Shadowsocks vs SOCKS5: What are they and why do you need them?

Security on a computer screen
(Image credit: Pexels)

Despite your best efforts to stay online, bad actors such as hackers and rogue governments can try to access your personal data online.

In the first instance, they may do this by tracing you via your IP address to discover your location. They may also analyze your web traffic to find out what sites and applications you’re using.

One great way to stay safe online is through using some of the best VPN services out there, which can establish a secure encrypted tunnel to keep your web traffic safe. Still, some free VPN services can’t be trusted, as they may be selling your personal data or force you to watch ads in order to access their servers. 

Some may not be able to access a reliable, trustworthy VPN - either due to budget or government censorship laws. Using a VPN may also be overkill if you’re not trying to conceal your web traffic - for example, changing your IP address and using a streaming VPN to access geo-restricted platforms like Netflix from outside your home country.

This is where SOCKS5 can come in useful.

What is SOCKS5? 

SOCKS5 is a more secure version of the SOCKS internet protocol, which is designed to route traffic from a “client” device through a proxy server. This allows the client to authenticate itself with the server, either through using a username and password or via an API.

VPNs do make use of SOCKS5 proxies, as they’re a very easy way to hide your IP address. Once your device connects to a SOCKS5 proxy it will randomly generate an IP address, then forward your traffic from there. From then, on any bad actors monitoring your connection will only be able trace it back as far as the proxy.

This makes it much easier to conceal your true location and if the proxy is located in a different country you may be able to access certain location-specific services such as video streaming or news sites. Doing this via a SOCKS5 proxy can also be much faster than using a VPN, as there are no multiple layers of encryption to go through.

However this is also a weakness of SOCKS5, as the protocol doesn’t encrypt your traffic. This means anyone with access to your connection records will still see which sites you’ve visited, which applications you’re using and any data you’ve sent which is in “the clear”. This is less than ideal for people who want to keep their web data private, particularly those living in countries where the Internet is censored. 

This is where Shadowsocks comes in.

What is Shadowsocks? 

Shadowsocks is a free and open source internet encryption protocol. It operates in much the same way as SOCKS5 in that it can act like a traditional server and provide proxy services.

Still, Shadowsocks is not in itself a proxy server. But it offers a way to connect securely to existing SOCKS5 proxies.

This allows you to have the best of both worlds. Your IP address remains concealed, and so does your traffic. This makes it very difficult to detect specific websites or apps you’re using. Shadowsocks also offers granular control, meaning you can use it only for specific services, such as accessing western news outlets’ websites.

Anyone with access to the connection of Shadowsocks’ users would only detect regular HTTPS web traffic even when using advanced monitoring techniques such as deep packet inspection. Traffic is encrypted using AEAD (Authenticated Encryption with Associated Data) ciphers. 

This gives Shadowsocks an advantage over VPNs for people living in countries which censor the internet. Whilst many such countries ban VPNs from devices’ app stores, anyone can download and set up the Shadowsocks client.

This may be why the original developer codename “clowwindy” was contacted by the Chinese government and ordered to pull the code for the Shadowsocks client and server from Github. Still, others have reposted the code on Github and made it available in other programming languages such as Rust and Python.

Which is better: SOCKS5 or Shadowsocks? 

The real goal of using Shadowsocks or a SOCKS5 Proxy on its own is to keep your IP address safe without making it obvious you’re trying to conceal your web traffic. 

This can be an advantage in jurisdictions where it’s difficult (or even impossible) to use a virtual private network without risk of punishment for trying to conceal your web traffic. Whether secured by Shadowsocks or now, a SOCKS5 proxy also provides a cheaper alternative to VPNs when budgets don’t stretch that far. 

Still, neither Shadowsocks nor SOCKS5 can offer you the same level of security and privacy as a VPN. In the first instance, VPNs encrypt all web traffic automatically and usually allow you to select from a variety of VPN servers. You can also use VPNs to share network resources, effectively allowing remote computers to act together as a LAN (local area network). This isn’t supported by Shadowsocks or SOCKS5.

Unlike Shadowsocks, some services include a VPN kill switch, which stops all internet traffic if a secure connection isn’t established or drops out during use. This stops users from going online unaware that their traffic is no longer protected.

While VPN protocols can’t in themselves disguise the fact that you’re using one, you can still reduce the risk of this being detected. 

The simplest way to do this is through using a VPN with a dedicated IP address. This provides some of the same advantages of using a SOCKS5 proxy, as there’s no risk you’ll be banned/blocked from a service due to someone else misusing your IP address. Some websites also block known IP addresses for VPNs, which is less likely to happen if you’ve a dedicated IP. 

If your VPN supports the Wireguard protocol, you can employ VPN obfuscation technology and help resist deep packet inspection by combining it with Shadowsocks.  

Nate Drake is a tech journalist specializing in cybersecurity and retro tech. He broke out from his cubicle at Apple 6 years ago and now spends his days sipping Earl Grey tea & writing elegant copy.