[Feature] Integrate Pluggable Transport / Censorship Circumvention Layer (Conduit-like functionality)

[yousefebrahimi0]

Is there an existing request for feature?

• I have searched the existing issues

What feature would you like?

Problem Statement

During internet blackouts and heavy censorship events (such as those occurring in Iran, China, and other restrictive regions), Session becomes inaccessible despite being a privacy-focused messenger. Current censorship techniques include:

• Deep Packet Inspection (DPI) that identifies and blocks encrypted traffic patterns
• SNI-based TLS interception that blocks connections based on domain names
• Protocol whitelisting that only allows pre-approved communication protocols
• BGP-level routing manipulation that isolates domestic users from international internet

While Session's onion routing provides excellent privacy under normal conditions, it cannot function when the underlying network protocols are blocked or when Service Nodes are unreachable due to aggressive filtering.

Proposed Solution

Integrate a pluggable transport layer (similar to Psiphon's Conduit or Tor's pluggable transports) directly into the Session app that allows the application to:

1. Detect censorship and automatically switch to obfuscated transport protocols
2. Disguise Session traffic as permitted protocols (HTTPS, routine web traffic, or whitelisted services)
3. Route through proxy infrastructure when direct Service Node connections are blocked
4. Support multiple transport modes that can be cycled through until a successful connection is established

Technical Approach

Several proven technologies could be integrated:

• obfs4: Obfuscates traffic to bypass DPI-based blocking
• meek: Uses domain fronting through major cloud providers (though requires cloud cooperation)
• Stealth protocols: Makes VPN/proxy traffic indistinguishable from regular HTTPS traffic
• Psiphon integration: Direct integration with Psiphon's proven anti-censorship infrastructure

The implementation could work as a fallback layer:

Normal operation: Client → Onion routing → Service Nodes

Censored environment: Client → Pluggable transport → Proxy → Service Nodes

Why This Matters

1. Real-world impact: During Iran's 2025 internet blackout, VPN searches spiked 707% as citizens sought workarounds, and only tools like Psiphon/Conduit remained functional
2. Privacy under pressure: Session's privacy guarantees only work if users can connect. This feature would make Session the only messenger combining metadata privacy with censorship resistance
3. Market opportunity: Combining Session's privacy architecture with censorship circumvention would make it the go-to messenger for users in restrictive regions worldwide
4. Competitive advantage: Unlike Signal, Telegram, or WhatsApp (which all get blocked), Session with anti-censorship would be uniquely positioned

User Experience

• Automatic: The app detects censorship and switches transport modes seamlessly
• Manual option: Advanced users can manually select transport protocols in settings
• Status indicator: Shows which transport mode is active (normal/obfuscated)
• Minimal config: Works out-of-the-box without requiring technical knowledge

Potential Challenges

• Additional complexity in the codebase
• Potential performance overhead when using obfuscated transports
• Need for proxy infrastructure (could leverage existing Psiphon network or community-run proxies)
• Ongoing maintenance as censors adapt

References

• Psiphon Conduit: https://github.com/Psiphon-Inc/conduit
• Research on Iran's censorship: Recent studies document sophisticated multi-layer blocking at national gateways
• Pluggable transports: Proven technology used by Tor Browser and other circumvention tools

Impact Prediction

If implemented, Session would become the first privacy-focused messenger with built-in censorship circumvention, potentially making it the most downloaded secure messaging app in censored regions affecting billions of users.

Anything else?

Check this please: https://github.com/psiphon-inc/conduit/tree/main/cli
https://x.com/PsiphonConduit/status/2016967527306256863

[KeeJef]

The contributors working on Session are currently exploring more advanced approaches to censorship resistance. In particular, Session is looking to partner with companies that are already building censorship resistant networking stacks with the goal of integrating their censorship-resistance solutions into Session.

This would help ensure that users in censored regions can continue to connect to the Session Node network, even if access to the Session node network is being blocked, whether through IP blocking or DPI-based filtering.

Hoping to share more updates on this ticket soon. This ticket also linked to #1679