>A far greater danger is DPI that use statistical analysis to detect possible tunnels.
That's only an issue if there's a blanket ban on tunneling/proxies. While it's a problem in authoritarian regimes (eg. china, kazakhstan), it's not an issue in most western countries. I haven't heard of any western countries banning VPNs (yet).
>The current best is [...]
The timing information would still be suspicious. Most people aren't constantly checking their gmail/facebook multiple times a second, but normal browsing would generate packets with that frequency. It's really only undetectable if you're sending/receiving messages (eg. IM or email). A better candidate might be multiplayer game traffic. They provide a consistent stream of bits[1] to hide data in. If you're willing to set your tunnel's bandwidth to a few kilobytes a second (throttling if there's too much data, sending decoy packets if there's too little), it'd be very hard to detect any anomalies.
> Defeating chunking would require additional memory + compute power on the DPI boxes, which I suspect ISPs don't want to bear.
It depends. ISP may be willing to spend more, if they gain more or are forced by governments to do that.
Even as is, the proposed method is still too easy to defeat, especially with IP bans: if the ISP really doesn't want to let youtube.com work, all the A and AAAA records will be blacklisted
> The timing information would still be suspicious.
> It's really only undetectable if you're sending/receiving messages
Indeed, so the suggestion was to use the draft folder and FB messenger.
A better method would rotate the whitelisted websites- like using mostly gmail for 20 minutes, then facebook for 1h, etc. and of course only "on demand" so that traffic does not occur 24/7
For multiplayer game, the audio channel already provides a very simple method to stream more than a few kb per seconds.
addressed here: https://news.ycombinator.com/item?id=22656122
>A far greater danger is DPI that use statistical analysis to detect possible tunnels.
That's only an issue if there's a blanket ban on tunneling/proxies. While it's a problem in authoritarian regimes (eg. china, kazakhstan), it's not an issue in most western countries. I haven't heard of any western countries banning VPNs (yet).
>The current best is [...]
The timing information would still be suspicious. Most people aren't constantly checking their gmail/facebook multiple times a second, but normal browsing would generate packets with that frequency. It's really only undetectable if you're sending/receiving messages (eg. IM or email). A better candidate might be multiplayer game traffic. They provide a consistent stream of bits[1] to hide data in. If you're willing to set your tunnel's bandwidth to a few kilobytes a second (throttling if there's too much data, sending decoy packets if there's too little), it'd be very hard to detect any anomalies.
[1] random search: https://youtu.be/8Kvj5TZNNJ4?t=1080