Here are notes and highlights from the three news articles.

The Globe and Mail: Leaked files show a Chinese company is exporting the Great Firewall's censorship technology

The leak of internal documents shows that Geedge works directly with governments and ISPs to install products for censorship and surveillance. They offer capabilities including tracking users' locations and network access history, and blocking services and circumvention systems.

…a leak of more than 100,000 internal documents linked to Geedge Networks, a little-known Chinese company that has quietly assumed a key role in developing the Great Firewall and providing similar censorship capabilities to governments around the world…

The files offer a key insight not only into how Geedge exports cutting-edge censorship technology to its authoritarian clients, giving them capabilities they might not otherwise have, but also into the evolution of the Great Firewall itself.

This includes solutions for filtering websites and apps, real-time online surveillance, throttling internet data to certain regions or enacting internet blackouts, identifying anonymous users by their online footprint, and blocking tools used to bypass censorship, including virtual private networks (VPNs).

Geedge is involved in at least five other countries: Kazakhstan, Ethiopia, Myanmar (#369), Pakistan, and an unidentified one known only by the codename A24. Kazakhstan was an early customer after being founded in 2018.

After its founding in 2018, one of Geedge's first clients was the government of Kazakhstan, to whom the company sold its flagship Tiangou Secure Gateway (TSG), which provides functions similar to China's own Great Firewall, monitoring and filtering all web traffic that passes through it, as well as attempts to bypass such censorship.

The same tool has been rolled out in Ethiopia and Myanmar, where it has been instrumental in enabling that country's military junta to enforce a ban on VPNs. In many cases, Geedge works with other private companies, including internet service providers (ISPs) such as Safaricom in Ethiopia, or Frontiir and Ooredoo in Myanmar, to enact government censorship, the documents show. No ISPs that have partnered with Geedge responded to a request for comment.

Myanmar is treated specially in the Justice for Myanmar Silk Road of Surveillance report. Pakistan is treated specially in the Amnesty International Shadows of Control report.

About Pakistan, this Globe and Mail article says that Geedge installed their new systems, including the Tiangou Secure Gateway (TSG), on existing equipment left behind by Sandvine. (Sandvine is now called AppLogic.)

Sandvine quit Pakistan in 2023 amid growing scrutiny of its work there, and was quickly replaced by Geedge, which the documents show apparently utilizing existing Sandvine installations as well as providing new technology to power Islamabad's Web Monitoring System, as the country's national firewall is called.

In a statement, AppLogic said it was not aware of Geedge and any hardware repurposed by the company was off-the-shelf equipment "that does not contain any special capability that is unique to Sandvine's solution."

The article cites the same hiring advertisement that was posted in #369 (comment) that mentions a further four countries: Malaysia, Bahrain, Algeria, and India:

A recent job ad posted by Geedge also mentioned the BRI [Belt and Road Initiative]. That ad sought candidates "able to speak English or another foreign language," and willing to go on three- to six-month business trips to "Pakistan, Malaysia, Bahrain, Algeria, and India."

Besides foreign contries, the documents show Geedge involvement in the Chinese provinces of Xinjiang, Jiangsu, and Fujian. This could be a sign of a more distributed, regional, firewall system, as has been discussed in relation to Henan in threads such as #416 and "A Wall Behind a Wall".

Geedge is closely aligned with MESA, a research lab at the University of the Chinese Academy of Sciences. We have previously mentioned MESA at #471 (comment), in a reading group post about MESA's "SAPP" network analysis platform. Geedge's chief technology officer 郑超 (Zheng Chao) was a co-founder of MESA in January 2012.

Mr. Fang is described proudly in the Geedge documents as "father of the firewall." Other top company personnel, such as chief executive Wang Yuandi and chief technology officer Zheng Chao, are listed as co-authors of papers on internet censorship and creator of patents applied for by Geedge. The company also has a close relationship with the Massive and Effective Stream Analysis Laboratory (MESA Lab) at the Chinese Academy of Sciences, with the documents showing regular collaboration between personnel at both entities.

It was a MESA Lab researcher who took notes at the July, 2024, meeting in Xinjiang, where attendees spoke of using technology to "strike at the use of tools" to bypass the Great Firewall and establish the "Xinjiang Branch Centre" as an "anti-terrorism vanguard" and "demonstration of provincial capabilities."

The company does individualized research on circumvention systems and VPNs in order to block them.

The leaks show employees at the company working to reverse-engineer many popular tools and find means of blocking them. One set of documents lists nine commercial VPNs as "resolved," and provides various means of identifying and filtering traffic to them. Similar capabilities have long been demonstrated by the Great Firewall, with most commercial VPNs inaccessible from within China and many dedicated anti-censorship tools also hard to access.

Der Standard: Wie China seine Totalüberwachung des Internets ins Ausland exportiert

This article lists additional capabilities of Geedge's technology, beyond tracking users and blocking access: injection of malware into HTTP sessions, and directly launching DDoS traffic volume attacks.

Die Technologien, die Geedge Networks anbietet, sind überaus mächtig, zeigt eine Analyse der IT-Sicherheitsexperten von Intersec Lab. Sie ermöglichen Behörden, den Datenverkehr von Einzelpersonen in bestimmten Regionen zu überwachen, beispielsweise während Protesten. Sie können gezielt einzelne Virtual Private Networks (VPNs) erkennen und blockieren, mit deren Hilfe Nutzer bislang die digitale Zensur von Behörden umgehen konnten. Und sie können sogar bösartigen Code in Websites einfügen oder DDoS-Angriffe starten und damit einzelne Seiten lahmlegen.

The technologies offered by Geedge Networks are extremely powerful, as shown by an analysis by the IT security experts at Intersec Lab. They enable authorities to monitor the data traffic of individuals in certain regions, for example during protests. They can specifically detect and block individual virtual private networks (VPNs), which users have previously used to circumvent digital censorship by authorities. And they can even insert malicious code into websites or launch DDoS attacks, thereby crippling individual sites.

It has the same information about Geedge software being deployed on repurposed Sandvine hardware in Pakistan. Evidently, Geedge places a priority on decoupling software from hardware.

Später soll die kanadische Firma Sandvine Pakistan ein System geliefert haben, das den Behörden das Blockieren von unerwünschten Internetseiten ermöglichen kann. 2023 zog sich Sandvine, inzwischen umbenannt in Applogic Networks, zwar aus dem Land zurück. Aber offenbar hinterließ es zumindest Teile der Sandvine-Hardware in Pakistan.

Die Recherchen legen nahe, dass diese nun von Geedge Networks zumindest zu Beginn wiederverwendet wurden. Applogic Networks teilte dem STANDARD mit, davon keine Kenntnis gehabt zu haben. Darüber hinaus betonte das Unternehmen, dass man mit seiner Technologie keine Benutzerdaten entschlüsseln oder Spyware einsetzen könne.

Later, the Canadian company Sandvine is said to have supplied Pakistan with a system that enables the authorities to block unwanted websites. In 2023, Sandvine, now renamed Applogic Networks, withdrew from the country. But it apparently left at least some of the Sandvine hardware in Pakistan.

Research suggests that this was then reused by Geedge Networks, at least initially. Applogic Networks told the STANDARD that it had no knowledge of this. Furthermore, the company emphasized that its technology cannot be used to decrypt user data or deploy spyware.

A French company, Thales Group, provides license enforcement to Geedge. Geedge used at least one server in Germany for the purpose of software downloads. (Perhaps to avoid interference by the GFW, if the download server had been hosted in China.)

Auch ein französisches Unternehmen wurde – wohl unfreiwillig – zum Helfer von Geedge Networks. Die französische Thales Group vertreibt eine Software, mit der man Lizenzen managen kann. Geedge Networks nutzte diese offenbar, um Kontrolle über die von ihr verkauften Produkte zu behalten. Sie könnte damit etwa die Funktionsfähigkeit der Software zeitlich beschränken.

Auf Anfrage bestätigte die Thales Group dem STANDARD, dass das chinesische Unternehmen zu ihren Kunden gehört. Die Software von Geedge Networks sei jedoch nicht auf das französische Produkt angewiesen, um zu funktionieren. Mit der Überwachung habe man nichts zu tun.

Darüber hinaus nutzte Geedge Networks offenbar einen deutschen Server, um seine Software über Downloadlinks an die Kunden zu verteilen. Die Motive dafür bleiben unklar. Bekannt ist aber, dass die chinesische Firewall den Zugriff auf chinesische Websites aus dem Ausland zunehmend erschwert. Das zuständige Ministerium in Deutschland ließ Anfragen des STANDARD zu dem Thema unbeantwortet.

A French company also became an unwitting accomplice of Geedge Networks. The French Thales Group sells software that can be used to manage licenses. Geedge Networks apparently used this to maintain control over the products it sold. This allowed it to limit the functionality of the software for a limited period of time.

Upon request, the Thales Group confirmed to the STANDARD that the Chinese company is one of its customers. However, Geedge Networks' software does not rely on the French product to function. The company claims to have nothing to do with surveillance.

In addition, Geedge Networks apparently used a German server to distribute its software to customers via download links. The motives for this remain unclear. However, it is known that the Chinese firewall is making it increasingly difficult to access Chinese websites from abroad. The responsible ministry in Germany did not respond to inquiries from the STANDARD on the subject.

Follow the Money: China exports censorship tech to authoritarian regimes – aided by EU firms

This article gives an outline of various Geedge products, which may be sold to customers in a bundle or selectively. Cyber Narrator is a kind of high-level dashboard that nontechnical users can interact with directly. Tiangou Secure Gateway (TSG) is the actual network surveillance and blocking device. TSG Galaxy is a data storage and analysis pipeline. Network Zodiac is a manager and monitor for the other systems.

Geedge Networks' portfolio includes several different technologies, InterSecLab's data analysis shows. "Cyber Narrator" is the main interface that clients interact with. It allows even non-technically-skilled individuals to monitor groups of internet users in specific areas, for example, during demonstrations.

Then, there is the "Tiangou Secure Gateway" – believed to be the flagship product. This tool can block VPNs, but also insert malicious code into websites or launch attacks on websites.

Another product is the "TSG Galaxy", where data collected on users is stored, while "Network Zodiac" monitors all other systems and reports any errors.

There may be may more installations of Geedge equipment such as TSG than even the countries mentioned in this leak, because Geedge's public marketing web site says "40+ global service providers":

In a 2024 speech covered by a Chinese media, Binxing announced that the company aims to expand into "international markets" and promote Chinese technologies globally. It seems he did just that as the documents show that Myanmar, as well as Pakistan, Ethiopia and Kazakhstan, held licenses for at least the flagship product, the Tiangou Secure Gateway. Furthermore, Geedge Networks' website boasts it serves "40+ global service providers", suggests a much further reach than the leaked documents suggest.

A Geedge support ticket from February 2023 has to do with blocking social media in Ethiopia. This correlates with known blocking (#210) in Ethiopia at the time.

Then, in February 2023, amidst a wave of national protests, a support ticket from Geedge Networks shows their experts were called in to fix a problem with regard to social media platforms like YouTube and Twitter. During the same time frame, the blocking of access to social media platforms was reported.

At least one Jira support ticket shows evidence of plaintext capture of email:

The internal documents show that Geedge Networks' tools, including the Tiangou Secure Gateway, were being used in [Pakistan]– and, in at least one case, e-mail traffic between a global shipping company and a Pakistani company has been intercepted.

If there's interest, maybe we can organize teams to divide the source code repositories and investigate them.

wangmeiqi/obfs4_verify

This looks like a couple of rudimentary active probers for obfs4. They take a bridge IP:port and the bridge's out-of-band "cert" information (which is assumed to be known) and try handshaking with the server to see if it responds the way an obfs4 bridge would.

6188    README.md
121933  obfs4验证文档.docx
2999    parse.go
396970  pyelligator-master.zip
12967   testverify.go
7015    testverify.py
7799    verify_obfs4.py

obfs4验证文档.docx is a document that explains the purpose of the project, walks through the steps of the obfs4 handshake, and comments on the Go code.

obfs4节点验证文档

一、原理
客户端与服务器使用Tor obfs4插件进行通信前，首先要建立握手。通过模拟obfs4客户端的握手行为向待验证的obfs4节点发送握手请求，如果能得到预期的响应，则验证目标节点为obfs4节点。

Obfs4 Node Verification Document

Before a client and server communicate using the Tor obfs4 plugin, they must first establish a handshake. This process simulates the handshake behavior of an obfs4 client and sends a handshake request to the obfs4 node to be verified. If the expected response is received, the target node is verified as an obfs4 node.

The file testverify.go is a Go version of the prober. It consists mainly of code copied from transports/obfs4/obfs4.go and transports/obfs4/handshake_ntor.go in the original obfs4proxy source code, along with a small main function to attempt a handshake with a hardcoded bridge.

func main() {
	var ptName string
	ptName = "obfs4"
	var certStr string
	certStr = "iJ8il3a2gVXuNdZoaPwQ0QgdOJyBAi4fcY642f6sTErVNZ14Ax7c9w9qa36mUXQhbm9vOg"
	//	certStr = "M6tiPcFv8YK2jE8pYZb9AKMMHHag4OrhHFWmOXHR+J9s8Ty9X9V+Bn0emEZmfnqhdtHkdA"
	var iatStr string
	iatStr = "0"
	var address string
	address = "185.185.251.132:443"
	//	address = "45.32.201.89:51433"
	var result int
	result = verify(ptName, certStr, address, iatStr)
	fmt.Println(result)
}

testverify.py and verify_obfs4.py look like 2 different revisions of a Python version of the prober. It may be a translation of the Go into Python, because I don't recognize the implementation. testverify.py has the same 2 bridge addresses as testverify.go. verify_obfs4.py has a different one:

if  __name__ == '__main__':
    ptName = "obfs4"
    for i in range(10):
        item=bridgestr()
        item.certStr = "dCLDdS35RUyZ/H93CQ7BlEdCF4QOCvw9+AmB116o6CU0ZGhm2TNDjwee9XYi/SVn9/gnKQ"
        item.address="104.168.126.106:42154"
        result = verify(ptName, item.certStr, item.address)
        print result
        i=i+1

Whether these are real obfs4 bridges, I don't know.

The repository has 7 commits, all on 2024-06-28 by meiqi wang <wangmeiqi@iie.ac.cn>. It looks like a test project that was not updated or maintained. It has hardcoded bridge IP addresses and credentials and reports output just by printing to stdout. The code looks amateurish. It doesn't look like an operational piece of software.

Perhaps notably, this repository does not use any of the public key distinguishability attacks that were known in 2024, nor show any awareness of them.

This is data from our Intra app showing how successful the app is in recovering from SNI-based blocking.
Intra triggers a retry on TLS connections with TLS record fragmentation if it fails to get a response before a timeout, and we measure whether the retry fails or succeeds ("traffic we can recover").

Success rate in Myanmar significantly dropped after May 2024, aligning it with the rate from China. This is aligned with the timeline provided in the report.

(Note that it drops further for both countries in August 2025)

Success rate in Myanmar significantly dropped after May 2024, aligning it with the rate from China. This is aligned with the timeline provided in the report.

Interesting. Thank you for checking that.

I don't see a reference to Intra in geedge_jira.tar.zst, but there is one issue that references Outline, issues/OSS-378.json. The issue title is 【M22项目】VPN特征提取-宋龙坤 ([Project M22] VPN feature extraction - Song Longkun).

2024-09-27 宋龙坤 (Song Longkun):

20240924对Orbot进行逆向分析，解析有效域名1个，除此之外未发现其他有效或有效特征；
20240924对Ostrich VPN进行逆向分析，解析有效域名2个，除此之外未发现其他有效或有效特征；
20240924对Outline VPN进行逆向分析，解析有效域名两个，除此之外未发现其他有效或有效特 征；
20240925对PandaVPN Lite进行逆向分析，解析有效域名2个，除此之外未发现其他有效或有效特征；
20240925对Pawxy进行逆向分析，解析有效域名5个，疑似134个服务器IP，除此之外未发现其他 有效或有效特征；
20240926对ProtonMail进行逆向分析，解析有效域名4个，除此之外未发现其他有效或有效特征 ；
20240926对Proxy OvpnSpider进行逆向分析，未发现有效或有效特征；
PrivatePackets.io、Proxy.sh VPN官网无效，应用商店未找到对应应用。

20240924 Reverse analysis of Orbot revealed one valid domain name, but no other valid or valid features were found.
20240924 Reverse analysis of Ostrich VPN revealed two valid domain names, but no other valid or valid features were found.
20240924 Reverse analysis of Outline VPN revealed two valid domain names, but no other valid or valid features were found.
20240925 Reverse analysis of PandaVPN Lite revealed two valid domain names, but no other valid or valid features were found.
20240925 Reverse analysis of Pawxy revealed five valid domain names and 134 suspected server IP addresses, but no other valid or valid features were found.
20240926 Reverse analysis of ProtonMail revealed four valid domain names, but no other valid or valid features were found.
20240926 Reverse analysis of Proxy OvpnSpider revealed no valid or effective features.
The official websites for PrivatePackets.io and Proxy.sh VPNs are inactive, and no corresponding apps were found in the app store.

2024-10-31 宋龙坤 (Song Longkun):

20241030
VPN序号137 共计提取Pawxy VPN 服务器IP 144个，目前在安卓模拟器平台中连续对该VPN的所有节点拨测20次均无法正常连接，阻断成功。
VPN序号132 Outline VPN需要使用他人的Outline服务器私钥或自己创建Outline服务器私钥才可使用。对该VPN的官网及APK包进行分析，未发现有效及疑似特征。
VPN序号146 编写Proxy OvpnSpider自动捕包程序，并提取服务器IP 107个。

20241030
VPN No. 137: A total of 144 Pawxy VPN server IP addresses were extracted. 20 consecutive calls to all nodes of this VPN on an Android emulator failed to connect, successfully blocking the connection.
VPN No. 132: Outline VPN requires the use of a third-party Outline server private key or a custom-created one. Analysis of the VPN's official website and APK package revealed no valid or suspicious features.
VPN No. 146: A Proxy OvpnSpider automated packet capture program was developed to extract 107 server IP addresses.

wangmeiqi/obfs4_meek_snowflake

This repository looks like a fingerprinter for meek, obfs4, and Snowflake, based on the methods of Deep Fingerprinting (ACM CCS 2018).

3726    ClosedWorld_DF_NoDef.py
6212    README.md
3080    environment.yml
256     readme
3556    test_meek.py
3563    test_obfs4.py
3582    test_snow.py
792     模型情况.txt
17454928        models/meek_bk.h5
17454928        models/obfs4_bk.h5
17454928        models/snow_bk.h5

README.md is just an autogenerated GitLab README. The file readme has usage instructions:

1. 测试meek模型：python test_meek.py ./data/meek_mix.npz ./models/meek_bk.h5
2. 测试obfs4模型：python test_obfs4.py ./data/obfs4_mix.npz ./models/obfs4_bk.h5
3. 测试snowflake模型：python test_snow.py ./data/snow_mix.npz ./models/snow_bk.h5

1. Test the meek model: python test_meek.py ./data/meek_mix.npz ./models/meek_bk.h5
2. Test the obfs4 model: python test_obfs4.py ./data/obfs4_mix.npz ./models/obfs4_bk.h5
3. Test the snowflake model: python test_snow.py ./data/snow_mix.npz ./models/snow_bk.h5

The models/*_bk.h5 are included in the repository, but the data/*_mix.npz files are not. The models/*_bk.h5 files are in Hierarchical Data Format, according to file(1). The file 模型情况.txt (model circumstances) gives the training/testing breakdown of each model:

三个模型结构：DF模型
数据长度：前30个包

meek模型 训练：3000个正例（文涛那边的meek流） 30000个负例（崇儒那边的背景tcp流）
测试数据：2200个正例（新捕的meek流）22096个负例（20000个崇儒背景tcp流，2000个obfs4流，96个雪花tcp流）

obfs4模型 训练：20,000个正例（文涛obfs4流） 200,000个负例（崇儒背景tcp流）
测试：20,000个正例（文涛obfs4流）202,296个负例（200,000个崇儒背景tcp流，2200个meek流，96个雪花tcp流）

snowflake模型 训练：2000个正例（1000文涛snowflake流，1000新捕snowflake流） 20000个负例（崇儒背景udp流）
测试：2000个正例（1000文涛snowflake流，1000新捕snowflake流） 20000个负例（崇儒背景udp流）

Three model structures: DF model
Data length: First 30 packets

meek model training: 3,000 positive examples (meek traffic from Wentao), 30,000 negative examples (background TCP traffic from Chongru)
Test data: 2,200 positive examples (newly captured meek traffic), 22,096 negative examples (20,000 background TCP traffic from Chongru, 2,000 obfs4 traffic, 96 snowflake TCP traffic)

obfs4 model training: 20,000 positive examples (Wentao obfs4 traffic), 200,000 negative examples (background TCP traffic from Chongru)
Test data: 20,000 positive examples (Wentao obfs4 traffic), 202,296 negative examples (200,000 background TCP traffic from Chongru, 2,200 Meek traffic, 96 snowflake TCP traffic)

snowflake model Training: 2000 positive examples (1000 Wentao snowflake streams, 1000 newly captured snowflake streams) 20,000 negative examples (Chongru background UDP streams)
Testing: 2000 positive examples (1000 Wentao snowflake streams, 1000 newly captured snowflake streams) 20,000 negative examples (Chongru background UDP streams)

It's interesting that they include traffic from other transports as part of the negative samples during testing (e.g. obfs4 and Snowflake as negative examples for meek). I don't know what 文涛 (Wentao), 崇儒 (Chongru), and 新捕 (Xinbu) are. (EDIT: 新捕 = newly captured.)

ClosedWorld_DF_NoDef.py is an edited version of the file of the same name in the deep-fingerprinting/df repository.

test_meek.py, test_obfs4.py, and test_snow.py are all basically the same file, just with a different transport name in each one. These files appear to originate in ClosedWorld_DF_NoDef.py. It looks like these programs apply a model (.h5 file) to test data (.npz file) and report statistics such as precision and recall. They are Python 2 programs, not Python 3.

Like wangmeiqi/obfs4_verify, all the commits in this repository are by meiqi wang <wangmeiqi@iie.ac.cn> and all occur on 2024-06-28. It looks like student project code, not something operational.

I don't see a reference to Intra in geedge_jira.tar.zst, but there is one issue that references Outline, issues/OSS-378.json. The issue title is 【M22项目】VPN特征提取-宋龙坤 ([Project M22] VPN feature extraction - Song Longkun).

@wkrp thanks for checking. Do you know what the "two valid domain names" is about?
As for Intra, I'd guess the drop is just more strict censorship, not really targeting of Intra.

I don't know what 文涛 (Wentao), 崇儒 (Chongru), and 新捕 (Xinbu) are.

The first ones look like ordinary Chinese given name, and the last one is literally newly captured.

• Wang Wentao: https://en.wikipedia.org/wiki/Wang_Wentao
• Chong ru? Literally worshipping Confucianism.

Do you know what the "two valid domain names" is about?

My best guess at what OSS-378 is about is that it has to do with the "mobile device lab" and "static and dynamic analysis" of VPN apps. Like, they search the binary for URLs and IP addresses, then they run the program multiple times to see what DNS queries and network connections it makes.

OSS-378 contains a link to a Confluence document, https://docs.geedge.net/display/TSGEN/M22-VPN+List, which is present in geedge_docs.tar.zst (along with many other pages that have "M22" in the title). "M22-VPN List" seems to contain a giant table of ≈280 VPNs, including Outline, Orbot, Mullvad, and others.

Outline is number 132 on the list, and its priority is high.

I don't know what 文涛 (Wentao), 崇儒 (Chongru), and 新捕 (Xinbu) are.

The first ones look like ordinary Chinese given name, and the last one is literally newly captured.

• Wang Wentao: https://en.wikipedia.org/wiki/Wang_Wentao
• Chong ru? Literally worshipping Confucianism.

All of them are Chinese given names.

We (@FelixLange1998 and I) would love to look at the ssl/tls files but both the torrent and direct download seem to be quite slow. Did anyone manage to download the whole set of files?

While the censorship infrastructure having the ability to conduct MITM with malicious CAs isn't entirely surprising, a lack of certificate chain hash pinning within graphical clients of encrypted proxies like Xray is quite worrying though, especially when the devices running the encrypted proxy clients on may have been planted malicious CAs that few people bothers to check. The graphical clients and shareable link standards can benefit quite well from supporting hash pinning in my opinion.

• https://web.archive.org/web/20241202193445/http://www.mesalab.cn/ (contains pictures of undergraduates)

So, MESA is abbreviation for Massive Effective Stream Analysis, but the Chinese name is totally unrelated to this but Processing Architecture Group (处理架构组).

I doubt this is imitating the Mesa Laboratory in 1960s, Colorado.

While the censorship infrastructure having the ability to conduct MITM with malicious CAs isn't entirely surprising, a lack of certificate chain hash pinning within graphical clients of encrypted proxies like Xray is quite worrying though, especially when the devices running the encrypted proxy clients on may have been planted malicious CAs that few people bothers to check. The graphical clients and shareable link standards can benefit quite well from supporting hash pinning in my opinion.

我也想过这件事，不过对 Xray-core 来说似乎不太实用，原因有三：

1. Xray 主推 REALITY，哪怕是“偷自己”，完全不依赖 CA，可以抵御证书链攻击，就连认证也率先加上了可选的抗量子，TLS 还没有
2. 如果要用 CDN，则证书经常换，不同入口节点的证书可能都不同，pin 证书这个方式不太现实
3. Xray 正在倡导过 CDN 等场景使用 VLESS Encryption，它遵循非常高的安全标准，可以有效防止被解密/MITM 出被代理的数据

还有就是现在很多直连机场都在使用 REALITY 了，越来越多的 TLS-like 连接正在变得无法被 MITM XTLS/Xray-core#5066 (comment)

此外中转机场的 SS 有被解密后 MITM 内层 TLS 的风险，这个安全漏洞就挺严重的，我可以在这里发一个贴子详细说明

如果要用 CDN，则证书经常换，不同入口节点的证书可能都不同，pin 证书这个方式不太现实

可能 pin root 证书好一点，我不确定 Xray 现有的 PinnedPeerCertificateChainSha256 PinnedPeerCertificatePublicKeySha256 是否支持

不过套 CDN 总归是建议用 VLESS Encryption 的，那就无所谓，我觉得是时候把单纯的 TLS / QUIC 也列为“不够安全”了

Maybe pinning the root certificate is better. I'm not sure if Xray's existing PinnedPeerCertificateChainSha256 and PinnedPeerCertificatePublicKeySha256 support it.

@RPRX That's exactly what I'm thinking, pinning only the possible root certificates. Cloudflare has LE, GTS, Sectigo and SSL.com, CloudFront uses Amazon's internal service, Fastly uses Certainly... So on and so forth. REALITY isn't exactly applicable when it's needed to pair with standard web infrastructure, so root certificate pinning would be quite preferable for clients to have, especially for the shareable links.
Regarding VLESS encryption... I'd advocate for it to be used whenever third-party infrastructure is needed, but if TLS could be decrypted by the censors in the first place, then we'll have the dilemma that Shadowsocks et al have. Web infrastructure providers like CDNs can care less though.

@PoneyClairDeLune 不过 pin 这件事其实很难推动，我认为更根本的解决方案是不应继续将 TLS / QUIC 视为可靠的加密方式