I am connecting with web browser (Chromium, Firefox) using socks5 proxy via local port opened by ssh -D <port> <host> (currently openssh 9.8).
Sometimes, I experience problems from the service in the other end, which do not occur otherwise.
Is it possible to say something general about whether the fact that an ssh proxy is being used and be fingerprinted and detected?
Generally, SOCKS should be transparent and look as if network packets really originated from the proxy server.
Of course, nothing is perfect – you can certainly timing-analyze things like TLS handshakes, and infer on how likely it is that the other side is really one and the same machine, or whether more network hops are happening than visible. And the whole HTTP1/2/3 + Websockets network stack being far from trivial, I can't imagine that there's not even definitive differences between the same browser "natively" connecting or setting up a SOCKS tunnel.
Whether the problems come from the fact that you're using a proxy and the other side noticing that, you having higher latency, or your proxy just happening to be in a blocked range in a few CDNs, for example: Impossible to tell at this height.
