give you a rundown of each one’s benefits, complete with scenarios where Shadowsocks may be more suitable than a VPN, and vice versa.
What Is Shadowsocks?
An open-source SOCKS5-based proxy project, Shadowsocks is an intermediary that is mainly designed to bypass censorship. It was first released in 2012 by its creator, a Chinese programmer under the pseudonym “clowwindy”.
In 2015, the programmer announced that they were retiring from the project due to pressure from the Chinese police. Since then, Shadowsocks has remained open source, maintained and improved by many collaborators.
How Is Shadowsocks Different from VPN?
There is one major similarity between VPN and Shadowsocks — their ability to connect you to certain websites that are normally off-limits due to government censorship, geoblocks, or otherwise.
Given its original objective of bypassing the Great Firewall of China, Shadowsocks focuses on circumventing traffic restrictions. It utilizes HTTPS, thus disguising traffic so that it can move past the censorship measures in place.
Unlike VPN, Shadowsocks isn’t designed for privacy and anonymity. While both VPN and Shadowsocks encrypt data, Shadowsocks is much more lightweight. VPN uses many layers of military-grade encryption protocols to completely hide the traffic on its servers. Shadowsocks makes data ‘blank’ to look more like HTTPS traffic, so that it can move around unrestricted. It is not hidden, like on VPN, just disguised.
Due to its use of SOCKS5 proxies, Shadowsocks doesn’t send all your traffic through a server, as opposed to VPN. And in contrast to traditional ssh SOCKS5 proxies, Shadowsocks works with multiple TCP connections. The result is much faster speeds compared to the alternatives.
Benefits of Shadowsocks
The biggest advantage of Shadowsocks is its easy setup. The technology is a simple and capable proxy that doesn’t take long to set up and is perfect for accessing restricted content. Shadowsocks is also completely open source, with contributors making improvements regularly.
Another benefit of Shadowsocks is its selective disguising of traffic. You can choose which part of your traffic is affected by Shadowsocks — this makes it possible to access restricted content both inside and outside of your location.
Take the following scenario for example: you are in China and you want to access Gmail. By using Shadowsocks, you can choose the Gmail traffic to be “camouflaged”, thus bypassing the Chinese government’s block.
However, you will still be able to access the China-only websites. By contrast, a VPN would encrypt all traffic to your chosen server, thus making China-exclusive sites unavailable on the same device.
Last but not least, Shadowsocks is very difficult — if not impossible — to detect and block. The masking of traffic to make it appear as HTTPS is the main reason for that.
On the other hand, VPN’s modus operandi and its immense popularity have made it easier for governments and platforms to block the technology or force major corporations to remove VPN products from their stores (Apple removing VPN apps from the Chinese App Store is an example).
Understanding the Threat Model
While Shadowsocks is a great technology for bypassing content restrictions, its functionality beyond that is limited. As such, this superproxy is a viable option only if it fits a certain threat model — your ISP.
What is a threat model? Simply put, it is the reason you are looking for a VPN, VPS or DNS proxy in the first place. There are many aspects of the Internet that may demand a higher level of security — examples of threat models are public Wi-Fi hotspots, ISP-related issues such as data monitoring and logging, keeping your online identity hidden, etc.
Shadowsocks does not help your online privacy and security. You should use it only if your main concern is working around censorship.
Other threat models, which involve keeping your identity well-hidden on the Internet, are areas where Shadowsocks falls short. One could argue that it wasn’t designed for such functionality, and we agree. This is where VPN outshines Shadowsocks.
When Is VPN the Better Choice?
When compared to Shadowsocks, VPN is the “mainstream” technology. It’s widespread and its effectiveness is well-documented and indisputable.
If you are looking for something that will protect your identity online while fully erasing your digital footprint, VPN is your go-to tool. It goes without saying that not every VPN out there is perfect — the sheer number of providers is proof enough that there are both solid and lackluster VPN services on the market.
However, with some research, you can ensure you make the right choice. We reviewed some of the best VPNs currently available, and we made a list of the most reliable providers for your guaranteed privacy, security, and accessibility on the Internet.
The bottom line is that a quality VPN will provide you with everything you need for safe, anonymous, and unrestricted web surfing.
While VPN blocks still exist (and we don’t see them going away in the near future), there are multiple providers out there who have proven that they will continue to find ways to give users around the world what they want, whether it’s access to geographically-limited platforms such as Netflix, HBO, and BBC, or a workaround for government censorships in countries like China and Russia.
If you want to learn more about VPN’s extensive capabilities, we recommend you check out our beginner’s guide.
To sum up, Shadowsocks is a great way of bypassing digital censorship. It was created in a country where this is a rather big issue, but today it has expanded globally thanks to its open-source nature and ease of use.
In the long run, however, VPN is a much more suitable option for you if identity protection and anonymity on the Internet are on your agenda.
To summarize, the best VPNs in 2021 are…
Privacy Alert!
Your data is exposed to the websites you visit!
The information above can be used to track you, target you for ads, and monitor what you do online.
VPNs can help you hide this information from websites so that you are protected at all times. We recommend ExpressVPN — the #1 VPN out of over 350 providers we’ve tested. It has military-grade encryption and privacy features that will ensure your digital security, plus — it’s currently offering 49% off.
Visit ExpressVPN
Frequently Asked Questions about how shadowsocks works
How do you use Shadowsocks?
Set-up instructionsFrom the Play Store on your device, search for and install the Shadowsocks app (from TrueNight) or get the Shadowsocks FOSS app from F-Droid.Open the app once it has installed.Tap on the ☰ menu icon, then Settings.Tap on Service mode and select Proxy only.Tap on your device’s back button.More items…•May 15, 2021
Can Shadowsocks be detected?
This article will explain the Shadowsocks protocol and its use cases. Shadowsocks is a tunneling proxy developed to be free, open-source, and mainly used by Chinese people to bypass the Great Firewall restrictions. While using, it covers your browser traffic only, and it is almost impossible to detect and block it.Apr 7, 2021
Is it safe to use Shadowsocks?
Shadowsocks does not help your online privacy and security. You should use it only if your main concern is working around censorship. Other threat models, which involve keeping your identity well-hidden on the Internet, are areas where Shadowsocks falls short.Oct 19, 2021