As Internet censors rapidly evolve new blocking techniques, circumvention tools must also adapt and roll out new strategies to remain unblocked. But new strategies can be time consuming for circumventors to develop and deploy, and usually an update to one tool often requires significant additional effort to be ported to others. Moreover, distributing the updated application across different platforms poses its own set of challenges. In this paper, we introduce $\textit{WATER}$ (WebAssembly Transport Executables Runtime), a novel design that enables applications to use a WebAssembly-based application-layer to wrap network transports (e.g., TLS). Deploying a new circumvention technique with $\textit{WATER}$ only requires distributing the WebAssembly Transport Module(WATM) binary and any transport-specific configuration, allowing dynamic transport updates without any change to the application itself. WATMs are also designed to be generic such that different applications using $\textit{WATER}$ can use the same WATM to rapidly deploy successful circumvention techniques to their own users, facilitating rapid interoperability between independent circumvention tools.

翻译：随着互联网审查机构快速演进新型封锁技术，规避工具也必须随之调整并推出新策略以保持可访问性。然而，新策略的开发和部署对规避工具开发者而言往往耗时巨大，且通常一个工具的更新需要投入大量额外工作才能移植到其他工具。此外，跨平台分发更新后的应用程序同样面临独特挑战。本文提出$\textit{WATER}$（WebAssembly传输可执行运行时）这一创新设计，使应用程序能够通过基于WebAssembly的应用层封装网络传输协议（如TLS）。采用$\textit{WATER}$部署新型规避技术时，仅需分发WebAssembly传输模块（WATM）二进制文件及传输特定配置，即可在不修改应用程序本身的情况下实现动态传输更新。WATM的设计具有通用性，使用$\textit{WATER}$的不同应用程序可利用相同WATM快速向其用户部署成功的规避技术，从而促进独立规避工具之间的快速互操作。