GoKawiilAroma: Every TCP Proxy Is Detectable With RTT Fingerprinting
Important Aroma does not use any kind of IP intelligence information, although IP intelligence information can be used to complement Aroma.
Currently the score needed for detection is very low to avoid false positives, so even if it doesn't detect the proxy it may give a low score (0.3-0.1 is very low but does not flag as proxy).
The current code is not ready for production, it's just to prove a point.
Aroma does not currently detect VPNs or any kind of proxy which isn't a TCP Proxy, Aroma may detect VPNs that use TCP Proxying and the techniques used in Aroma are not limited to TCP and can be applied to other kinds of proxies, but for simplicity and technical reasons (there are variables of the connection that Fastly does not expose to me).
A demo of Aroma detecting Cloudflare WARP (higher score is better):
Note I have to admit I was a bit surprised that Aroma was detecting WARP, since I thought it was a VPN, but apparently it acts like a UDP => TCP proxy. If Aroma doesn't detect your VPN, that's normal and means your VPN is doing Layer 3 proxying. If your VPN is detected it's doing Layer 4 proxying (some privacy VPNs do this on web ports for privacy reasons).
Demo
If you want to check out Aroma for yourself, you can go to:
https://aroma.global.ssl.fastly.net/.
... continue reading