As Internet censors rapidly evolve new blocking techniques, circumvention tools must also adapt and roll out new strategies to remain unblocked. But new strategies can be time consuming for circumventors to develop and deploy, and usually an update to one tool often requires significant additional effort to be ported to others. Moreover, distributing the updated application across different platforms poses its own set of challenges. In this paper, we introduce WATER (WebAssembly Transport Executables Runtime), a novel design that enables applications to use a WebAssembly-based application-layer (e.g., TLS) to wrap network connections and provide network transports. Deploying a new circumvention technique with WATER only requires distributing the WebAssembly Transport Module(WATM) binary and any transport-specific configuration, allowing dynamic transport updates without any change to the application itself. WATMs are also designed to be generic such that different applications using WATER can use the same WATM to rapidly deploy successful circumvention techniques to their own users, facilitating rapid interoperability between independent circumvention tools.

翻译：摘要：随着互联网审查机构迅速进化出新型封锁技术，规避工具也必须同步适应并推出新策略以维持可访问性。然而，新策略的开发和部署往往耗费规避方大量时间，且通常对某一工具的更新需要耗费大量额外工作才能移植至其他工具。此外，跨不同平台分发更新后的应用程序本身亦构成一系列挑战。本文提出WATER（WebAssembly传输可执行运行时）这一创新设计，使应用程序能够利用基于WebAssembly的应用层（如TLS）封装网络连接并提供网络传输能力。使用WATER部署新型规避技术仅需分发WebAssembly传输模块（WATM）二进制文件及特定传输配置，即可在不修改应用程序本身的前提下实现动态传输更新。WATM的设计具有通用性，使得采用WATER的不同应用程序可复用同一WATM，快速向其用户部署成功的规避技术，从而促进独立规避工具间的快速互操作。