Home » Glossary » Deep Packet Inspection

Deep packet inspection (DPI) is a technique that is used to examine the contents of internet traffic at a deeper level, beyond just the header information. DPI is typically used to enforce policies, monitor traffic for security purposes, or optimize network performance.

In 2012, both Iran and China began filtering encrypted internet traffic, specifically targeting The Tor Project’s anti-censorship, pro-privacy network; triggering The Tor Project to release their first public obfuscation work.
Other countries soon applied the same strategy – Ethiopia later in 2012, Syria in 2014, among many others. Earlier this year, the OONI project wrote about DPI being used in Iran to block Instagram. Privacy International tracks surveillance systems in their Transparency Toolkit; and Freedom House’s Freedom on the Net tracks both censorship and other limitations on net freedom.

There are several ways you can try to bypass or circumvent deep packet inspection (DPI), depending on the specific characteristics of the DPI and your needs:

  1. Use encryption: One option is to use encryption, such as SSL (Secure Sockets Layer) or TLS (Transport Layer Security), to encrypt your internet traffic. This can help to protect the contents of your traffic from being examined by DPI tools, as the traffic will be unreadable without the proper encryption keys.
    • Wireguard is designed to be resistant to DPI by using state-of-the-art cryptography and minimizing the amount of information that is transmitted in each packet. Wireguard packets are small and contain only the minimum amount of information needed to establish a secure connection. This makes it more difficult for DPI tools to examine the contents of Wireguard traffic and potentially identify it as a VPN.
    • Additionally, Wireguard uses a minimalist design that minimizes the attack surface and reduces the number of potential vulnerabilities that could be exploited by DPI tools. Wireguard is also designed to be easy to implement and deploy, which makes it easier for users to securely connect to the internet.
  2. Use a VPN: Another option is to use a VPN (virtual private network). VPNs work by encrypting internet traffic and routing it through a VPN server before it reaches its destination on the internet. This can help to protect your activity from being monitored or intercepted by third parties, including your ISP (internet service provider). In some cases, this encryption and routing may make it more difficult for DPI tools to examine the contents of your traffic, depending on the specific characteristics of the VPN and the DPI implementation.
  3. Use a proxy: A proxy is a server that acts as an intermediary between your device and the internet. Proxies can be used to mask your IP address and potentially bypass DPI, depending on the specific characteristics of the DPI and the proxy.
  4. Use a local DNS resolver: Some operating systems, such as Linux, allow you to use a local DNS resolver, which can help to prevent your ISP from seeing your DNS (Domain Name System) requests. A local DNS resolver is a software program that runs on your device and handles DNS requests locally, rather than sending them to a remote DNS server.

By using one of these methods, you may be able to bypass or circumvent deep packet inspection (DPI), depending on the specific characteristics of the DPI and your needs. It is important to note that these methods are not foolproof and may not provide complete protection against all forms of surveillance or tracking.