Daily GFW Intelligence Briefing: 500+ Reports Synthesized | Verified March 2026
← Technical Lab Updated 2026-03-02

Protocol Performance Matrix

Head-to-head comparison of every viable circumvention protocol for China in March 2026. Benchmarks are based on real-world testing across CN2 GIA, AS4837, and CMI routes.

Quick Summary — Which Protocol Should I Use?

🛡️

I need maximum stealth

Political events, blackouts, or you can't risk detection

→ VLESS-Reality-Vision

I need low-latency speed

Gaming, video calls, or 4K streaming on mobile

→ Hysteria2

🔬

I have fast fiber

1Gbps+ home fiber on CN2 GIA or CMI premium route

→ Shadowsocks-2022

How Do the Protocols Compare?

Protocol Latency (ms) Throttling Resistance Complexity Best Use Case
VLESS-Reality-Vision 160-210 9/10 High Maximum stealth during blackouts & political events
Hysteria2 110-150 7/10 Moderate Gaming, 4K streaming, and real-time applications
Shadowsocks-2022 130-160 6/10 Low High-bandwidth fiber users (1Gbps+) on CN2 GIA
TUIC v5 140-180 5/10 Moderate TCP multiplexing over QUIC — niche cloud workloads
Trojan-Go 170-230 8/10 Moderate Proven and stable — legacy deployments, conservative setups

Source: Consensus Lab Methodology — CN2 GIA routes, Feb 2026

How to Read Throttling Resistance

  • 9-10: Indistinguishable from normal traffic. Survives blackouts.
  • 7-8: Effective under normal monitoring. Degrades during crackdowns.
  • 5-6: Works on passive monitoring only. Vulnerable to targeted inspection.
  • 1-4: Easily detected. Not recommended for China in 2026.

Testing Methodology

Latency measured as round-trip time from Shanghai to Los Angeles over CN2 GIA-E routes. Throttling resistance based on 30-day survival rate without IP rotation. Complexity rates the difficulty of initial deployment and ongoing maintenance.

Which Protocol Should You Choose?

Is it a sensitive political period (anniversary, congress)?

Yes → VLESS-Reality (only TCP-based stealth survives whitelist mode)

No → Continue ↓

Do you need real-time performance (gaming, video calls)?

Yes → Hysteria2 on China Unicom (best UDP tolerance)

No → Continue ↓

Do you have 1Gbps+ fiber on a premium route (CN2 GIA)?

Yes → Shadowsocks-2022 (maximum throughput, lowest CPU overhead)

No → VLESS-Reality (best all-around for most users)

What Do the Technical Terms Mean?

Key terms used across our implementation guides

TLS 1.3 Zero-RTT Handshake
A mechanism allowing data to be sent on the first flight of a TLS handshake. While improving performance, it introduces unique timing signatures that AI-driven models monitor for proxy detection.
SNI Proxying (REALITY)
The technique of masquerading a server's identity by mirroring the Server Name Indication and handshake of a legitimate, high-reputation target website. The GFW sees traffic destined for apple.com, not your proxy server.
ALPN Negotiation
Application-Layer Protocol Negotiation — a TLS extension allowing a client to specify the protocol (e.g., HTTP/2) to be used over the secure connection. Mismatches between ALPN and typical browser behavior are a proxy detection signal.
Heuristic Entropy Analysis
A detection method measuring the randomness in a data stream. Encrypted tunnel traffic typically has entropy approaching 8 bits/byte. Censors use this to identify non-standard protocols lacking standard HTTPS header structure.
Path MTU Discovery (PMTUD)
The process of determining the maximum packet size supported by the network path. The GFW disrupts this on 5G networks to induce packet loss on fragmented circumvention traffic.
JA3/JA4 Fingerprinting
A hash of the TLS handshake parameters (cipher suites, extensions, elliptic curves) used to create a unique fingerprint for the software making a connection. The GFW maintains a database of known circumvention tool fingerprints.
Active Probing
A detection technique where the GFW identifies a suspected server and sends its own probe to verify. If the server responds with a valid VPN/proxy handshake, the IP is blacklisted.
BBRv3 Congestion Control
A TCP congestion control algorithm that estimates bandwidth and RTT rather than responding to packet loss. Critical for China routes where the GFW induces artificial packet loss.
GTP Tunneling (eSIM Roaming)
GPRS Tunneling Protocol — the mechanism that encapsulates roaming mobile data and routes it back to the home carrier's gateway outside of China, bypassing domestic firewall inspection.
Traffic Secure Gateway (TSG)
The GFW's next-generation deep packet inspection system deployed in 2025-2026. Uses AI-driven behavioral analysis for real-time application-layer proxying and automated protocol classification.
GFW Intelligence Team Protocol Analyst Consensus Lab Verified

Comparative protocol analysis measuring entropy profiles, active probing resistance, and JA4 fingerprint deviation across all major circumvention tools.

View Methodology | Transparency Report