The Game Has Changed: Revisiting proxy distribution and game theory
Hassan Fares, Omkar Fulsundar, Nick Hopper
https://www.petsymposium.org/foci/2026/foci-2026-0003.php
https://github.com/hoppernj/ProxySimulator
This paper revisits the proxy distribution framework of “Enemy at the Gateways” (Nasr et al. 2019) and updates it with additional considerations from recent years. The proxy distribution problem is the question of how to distribute proxies (e.g. relays, bridges, VPN servers) so that they can be used by censored users—without at the same time revealing them all to a censor, who will block them. Nasr et al. used game theory to find an optimal strategy for proxy distribution, given assumptions about the behaviors of users and censors and what they value (their utility functions). This paper updates the framework to take into account (1) short-term proxies à la Snowflake, (2) proxy discovery by traffic analysis, and (3) the fact that in reality, there are many censors with differing capabilities, and what works well against against one may not work well against another. These are necessary updates: an optimal strategy under the old assumptions may be far from optimal under the new.
The authors borrow and adapt the ENEM19 simulator from “SpotProxy: Rediscovering the Cloud for Censorship Circumvention” (2024) to model ephemeral proxies, zig-zag and host profiling traffic analysis attacks (with simulated non-circumvention clients and servers that may be collaterally blocked), and multiple non-cooperating censors. The modified simulator is available at https://github.com/hoppernj/ProxySimulator. The simulator tracks a set of performance metrics: client connectivity (the fraction of clients that can connect to any proxy in a time step), proxy availability (the fraction of proxies that are not blocked by a censor), average wait time (the number of time steps a client must wait before reaching a working proxy), and proxy lifetime (how many time steps a proxy was useful for before it got blocked).
Snowflake-like ephemeral proxies resist enumeration by the censor pretty well, despite not having a sophisticated proxy distribution strategy. A naive, “aggressive” censor that blocks proxies as soon as they are discovered does better (has lower rates of client connectivity) than the “optimal” censor of Nasr et al.. But more important than the censor strategy is the arrival rate of proxies: more proxies means more successful connections. (Even with no censorship, an ephemeral proxy connection attempt may fail, especially when the rate of proxy arrival is low.) Even when a client’s first connection attempt fails, there is a high chance that the second or third attempt will work.
In the zig-zag attack, the censor first discovers a few proxies, then watches to see what users connect to those proxies (zig). Then, it watches to see what other servers those same users connect to (zag); those other servers are possibly proxies. The host profiling attack is based on counting connections: servers that receive connections from many different clients are classified as proxies. Both of these attacks are effective against classic proxy distribution strategies, blocking nearly all circumvention attempts within a small number of time steps. The zig-zag attack has high levels of collateral damage (better or worse according to the quality of the censor’s classifier), while the collateral damage of host profiling is lower even with poor-quality classifiers. Ephemeral proxies do better against these attacks, with most users still being able to connect after a few tries.
The results of simulation of multiple censors were unclear. The authors simulated two non-cooperating censors running at the same time, using the same or different strategies. The proxy distributor does not know which censor it may be giving proxy addresses to: it needs to defend against both at once. Sometimes the mismatch favored one or the other of the censors, and sometimes the proxy distributor. The only clear conclusion was that simulations of a single censor with a single strategy do not necessarily predict what will happen when more than one censor is involved.
Thanks to the authors for reviewing a draft of this summary.