Stealth protocols (also called obfuscated VPN protocols, anti-DPI protocols) are VPN protocol variants designed to disguise VPN traffic as ordinary HTTPS or other allowed traffic, defeating Deep Packet Inspection (DPI) blocking. Used in censorship-heavy jurisdictions (China, Iran, Russia, Turkmenistan, several others) where standard WireGuard and OpenVPN traffic is identifiable and blocked at the network layer. Implemented by Mullvad (Stealth on Mullvad VPN), Proton VPN (Stealth protocol), V2Ray family, Shadowsocks variants, and several others.
What it means in practice
The technical challenge: standard WireGuard has a recognizable handshake fingerprint, OpenVPN over standard ports has documented DPI signatures, and the Great Firewall of China and equivalent infrastructure use these signatures to block VPN traffic. Stealth protocols address this through several techniques: tunneling the VPN traffic inside an HTTPS tunnel (so the network sees ordinary TLS traffic), using protocol fingerprints that match popular content delivery networks (Cloudflare, Akamai), or using protocols specifically designed for protocol-fingerprint resistance (V2Ray’s VMess and VLESS, Shadowsocks, Outline). The cat-and-mouse dynamic is structural: the censorship operator updates DPI signatures as new stealth protocols emerge, and the VPN providers iterate the protocols to stay ahead. The 2024-26 environment includes documented cycles of Mullvad Stealth and Proton Stealth being blocked and updated to restore connectivity in heavily-censored jurisdictions.
Where it shows up
Used in: China (the Great Firewall is the most sophisticated DPI blocking infrastructure in the world; standard VPN protocols are blocked, stealth protocols cycle in effectiveness), Iran (significant DPI infrastructure with periodic blocking waves around political events), Russia (since 2022, increasing DPI deployment with VPN-protocol blocking; Mullvad and Proton have both reported access challenges), Turkmenistan and a small set of other heavily-censored jurisdictions, and the operational reality that travelers and residents in these jurisdictions need stealth-protocol capability to maintain VPN connectivity. The Predaxia operational frame: stealth protocols are a specialized capability that most readers do not need; for the population that does (operators traveling to or residing in censorship-heavy jurisdictions), the capability is the difference between maintaining VPN protection and losing it entirely.
What you can change today
If you operate in or travel to censorship-heavy jurisdictions, three preparations. First, choose a VPN provider with strong stealth-protocol support: Mullvad (Settings, VPN settings, Tunnel protocol, Stealth or WireGuard with bridge), Proton VPN (Settings, Connection, Protocol, Stealth), or specialized providers like Astrill that have invested heavily in China-specific connectivity. Second, configure the stealth mode in advance, before travel: the in-jurisdiction provisioning experience may be hostile (download blocked, account-creation blocked) so the configuration should exist before arrival. Third, awareness that stealth protocols are higher-overhead and slower than standard WireGuard; performance is worse, but functioning protected connectivity is the goal in this category. For ordinary travel and ordinary use cases, stealth protocols are unnecessary and standard WireGuard is the operational answer.
