June 14, 2025

End of the Awala project

By Gus Narea (Awala architect and Relaycorp CEO).

It’s with a heavy heart that I announce the end of Awala and its ancillary projects, like Letro and VeraId, due to lack of funding.

Getting to work on circumventing Internet censorship with the Internet Freedom community was a great honour. I’m very grateful for the support we received and getting to know the lovely, dedicated people in the community — I wish you all the very best, especially as we navigate the uncertain times ahead.

Those uncertain times are partly what make this decision so difficult. I’m deeply concerned about the future of Internet censorship. Despite the generous support of the US Government, Internet freedom had been in decline for 14 consecutive years until 2024. With the US almost single-handedly funding Internet freedom initiatives, it’s clear that the recent funding cuts will cement the decline for many years to come — especially as other countries are yet to fill the gap.

On a more technical note, I’m also concerned about the impact that this will have on the R&D needed to fend off emerging threats. Two challenges in particular were top of mind for me whilst extending Awala to implement a VPN, and I wish to draw attention to them as I’d love to see further development in these areas:

• Enumeration attacks. Proxy-based circumvention tools, such as Tor and VPNs, have to share each of their servers with multiple users, so an attacker can enumerate (and subsequently block) such servers simply by signing up for the service.

  This is a very difficult problem to solve, especially for a free, privacy-preserving service like Tor, which can’t charge as a means to mitigate enumeration attacks or use SMS verification to prevent abuse. Check out their announcement of Rdsys to learn how they’re mitigating this.

  In the Awala VPN, I made the difficult decision to prioritise enumeration attack mitigation at the expense of charging for the service (coupled with the sharding of proxies to strengthen the mitigation).

  I think these approaches carry significant disadvantages, and I’d like to believe that there’s a better solution waiting to be discovered — maybe something that uses social graphs.

• Interruption of long-lived connections. This attack is not new at all, but censors have generally employed it in a very limited way given the collateral damage it causes (or due to technical limitations on their end). Unfortunately, in a future where censorship continues to get worse, I fear that the potential collateral damage will become increasingly acceptable.

  Given the way Internet apps work, this is nothing short of the Achilles heel of all proxy-based circumvention tools. Migrating to UDP/QUIC won’t provide the necessary resilience, so we’re going to have to change the end user apps, including their UX, to effectively adopt delay-tolerant networking — like Awala network does, but only using the Internet (no couriers needed).

See The future of Internet censorship and Awala’s role if you’d like to learn more about the challenges I worry about.

Meanwhile, the need for effective circumvention tools has never been greater.