Great initiative, but why not just use HTTP or SOCKS?

[n8fr8]

This is an excellent step forward by WhatsApp/Meta team in supporting built-in circumvention capabilities in your app.

I'm just curious why you wouldn't support a standardized proxy protocol like HTTP Connect or SOCKS? This would allow interoperability of proxying with any standard proxy server, as well as on-device proxy services like Orbot (Tor for Android, which I'm the lead developer on).

I know Signal took this same path of rolling their own proxy solution, so perhaps that was your inspiration?

Thanks for this effort - I know it will get a lot of use, but we'd also love to be able to directly support proxying on mobile devices through Tor and other existing circumvention networks and solutions.

[mam4dali]

This proxy is for countries that have restrictions and filtering on their internet Standard protocols are completely blocked in those countries like Iran or China Of course, a built-in proxy with Tor is a good idea But these are also usually blocked in the above countries

[n8fr8]

I understand that @mam4dali and was more asking for additional support for an interoperable method for circumvention to on-device proxy services like Orbot. This means Meta/WhatsApp doesn't have to keep up with the arms race on their own, and can work with the broader community of researchers and developers working on these challenges.

Regardless, we can already proxy WhatsApp through Tor using VPN features on Android and iOS, and with the addition of the Snowflake protocol, this works well enough in Iran and China.

[slawlor]

Hello @n8fr8! Essentially the tl;dr; answer is that our protocol isn't http. Similar to Signal, we have a specialized communication channel which is really an encrypted TCP socket. This proxy implementation uses the Proxy Protocol to add that "header" to the TCP session, but there is no notion of HTTP headers in our protocol. We could try and tunnel it eventually to mimic HTTP but that might be a future investigation.

SOCKS is a potential option, but would require greater changes in the client to support going forward. It is an option being discussed however

[n8fr8]

Fantastic response, and thanks!

[fischerdouglas]

+1 to use Socks5+HTTP-Proxy...

Considering the timestamps of the releases on this repository and on the APP Stores, I guess that this is more related to political issues (A.K.A. Layer9 of OSI Model) than to technical matters. If it is, please receive my compliment.

I worked a lot with corporative and enterprise networks, dealing with firewalls and proxy. Mostly related to DLP tools. Whatsapp certainly wasn't a friend of those solutions.

I suggest reviewing the option of a self-deployed solution. IMHO creating a new method/protocol can be a helpful solution now but will become an eternal son to be taken care of.

Arguments in prol of Socks5+HTTP-Proxy:

• The actual method will not deal with the Web Proxy Auto Discovery that can be deployed by DHCP or DNS using PAC file.
• I believe that the answers of how to also deliver the attachments can be found on Socks5 and/or HTTP-Proxy. (And with UDP, maybe also the media of the calls.)
  • Several projects of UTMs and small firewalls already have it embedded on them. Becoming very-very easy common persons deploy it.

Congrats and thanks in advance.