Published on: May 24, 2023
TunnelBear, the consumer VPN company with a strong reputation in the cybersecurity community, released a new feature aimed at helping its VPN beat censorship programs around the world.
The name of this new feature is Encrypted Client Hello (ECH), a first-of-its-kind technology that protects the company’s backend infrastructure from government censorship software — allowing it to seem as if you’re not using a VPN or accessing censored websites.
What it does is actually pretty simple! It’s an addition to the TLS protocol that TunnelBear uses to keep your data secured. Normally, the name of the website you’re attempting to access was written in plain text, allowing advanced censorship software to prevent access, even through a VPN.
ECH encrypts the name of the website during the “TLS handshake” (which authenticates key parts of the exchange while using a VPN and visiting censored websites) so that the name isn’t visible during the authentication process. Ideally, this helps you connect to more restrictive websites using your VPN.
That said, it isn’t perfect. According to a post by TunnelBear, the app is still in development.
“Since ECH is still in its infancy, documentation and dev support are sparse. We’ve had to do a lot of testing against Cloudflare’s implementation to try and verify our results,” TunnelBear said. “We have found that in countries where ECH is enabled for users, it increases the likelihood that these API requests are successfully made by approximately 20%.”
The manual testing significantly stalled the development and forced them to reapproach their strategy. While it’s still a new technology, its effectiveness has been quite notable. Everyone wants the perfect tool against censorship, but it simply doesn’t exist yet. Plus, a 20% bonus to beating censorship by modifying a single step of the TLS handshake interaction is a massive step in the right direction.