openlibrecommunity

openlibrecommunity/olcrtc

Go WTFPL Security Single maintainer risk

olcrtc - implementation of bb22 using legal meet services to access web outside the whitelist

1.7k stars
129 forks
active
GitHub +64 / week

1.7k

Stars

129

Forks

2

Open issues

22

Contributors

AI Analysis

olcRTC is a TCP-over-WebRTC tunnel that disguises network traffic as legitimate video calls on whitelisted services (Jitsi, Yandex Telemost, WbStream), using XChaCha20-Poly1305 encryption and smux multiplexing. It is purpose-built for users in restrictive network environments who need to circumvent whitelist-based internet filtering; it is not a general-purpose VPN and requires manual setup with pre-shared keys and service provider awareness.

Security Security Tool Discovery value: 7/10
Documentation 8/10
Activity 10/10
Community 7/10
Code quality 5/10

Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.

Overall score 7/10

AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.

webrtc-tunnel circumvention-tool encryption network-filtering tcp-proxy
Actively maintained Well documented Niche/specialized use case
Deep Analysis · Based on README and public signals
2w ago

Circumvention tool using WebRTC over whitelisted meeting services to bypass network filtering in Russia

olcRTC is a Go-based TCP-over-WebRTC tunnel that disguises traffic as video calls on legitimate services (Jitsi, Yandex Telemost, WbStream) to evade network blocking. Built for users in censored environments, it encrypts traffic with XChaCha20-Poly1305 and multiplexes over WebRTC channels. The project reached ~1,600 stars in 2.5 months with strong recent momentum (50 stars in 7 days as of June 2026), indicating adoption among circumvention-aware communities, though real-world deployment scale remains unverified.

Origin

Created April 2026 by openlibrecommunity, likely in response to ongoing Russian network restrictions. The approach leverages existing legal meeting infrastructure as a transport layer—a technique that mirrors earlier whitelist-bypass patterns but applies WebRTC SFU tunneling at scale.

Growth

Project gained 1,576 stars in approximately 2.5 months with accelerating weekly growth (50 stars/week recently). This velocity suggests rapid adoption within circumvention-focused communities and technical audiences familiar with network bypass techniques. Growth appears driven by timeliness (fresh solution to active censorship), accessible Go implementation, and multi-platform support (Linux, macOS, Windows, Android).

In production

Adoption not verified. README references a community UI client (alananisimov/olcbox) and Telegram contact channels, suggesting informal user community, but no documented case studies, deployment counts, user testimonials, or organizational adoption. Real-world usage may exist but remains opaque by design (expected for circumvention tools operating in restricted regions).

Code analysis
Architecture

Based on README: encrypted TCP-over-WebRTC tunnel using SOCKS5 proxy interface. Traffic routed through SFU (Selective Forwarding Unit) meeting services with three transport options (datachannel, VP8 video, SEIC, raw video). XChaCha20-Poly1305 encryption applied end-to-end; smux multiplexing over WebRTC data/video channels. Architecture appears designed to mimic legitimate video conferencing to evade DPI (deep packet inspection). Likely embeddable as Go library; cross-platform via gomobile for Android.

Tests

Not documented in README. No mention of test suite, CI/CD pipeline, or validation procedures.

Maintenance

Last push 2026-06-27 (2 days before evaluation date), indicating active, recent development. However, project is only ~3 months old; 'active' status must be contextualized against its youth. Early-stage maintenance patterns cannot reliably predict long-term sustainability. Issue tracker referenced in README suggests developer responsiveness, but no public metrics on response time or issue volume available.

Honest verdict

ADOPT IF: you operate in a censored region where mainstream circumvention tools are blocked, require platform diversity (Linux/macOS/Windows/Android), and trust the WTFPL license and rapid development cycle. AVOID IF: you require production-grade stability guarantees, long-term vendor support, extensive documentation, or audited security. MONITOR IF: you are researching circumvention techniques, WebRTC tunnel design, or Russian internet policy—this project represents a meaningful technical approach but maturity and sustainability remain unproven.

Independent dimensions

Mainstream potential

2/10

Technical importance

6/10

Adoption evidence

3/10

Risks
  • Project is beta-stage and only ~3 months old; insufficient time to identify reliability issues, breaking changes, or design flaws.
  • Adoption scale unverifiable; real-world deployment count, failure rates, and performance under load unknown; community reports anecdotal only.
  • Whitelisted services (Jitsi, Yandex Telemost, WbStream) may block or alter detection as they discover tunnel usage; no documented mitigation strategy for service provider countermeasures.
  • Security audit status not mentioned; encryption implementation (XChaCha20-Poly1305) appears sound in theory but code-level implementation quality cannot be verified from README.
  • WTFPL license may introduce legal ambiguity in some jurisdictions; no formal security policy or responsible disclosure process documented.
Prediction

Project likely to sustain niche adoption within circumvention-aware communities for 12–24 months. Risk of rapid obsolescence if whitelisted services implement detection/blocking. May inspire derivative projects or be forked if original development slows. Mainstream adoption unlikely due to domain constraints (legal/political), but technical relevance probable within specialized security/censorship-resistance communities.

0 found this helpful

Newsletter

Get analyses like this every Monday

Free weekly digest of the most interesting open-source discoveries.

Languages

Go
92.2%
Python
5.2%
Shell
2.6%

Information

Language
Go
License
WTFPL
Last updated
4d ago
Created
3mo ago
Analyzed with
anthropic/claude-haiku-4-5

Stars over time

Loading…

Contributors over time

Top 100 contributors only — repos with more will plateau at 100.

Loading…

Recent releases

No releases published yet.

Similar repos

kulikov0

kulikov0/whitelist-bypass

This project tunnels internet traffic through video calling platforms (VK Call,...

1.5k Go Security
lynckia

lynckia/licode

Licode is an open-source WebRTC communication platform that enables developers...

3.1k C++ Media
AlexxIT

AlexxIT/go2rtc

go2rtc is a standalone streaming application that acts as a unified protocol...

13.4k Go IoT
pion

pion/webrtc

Pion WebRTC is a pure Go implementation of the WebRTC API, enabling real-time...

16.6k Go Media
cacggghp

cacggghp/vk-turn-proxy

This Go-based tool tunnels WireGuard/Hysteria traffic through VK call TURN...

3.9k Go Security
vs. alternatives
pion/webrtc (16,593 stars)

Lower-level WebRTC library; olcRTC builds tunneling application on top of libraries like this. Different layers of abstraction; pion is foundation, olcRTC is end-user tool.

kulikov0/whitelist-bypass (1,478 stars)

Similar domain (whitelist evasion in Go) with comparable star count. olcRTC is more recent and offers WebRTC-based transport versus likely earlier HTTP/DNS tunneling techniques. Direct category competition at similar maturity/adoption levels.

cacggghp/vk-turn-proxy (3,857 stars)

TURN proxy for circumvention; olcRTC uses SFU meeting services instead of TURN infrastructure. Different evasion mechanism; vk-turn-proxy likely more stable/established given higher stars and earlier creation.

go2rtc (13,313 stars)

WebRTC media server for streaming/proxying; olcRTC uses WebRTC as transport tunnel. go2rtc is general-purpose media infrastructure; olcRTC is specialized for circumvention.

lynckia/licode (3,136 stars, C++)

SFU/WebRTC conferencing backend; olcRTC parasitizes on existing SFU services rather than operating its own infrastructure. Licode is server-side, olcRTC is client-side tunnel application.