Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Integrate In-App Internet censorship circumvention #4989

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

Cuthead
Copy link

@Cuthead Cuthead commented Sep 27, 2024

What does this do?

  1. Add a DNS-over-HTTPS resolver for all network requests by OkHttp; fallback to system DNS if not available. Currently I use Wikimedia DNS. This is always enabled.

  2. Add a SSLSocketFactory for removing HTTPS SNI to bypass Deep Packet Inspection; this can be enabled in settings.

IP blocking is not considered. Recent days, WMF somehow changed their GeoDNS so that requests from China would get a not yet blocked IPv4 address. And no IPv6 address is blocked currently, and for a long time. As a result, this patch enables access to Wikipedia without any VPN or proxy for China.

Why is this needed?

For users in suppressing countries like China.

Phabricator:
https://phabricator.wikimedia.org/T327286

@dbrant
Copy link
Member

dbrant commented Sep 27, 2024

Thanks!
I'm not sure we're ready at a product level to have this feature be part of the app. I would suggest continuing the conversation in the Phabricator task until it's officially prioritized as a feature.

Some additional thoughts on the subject, specific to the Android case:

  • China blocks not just Wikipedia, but also the Google Play Store, as well as F-Droid. Even if we build this feature into the app, how would users acquire the app to begin with?
  • Android 9 and above has a system-wide setting for configuring Private DNS, which eliminates the need for individual apps to implement it themselves.

@Cuthead
Copy link
Author

Cuthead commented Sep 27, 2024

China blocks not just Wikipedia, but also the Google Play Store, as well as F-Droid.

F-Droid client embedded many mirrors, and some Chinese universities even provided their own F-Droid mirror. None of them is blocked. GitHub itself is neither.

Even if we build this feature into the app, how would users acquire the app to begin with?

As I've mentioned in the phab ticket, it's about open proxy policy. Even if users can download Wikipedia app using a VPN, they cannot edit it. They have to manually register an account and apply for IPBE permission.

Android 9 and above has a system-wide setting for configuring Private DNS, which eliminates the need for individual apps to implement it themselves.

Of course. But I want it functional out-of-box.

@Zig-Rust-Odin
Copy link

hello Cutgead
I tried your build. It didn't bypass Internet censorship.

Only two solutions

  1. something like https://github.com/UjuiUjuMandan/EhViewer
  2. Integrate DPI

@Cuthead
Copy link
Author

Cuthead commented Oct 31, 2024

It didn't bypass Internet censorship.

Hi Odin,

Someone at the phabricator ticket has pointed out that the GeoDNS was reverted. A possible workground is to add IP connectivity check, otherwise it only works for IPv6 now.

Another user also said the IP cat and mouse game is not resistant.

It seems your linked application relies on Cloudfalre network.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

3 participants