As Internet censors rapidly evolve new blocking techniques, circumvention tools must also adapt and roll out new strategies to remain unblocked. But new strategies can be time consuming for circumventors to develop and deploy, and usually an update to one tool often requires significant additional effort to be ported to others. Moreover, distributing the updated application across different platforms poses its own set of challenges. In this paper, we introduce $\textit{WATER}$ (WebAssembly Transport Executables Runtime), a novel design that enables applications to use a WebAssembly-based application-layer to wrap network transports (e.g., TLS). Deploying a new circumvention technique with $\textit{WATER}$ only requires distributing the WebAssembly Transport Module(WATM) binary and any transport-specific configuration, allowing dynamic transport updates without any change to the application itself. WATMs are also designed to be generic such that different applications using $\textit{WATER}$ can use the same WATM to rapidly deploy successful circumvention techniques to their own users, facilitating rapid interoperability between independent circumvention tools.

翻译：随着互联网审查机构迅速演进新型封锁技术，规避工具也必须相应调整并推出新策略以保持可访问性。然而，新策略的开发与部署通常耗时巨大，且一个工具的更新往往需要耗费大量额外工作才能移植到其他工具。此外，跨平台分发更新后的应用程序本身也构成一系列挑战。本文提出名为WATER（WebAssembly传输可执行运行时）的新型架构设计，使应用程序能够利用基于WebAssembly的应用层封装网络传输协议（如TLS）。通过WATER部署新型规避技术仅需分发WebAssembly传输模块（WATM）二进制文件及特定传输配置，无需修改应用程序本身即可实现传输协议动态更新。WATM同时被设计为通用化模块，不同使用WATER的应用程序可复用同一WATM快速向自身用户部署成功的规避技术，从而促进独立规避工具之间的快速互操作性。