Taxonomy
The controlled vocabularies that all paper records tag against. Adding a term: edit schema/taxonomy.yaml and open a PR.
Censors
- ae United Arab Emirates
synonyms: UAE, AE- by Belarus
synonyms: BY- cn China (Great Firewall)
- Encompasses GFW operator infrastructure across China Telecom,
China Unicom, China Mobile, and the smaller carriers. Distinct
from corporate or campus filtering inside China.
synonyms: GFW, Great Firewall, China - cu Cuba
synonyms: CU- et Ethiopia
- Identified as a Geedge / TSG export customer in the 2025 Geedge/MESA
leak. Belt-and-Road framework deployment.
synonyms: ET - generic Generic / not censor-specific
- Use for technique papers that don't evaluate against a specific censor.
- gr Greece
synonyms: GR- in India
synonyms: IN- ir Iran
- Includes intermediate ISPs (TCI, MCI, Irancell, Rightel, etc.).
Implementation is heterogeneous across ISPs and changes during
events like the June 2025 nationwide shutdown.
synonyms: IR, TCI, MCI, Mokhaberat - kp DPRK (North Korea)
synonyms: KP, DPRK, North Korea- kz Kazakhstan
synonyms: KZ- mm Myanmar
- Post-2021 coup the military regime deployed Chinese GFW-derived
surveillance via Geedge Networks under the Belt and Road framework.
Per the 2025 Justice for Myanmar report.
synonyms: MM, Burma - pk Pakistan
- Surveillance and filtering infrastructure built with Chinese
vendor technology (Geedge/MESA-derived) plus European and Emirati
products. Per the 2025 Amnesty report.
synonyms: PK - ru Russia (TSPU / Roskomnadzor)
synonyms: RKN, Roskomnadzor, TSPU- sa Saudi Arabia
synonyms: KSA, SA- sy Syria
synonyms: SY- tm Turkmenistan
synonyms: TM- tr Turkey
synonyms: TR- uz Uzbekistan
synonyms: UZ- ve Venezuela
synonyms: VE
Detection techniques
- active-probing Active probing
- Censor-initiated connections to suspected proxy endpoints to confirm the protocol before blocking. Hallmark of GFW since 2012; now seen in IR and RU.
- asn-blackholing ASN / prefix blackholing
- bgp-hijack BGP / route manipulation
- AS-level interference: prefix withdrawal, hijacking, or null-routing from the censor side.
- dns-poisoning DNS injection / poisoning
synonyms: DNS injection, DNS spoofing- dpi Deep Packet Inspection
- Inspecting payload bytes beyond the TCP/IP headers.
- esni-eh-blocking Encrypted ClientHello / ESNI blocking
synonyms: ECH blocking, ESNI blocking- flow-correlation Flow-correlation traffic analysis
- Matching flows across two observation points by timing/volume signatures.
- fully-encrypted-detect Fully-encrypted protocol detection
- Generalization of random-payload-detect: detect any protocol where the entire byte stream looks uniformly random. (USENIX 2023.)
- http3-quic-block QUIC / HTTP/3 blocking
synonyms: QUIC blocking, HTTP/3 blocking- ip-blocking IP-list blocking
synonyms: IP blocking, blocklist- keyword-filtering Keyword filtering
- Censor blocks or modifies traffic based on appearance of specific keywords (URLs, social-media posts, search queries). Common in CN platform-side moderation.
- measurement-platform Censorship measurement platform
- Methodology / tooling for measuring censorship at scale (OONI, ICLab, Iris, Quack, Encore, Censored Planet, etc.).
- middlebox-interference Middlebox / TCP normalization
- Censor middleboxes mangling/normalizing TCP that interferes with circumvention.
- ml-classifier ML / statistical classifier
- Supervised or unsupervised classifiers run over flow features.
- packet-injection Packet injection (general)
- Any in-path injection beyond DNS/RST: HTTP redirects, blockpages, etc.
- port-blocking Port-based blocking
- random-payload-detect Random / high-entropy payload detection
- Censors flag flows whose first N bytes have entropy higher than typical legitimate protocols. The original GFW shadowsocks detection used this.
- rst-injection TCP RST injection
synonyms: RST injection, connection reset- sni-blocking SNI-based blocking
- Classifying or dropping TLS connections based on the SNI extension in ClientHello.
synonyms: SNI filtering - throttling Throttling / bandwidth shaping
- Censor degrades a flow's throughput rather than blocking it outright.
- tls-fingerprint TLS ClientHello fingerprinting
- JA3/JA4-style cipher-suite ordering, extensions, GREASE patterns.
- traffic-shape Traffic-shape / statistical fingerprinting
- Classification by packet-size and inter-arrival-time distributions.
- website-fingerprint Website fingerprinting
- Identify the destination website behind an encrypted tunnel from packet-size / timing patterns.
Defenses
- amnezia-wg AmneziaWG (obfuscated WireGuard)
- amp-cache AMP cache proxying
- anytls AnyTLS
- bridges Bridges / private relays
- Unlisted relays a censored client connects to first; Tor bridges, Snowflake bridges, etc.
- cloak Cloak
- Multiplexed pluggable transport that hides traffic behind a real TLS website.
- conjure Conjure / refraction-extension
- Refraction-networking variant using unused IP space.
- decoy-routing Decoy routing
synonyms: refraction networking- dns-tunneling DNS tunneling
synonyms: DNSTT, iodine- domain-fronting Domain fronting
- Use a CDN as the apparent destination; route to actual destination via the CDN's HTTP routing.
- dust Dust (Wiley 2011 pluggable transport)
- Brandon Wiley's blocking-resistant Internet transport protocol; randomized handshake predecessor to obfs / ScrambleSuit lineage.
- ech-esni Encrypted ClientHello / ESNI
- Hide the SNI value from the censor, defeating SNI-based blocking.
synonyms: ECH, ESNI - format-transform Format-transforming encryption
synonyms: FTE- geneva Application-Layer Geneva
- Programmatic packet manipulation derived from genetic search (Geneva).
- hysteria2 Hysteria 2 (QUIC-based)
- marionette Marionette / format-transforming encryption
- Programmable protocol mimicry via formal language descriptions (FTE / Marionette family).
- meek Meek (HTTP-based pluggable transport)
- meta-resistance Meta-circumvention / framework
- Papers about how to design circumvention systems generally — turbo-tunnel, Proteus, Marionette, programmable-protocols framings.
- mimicry Protocol mimicry
- Make the proxy traffic look like a known-allowed protocol (HTTP, TLS, QUIC, etc.).
- obfs4 obfs4 (randomized handshake)
- pluggable-transport Pluggable transport (Tor PT framework)
- Generic Tor Pluggable Transports framework abstraction; the bucket for transports without a more specific tag (Lyrebird, FTE, Marionette, etc.).
- protocol-versioning Versioned protocol upgrade
- Backward-compatible protocol versioning so changes can roll out without orphaning users.
- randomization Traffic randomization / shaping
- Hide the underlying protocol by deliberate randomization of size/timing/payload.
- reality REALITY (TLS handshake forwarding)
- reverse-tls Server-initiated TLS
- The server (rather than the client) initiates the TLS handshake, defeating active-probing detectors that send a probe ClientHello to suspected proxies.
- rotating-spki Rotating server SPKI / fingerprint
- scramblesuit ScrambleSuit
- Polymorphic network protocol; predecessor to obfs4.
- shadowsocks Shadowsocks family
- steganography Steganography
- Hide circumvention traffic inside an unrelated cover-channel (image, audio, VoIP, blockchain, etc.).
- tapdance TapDance
- Refraction-routing variant operating at the transport layer.
- telex Telex
- Original decoy-routing scheme; subsumed by Refraction Networking.
- tor Tor (onion routing)
- Use as a defense tag when the paper specifically evaluates Tor or its bridges, beyond using Tor as plumbing.
- trojan Trojan (TLS-mimicking)
- tunneling Tunneling inside an allowed protocol
synonyms: domain fronting, tunneling- vless VLESS (V2Ray)
- vmess VMess (V2Ray)
- water-wasm WATER (WASM-based pluggable transports)
- webrtc-pluggable WebRTC-based pluggable transport
synonyms: Snowflake, broflake, Unbounded
Evaluation methods
- controlled-deployment Controlled production deployment
- formal-analysis Formal / model-based analysis
- measurement-study Network measurement study
- ml-evaluation Machine-learning classifier evaluation
- simulation Simulation / emulation
Visibility levels
- community Community
- Shared in confidence among circumvention-tool developers; not for public consumption.
- embargoed Embargoed
- Will become public on a known date (requires embargo_until field).
- internal Internal
- Lantern team only — partner draft, NDA'd document, leaked material, etc.
- public Public
- Published openly, may appear on the public MCP endpoint.