Due to the ongoing process of blocking Tor in Russia, I’ve decided to improve my Tor connectivity. Currently, I have a Shadowsocks proxy on the VPS. I’ve configured access ports for unobfuscated and for v2fly-websocket obfuscated connections. I can connect to Tor by configuring proxy access in the Tor Browser or torrc file. I’ve also configured a private Tor bridge, but it seems unnecessary for my use case.
What are the drawbacks of using Shadowsocks proxy instead of a private Tor bridge? The only issue that I can think of is that a Tor bridge would provide a higher level of obfuscation between my PC and VPS than v2fly-websocket+shadowsocks or plain shadowsocks. Am I missing anything?
A private, obfuscated proxy server and a private, pluggable transport Tor bridge are functionally almost the same. The pluggable transport protocol even uses SOCKS internally to specify the bridge address. There are a few minor differences I can think of:
With a proxy server, you still have the 3 hops of a normal Tor circuit, so it’s effectively 4 hops in total. With a bridge, it’s the usual 3 hops. (The bridge takes the place of the 1st hop, which otherwise would be your entry guard.)
Tor Metrics won’t count you as a bridge or pluggable transport user. Your traffic will be counted as directly connecting. It will be attributed to the country in which your proxy is located, I believe.
For the purposes of obfuscation, Shadowsocks AEAD and obfs4 are basically equivalent, and they resemble each other on the wire. obfs4 has some cryptographic advantages, for example obfs4 has forward security and Shadowsocks does not. (If your Shadowsocks password is ever revealed, all your past recorded traffic can be decrypted, which is not the case with obfs4.) There are many implementations of Shadowsocks and they vary in quality; for example I believe they do not all have mitigations against active probing.