TE
TechEcho
Home24h TopNewestBestAskShowJobs
GitHubTwitter
Home

TechEcho

A tech news platform built with Next.js, providing global tech news and discussions.

GitHubTwitter

Home

HomeNewestBestAskShowJobs

Resources

HackerNews APIOriginal HackerNewsNext.js

© 2025 TechEcho. All rights reserved.

Proton announces release of a new VPN protocol, "Stealth"

190 pointsby theschmed9 months ago

24 comments

kelsey987654319 months ago
Don&#x27;t trust companies that save and hand over data. Don&#x27;t trust proprietary security solutions. If this is literally just TLS based vpn wrapping, it&#x27;s no different from using an onion bridge to get to your VPN endpoint. Proton gives data to federal agencies. Proton keeps user data. Proton removed their warrant canary. Use something better.<p>EDIT: If you want a truly safe VPN, you will need to do some work on both adversary modeling and technical implementation. If you are just worried about your ISP (filesharing of legally protected digital backups), use whatever. If you are worried that your data may be collected by your VPN provider, use a series of tor&#x2F;vpn multihop. If you are a paranoid mf, use a privacy coin to purchase a VPS and then connect to it via tor on a public wifi network, set up a .onion hidden service for your ssh&#x2F;chisel&#x2F;etc port, connect over tor to forward your tunnel port to localhost, use that tunnel to connect to a multihop VPN system. Suggestions include mullvad, PIA, cryptostorm, whatever you want really. Throw a VPS with generic openvpn in the middle of your multi-provider hops, again paid in a privacy coin. Pay a homeless man to colocate a physical server that has DRAC and luks along with something like AMD TSME, then run containerized multihop there aswell.<p>Basically if you want something done right, at least do some of it yourself.
评论 #41174520 未加载
评论 #41175183 未加载
评论 #41173609 未加载
评论 #41174217 未加载
评论 #41174403 未加载
评论 #41175915 未加载
评论 #41174275 未加载
评论 #41177896 未加载
评论 #41176201 未加载
评论 #41174914 未加载
评论 #41174353 未加载
评论 #41173614 未加载
评论 #41173874 未加载
WhatsName9 months ago
&gt; Without going into too much detail, Stealth also establishes VPN connections in a specific and unique way that avoids alerting internet filters.<p>I began mistrusting Proton some time ago with their hit piece on RAM-only VPN server confirming my bias.<p>Let&#x27;s assume any adversary interested in reversing that new protocol, what&#x27;s the point of not being transparent on how this new and fancy obfuscation works.<p>The TOR project has a lot of innovation in censorship circumvention[1] while still being transparent to their userbase.<p>[1] <a href="https:&#x2F;&#x2F;snowflake.torproject.org&#x2F;" rel="nofollow">https:&#x2F;&#x2F;snowflake.torproject.org&#x2F;</a>
评论 #41173715 未加载
tuetuopay9 months ago
It will be interesting how robust this new protocol is against traffic pattern analysis. A regular HTTPS connection has different patterns over time than a VPN, mainly because it carries only HTTPS and not all of the machine’s traffic; and only for a specific &quot;website&quot; (simplification here) instead of bundling the whole web to a &quot;single server&quot;. The latter may be easier to evade, but the former will be hard.<p>Anyways kudos to them, and I can’t wait to see how it fares against China’s GFW.
评论 #41173646 未加载
pzmarzly9 months ago
Is there a good comparison of &quot;undetectable&quot; VPN protocols? Wireguard[0], Shadowsocks[1], VLess[2], VMess[3], Trojan[4], etc. All of them seemed to work for me during my recent trip to China.<p>[0] The article says Wireguard is easy to block, but in my experience GFW lets it through.<p>[1] <a href="https:&#x2F;&#x2F;shadowsocks.org" rel="nofollow">https:&#x2F;&#x2F;shadowsocks.org</a><p>[2] <a href="https:&#x2F;&#x2F;xtls.github.io&#x2F;en&#x2F;development&#x2F;protocols&#x2F;vless.html" rel="nofollow">https:&#x2F;&#x2F;xtls.github.io&#x2F;en&#x2F;development&#x2F;protocols&#x2F;vless.html</a><p>[3] <a href="https:&#x2F;&#x2F;xtls.github.io&#x2F;en&#x2F;development&#x2F;protocols&#x2F;vmess.html" rel="nofollow">https:&#x2F;&#x2F;xtls.github.io&#x2F;en&#x2F;development&#x2F;protocols&#x2F;vmess.html</a><p>[4] <a href="https:&#x2F;&#x2F;trojan-gfw.github.io&#x2F;trojan&#x2F;protocol" rel="nofollow">https:&#x2F;&#x2F;trojan-gfw.github.io&#x2F;trojan&#x2F;protocol</a>
评论 #41173740 未加载
评论 #41175608 未加载
评论 #41173463 未加载
olalonde9 months ago
It seems their Android app is open source... Maybe the protocol could be reverse engineered?<p><a href="https:&#x2F;&#x2F;github.com&#x2F;ProtonVPN&#x2F;android-app">https:&#x2F;&#x2F;github.com&#x2F;ProtonVPN&#x2F;android-app</a><p>PS: Tried their free plan in China and it won&#x27;t connect (&quot;Connection Timeout&quot;). In fact, I had to use another VPN to get past their app&#x27;s loading screen (guessing it got stuck while doing a request to their server)...
评论 #41174319 未加载
SahAssar9 months ago
Is this just a brand name for tunneling traffic over TLS on port 443 (which has been a thing for decades) or am I missing something here?
评论 #41176274 未加载
tptacek9 months ago
&quot;Stealth&quot; isn&#x27;t a property of core VPN tunneling protocols --- establishing a secure channel is. Stealth is something you&#x27;d build on a transport underneath a VPN protocol. Completely replacing WireGuard or IPSEC just to beat DPI seems pretty silly.
评论 #41175651 未加载
apitman9 months ago
This is too light on details to determine if there&#x27;s anything interesting here. Similar to others, these are my main concerns:<p>* Is this an open protocol?<p>* I would like to see a detailed comparison to similar solutions<p>* Looks like it&#x27;s TCP so head-of-line blocking may cause performance issues.<p>* What prevents entities from detecting that all your traffic is going to a single endpoint, or just blocking known VPN servers directly?
daft_pink9 months ago
Will it work in China? You guys go back and forth about whether you trust VPN companies, but for me I’m just looking for something that works with 100% reliability in China.
nasaeclipse9 months ago
Does it work in China?<p>I would think it would&#x27;ve been best to keep this update &quot;silent&quot;, so to speak, to avoid letting said parties know of this new protocol.
评论 #41173438 未加载
评论 #41173664 未加载
causal9 months ago
Awesome.<p>Question though: don&#x27;t most VPN filters simply block a list of all known VPN endpoints? Maybe I missed something but I don&#x27;t see how Proton&#x27;s Stealth evades this simple filter?
评论 #41178285 未加载
评论 #41176296 未加载
_rs9 months ago
Is there documentation for the protocol anywhere, or is this going to be a proprietary protocol to Proton that doesn’t gain much adoption outside of their users? If their claims are true this could be a great alternative for certain use cases
sinkasapa9 months ago
I use protonvpn because I pay for protonmail. It is frustrating because I feel like I need to pay another VPN provider to get decent service. The client is ridiculously unstable and doesn&#x27;t have the features found on other platforms. If you&#x27;re not already using their mail services, use linux, and don&#x27;t like being snubbed despite being a paying customer, look for another provider. Note that the stealth mode is not available for linux, just another way to tell their linux customers that they don&#x27;t matter.
dtx19 months ago
Providers like petfect privacy have offered stuff like this for over a decade and they, like others, don&#x27;t advertise their blatant misunderstandings[0] of the threat models people in censored countries face. I don&#x27;t see why this is being shilled here so much, it&#x27;s as close to an obvious honeypot as you&#x27;ll ever see.<p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41079157">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41079157</a>
thayne9 months ago
&gt; Stealth does this by using obfuscated TLS tunneling over TCP. This is different from most popular VPN protocols that typically use UDP<p>The reason most VPN protocols use UDP is for performance. With TCP, a single blocked packet can delay multiple streams. And fwiw, openvpn supports using TLS over TCP, but it is less performant than udp.<p>I would be more interested in a protocol that uses quic and looks like http&#x2F;3
评论 #41174052 未加载
xezzed9 months ago
Friend of mine just tried this in Russia. DOESN&#x27;T WORK
评论 #41175804 未加载
评论 #41187813 未加载
评论 #41175118 未加载
saurik9 months ago
This was &quot;published&quot; now, but this same URL was discussed two years ago here about the same thing?<p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=33170028">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=33170028</a>
评论 #41175808 未加载
xeromal9 months ago
I&#x27;m interested to try this out for a game I&#x27;m banned from. My little brother did a thing little brothers tend to do (lol) and I got caught in the crossfire. This is my baseline test for all VPN services.
评论 #41173393 未加载
评论 #41173799 未加载
评论 #41173631 未加载
评论 #41174032 未加载
gr4vityWall9 months ago
This sounds more like a press release for a company than a technical overview of the protocol. Is there a reference implementation available?
commandersaki9 months ago
How does it address TCP over TCP reliability layer collision?<p>Reference: <a href="https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20230310043036&#x2F;http:&#x2F;sites.inka.de&#x2F;bigred&#x2F;devel&#x2F;tcp-tcp.html" rel="nofollow">https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20230310043036&#x2F;http:&#x2F;sites.inka....</a>
brewdad9 months ago
I mainly use Proton to get around geo-blocks. FWIW, I tried this new protocol out on BBC iPlayer and it failed horribly. I tried the Wireguard UDP I normally use and streamed without any problem. It&#x27;s a single data point but if the goal is to avoid sites knowing you are on a VPN, it isn&#x27;t fit for purpose.
评论 #41187826 未加载
hypeatei9 months ago
&gt; in the constantly evolving battle for online freedom, our work is not finished.<p>I&#x27;m assuming this boils down to a cat and mouse game, then? E.g. popular firewalls patch this and Proton releases an update to bypass filters?<p>Also, couldn&#x27;t access this site directly because of corporate firewall, how ironic.
okneil9 months ago
I wonder what differentiates this from something like Stunnel?
评论 #41173637 未加载
KomoD9 months ago
Do we really need yet another VPN protocol?
评论 #41178294 未加载