What is Shadowsocks?
Shadowsocks is a free, open source data encryption protocol developed on SOCKS5 technology.
This protocol was created in China to bypass the great Chinese firewall, which it successfully copes with.
When a resource is blocked, it means that you cannot access its IP address. Therefore, when you try to open a blocked site, you first connect to your ISP's server and then to the site itself, but without success. If you use a proxy, you first connect to the ISP's server, then to the proxy server, and only then access the site.
Shadowsocks is based on the SOCKS5 proxy protocol, which secures the connection using the AEAD cipher, which acts like an SSH tunnel. AEAD is considered a simple type of encryption, therefore it is less secure.
Shadowsocks is similar to a virtual private network (VPN), but the latter uses more sophisticated encryption, making it more secure. However, the simple Shadowsocks encryption is harder to detect as it looks just like a normal HTTPS connection.
Shadowsocks Benefits
- Ease of server setup: below I will show that the standard — it's only 5 lines, and you don't have to fiddle with certificates. Well, the truth is, we are not building a banking network.
- Easy client setup. Clients for everything, I'm not afraid of a big word. Client config — these are the same 5 lines.
- The client does not need admin rights to work. Moreover, it can be installed from pip. That is, any programmer will be able to connect from work.
- It's easy to customize access at the level of individual programs. In the browser, with add-ons like FoxyProxy/OmegaSwitchy, in general — at the level of individual addresses according to complex rules. When using a VPN, this can only be achieved by setting up local proxies on each client.
- Unlike VPN, which on most systems is implemented through a virtual network card, the Shadowsocks client does not disappear when the connection is broken. So your traffic will not go by itself in an insecure way. In addition, even if the Shadowsocks application itself crashes, programs will not access directly unless they are configured to do so. When using a VPN, you have to implement a kill-switch, and they, especially under Windows, are unreliable and have side effects.
- Compared to an SSH tunnel — high bandwidth, supports thousands of clients with tons of connections from each. SSH tunnel under, for example, torrents, is noticeably sad; in addition, small network irregularities significantly reduce its speed. Shadowsocks don't care.
- Pass less technical information over connections, which is good for mobile device battery.
- There are exotic versions of servers written as libraries for different languages. That is, you can add a server to your program to encrypt access to your clients.
- Graphic customization of clients. You can make a QR code, when scanning it, mobile phone and Windows clients configure themselves. One client was set up for Windows, the code was generated, and it was scattered for 20 mobile phones in a minute. You can put it on the site, or hang it on the wall.
Disadvantages of Shadowsocks
- Unlike OpenVPN, it has not been formally audited. So a lot of people looked through it, since the code is open and small, but officially — no.
- Does not separate users. You can teach on multiple ports with different passwords, but on the same — one password. Knowing the password prevents (in theory) from listening to another subscriber on the same port.
- Does not know how to forward the port in the opposite direction. That is, everyone is sitting behind NAT. We'll have to use an SSH tunnel if possible.
- The Android client keeps two(!) non-removable messages. If they are not hidden, it is very disturbing.
- There are a couple of stubborn programs for Windows that do not fit into Shadowsocks, no matter how you configure them. Alas, the author of the program can write the opening of the connection in such a way as to ignore the proxy settings, and this is sometimes done when checking software licenses. Below I will write a tricky trick on how to recognize these programs.
- Connection latency is higher than OpenVPN. Not much, and you can gamble, but still.
- Cannot compress traffic with an archiver. In the age of HTTPS, this is not important, but for, say, uncompressed text files and real Ubuntu images — there is a difference.
- The documentation was written by the Chinese, in Chinese English, with a bunch of missing paragraphs and mutual contradictions.
The difference between Shadowsocks and VPN
The main difference between the two is that VPN is a fully encrypted network, while Shadowsocks only encrypts data between you and the proxy server and does not provide you with complete anonymity on the Internet.
Shadowsocks uses TCP and HTTPS, which does not offer the same level of security as a VPN, but allows Shadowsocks to bypass restrictions with better connection speeds.