Our philosophy

Recently there were inquiries about whether we have any political intentions or expectations in making this software. We would like to clarify about it.

We believe everybody should be able to access the information he wants to read as he wishes, without disruption or additional costs other than the standard fees for the ISP. We do not assume which kind of opinions one should bear upon reading this information, but we assume such rights of these readers: they shouldn’t be forced to open BBC Chinese or Falungong or a Chinese gov media page, when they try to attain the information they desire.

The developers in this project interacted with researchers from many different political parties, formal or informal, and received their support. We see this as a normal form of academic interactions in engineering designs, with no political preference.

We encourage, however, any party of any political positions, to popularize our software, if it supports our belief, or if it believes it can help to assuage the influence of its adversities. Yes, it’s better to be neutral and objective than partisan. Thus, the disssemination of our software by any party should not be seen as some connections between its political interest and ours.

ArkC V0.1.1

ArkC V0.1.1, is released on Nov.4 (UTC), 2015. It’s released under GNU GPL2.0.

Access it from our Download and Source Code page.

This release focuses on improving user experience by fixing several mistakes identified in ArkC V0.1.0.

Release Note:

In ArkC V0.1.1, ArkC proxy stability is improved.

This release includes:

  • More elegant process when a connection is interrupted expectedly or unexpectedly.

Testing service

We can provide testing service, free of charge, without explicit bandwidth or speed or time limit, with our ArkC software pack. Proper use required.

You can request a proxy service by sending an email with a 2048-bit RSA public key file to [email protected], and we’ll configure a service dedicated for you with full configuration files, usually in less than 24 hours.

First Stable Release of ArkC — ArkC V0.1.0

The first stable version of Project ArkC, ArkC V0.1.0, is released on Oct. 20 (UTC). It’s released under GNU GPL2.0.

Access it from our Download and Source Code page.

Before this stable release there were several pre-release in the past summer.

Release Note:

In ArkC V0.1.0, a secure, stable and optimized generic proxy, fundamentally proof to the traditional IP-blocking measures from the adversity, is provided.

The proxy features:

  • Pluggable with any proxy service accessible from the server side, which enables the connnection source IP to be flexible and the real server location to be private;
  • Secure with client and server identity authentication with public key and 256-bit AES for contents encryption;
  • Multiplexing with incoming proxy connections for performance as well as maximum performance;
  • Renewing connections continually.



For anybody interested in this project, you are welcomed to join our development. We’ve no specific entry expertise level, and usually you can help us with our work as our project is highly modularized.

Requirements (if I have to list):

  • Python, version 2 or 3.
  • Understand Public key encryption, symmetric encryption
  • Understand TCP/UDP
  • Understand DNS and DNSSEC
  • Can use Github

What is ArkC? Explore key ideas

ArkC & ArkC Network

Technology Overview — Original documents when our work started

Part A. ArkC Protocol

  1. Protocol Description

ArkC protocol includes various connection wrappers and both TCP and UDP transmission support. It transmits proxy traffic in the form of ordinary connections, using plug-ins called “wrapper”. When data is transmitted using TCP connections, it allows server to take the position to initialize connections, thus create a virtually reverse TCP connection. (Reverse-initialization)

During transmission, all the data should be encrypted, using various available algorithms.

  1. Protocol Features

Typical wrappers for ArkC protocol includes SMTP (MTA to MTA), SMTP (Client to Server), HTTP and etc. The abundance of wrappers makes it harder to detect and reset ArkC connections, or locate server IP addresses. In particular, the ordinary essence of wrapping protocols hides ArkC connections in ordinary (even essential) Internet service. Massive unstable Internet service conditions deter censurers from reset all suspicious connections.

The reverse-initialization feature, provides further tools for hiding server IP addresses. Since server may initialize a connection using Tor or other public proxies, censurers cannot discover the real server. Such feature is similar to Tor Hidden Service, but different in that the clients need not connect to the Tor network.

The feature of SMTP (MTA to MTA) makes obfuscation with third-party servers possible. Mail servers and Web servers are both decentralized.

3. Shortcomings

Various features of ArkC protocol depends on client and server network conditions. Considerable number of family users are behind NAT and unless preset, incoming TCP requests can’t be answered. However, UDP-pouching may be used instead.

It probably can be solved using ArkC Network, though.

Wrappers and encryption may delays the connection speed, especially when initializing a new connection. Buffer and heartbeat maybe implemented so that connections can be smoother.



Part B. ArkC Network

  1. Description

The ArkC network is composed of users (clients) within censored countries (e.g. China Mainland) and servers in uncensored countries or uncensored Internet environment. It is a centered network with certain trusted authorities.

The ArkC network provides geographically optimized connections and ensure that users behind NAT can access to ArkC servers abroad. Optimized proxy connections may yield higher speed that direct connections in certain ISP environments.

The ArkC network further helps to conceal real IPs of overseas ArkC servers, making it harder to block them. Owner of those server can more confidently set up an ArkC network daemon, without worrying that there server may be blocked.

  1. Features

Central authority servers determine that fastest route for clients of the network to send/receive data from overseas servers. Static contents may be buffered to increase its speed. [Encryption may be compromised, though.]

Nodes of the network in censored countries interact with overseas servers, using reversed connections. Those nodes also listen to connection from other domestic clients. Relay between those nodes may be implemented to conceal origin IP (similar to Tor). Clients behind NAT only connects to domestic nodes, using standard encrypted TCP connections. Censorship of all internal traffic is extremely costly and hard to deploy.

  1. Detailed Structure & Technologies

Clients and nodes use DNS query to locate other nodes. DNS authority is set to certain authority servers with global DNS relay.

CDN network and “Attached Freedom” principle helps to make authority servers available to users. Authority servers allocate routes and receive reports only, thus transmission between them and users are trivial.

ICMP (Ping) protocol maybe used to ensure connection between domestic users and authority servers.

The authority servers need to deliver commands of obfuscation, start SMTP traffic or internal relay data.

The authority servers need to assess the conditions of each nodes, and enforce continual audit. (Refer to Tor project)

  1. Shortcomings

Domestic nodes are often unreliable. The regime may use MITM attacks for origin server IPs.

Host of domestic nodes may be threatened with imprisonment or persecution.


ArkC Network