Who knows? The behaviour I've observed suggests it may, but it's such an opaque system that it's hard to know.
For example, there's suggestions that people have had better success if they're sending HTTP obfuscated data to an endpoint that also responds to HTTP requests. The implied situation here is that the GFW might see mass HTTP data to an IP, then try to query it itself. If it gets no results, it's probably not a HTTP server but rather obfuscated VPN data. It'll then choose to drop or aggressively throttle data to that IP.
In my experience, I've had a VPN go more or less dead for a couple of days after about 30 days of use, before recovering after I leave it for a bit. In the interim, I can spin up a second IP and be fine on that one. That said, it was also to a streisand instance, which does respond to a HTTP(S) request on the IP, so maybe this heuristic wasn't my tell.
So maybe I was instead picked up because I globally routed all traffic directly at one IP and never went outside that. Others have suggested success on keeping VPNs active longer if they occasionally browse directly to random sites, so that the GFW sees their IP accessing a multitude of sites and therefore doesn't look as much like all data is going to a single IP. I've not had any noticeable anecdata to go either way on this.
The reality is, no one trying to jump the GFW truly knows how the GFW does its DPI. Moreover, as a reply said to my original post, the GFW isn't a single entity and differs across cities and regions in China.
For example, there's suggestions that people have had better success if they're sending HTTP obfuscated data to an endpoint that also responds to HTTP requests. The implied situation here is that the GFW might see mass HTTP data to an IP, then try to query it itself. If it gets no results, it's probably not a HTTP server but rather obfuscated VPN data. It'll then choose to drop or aggressively throttle data to that IP.
In my experience, I've had a VPN go more or less dead for a couple of days after about 30 days of use, before recovering after I leave it for a bit. In the interim, I can spin up a second IP and be fine on that one. That said, it was also to a streisand instance, which does respond to a HTTP(S) request on the IP, so maybe this heuristic wasn't my tell.
So maybe I was instead picked up because I globally routed all traffic directly at one IP and never went outside that. Others have suggested success on keeping VPNs active longer if they occasionally browse directly to random sites, so that the GFW sees their IP accessing a multitude of sites and therefore doesn't look as much like all data is going to a single IP. I've not had any noticeable anecdata to go either way on this.
The reality is, no one trying to jump the GFW truly knows how the GFW does its DPI. Moreover, as a reply said to my original post, the GFW isn't a single entity and differs across cities and regions in China.