Practical guidance lives on the wiki. For deployment, hardening, and the "should we run this?" decision, see Irregularpedia: VLESS / Xray Deployment Guide. This series is for raw research — maintainer identities, fork drama, and unverified-but-plausible connections that we deliberately don't put in the deployment guide.
VLESS is the proxy protocol used by Xray-core, itself a 2021 fork of V2Ray. It's the strongest active-probe-resistant censorship-circumvention tool in widespread community use as of mid-2026.
It is also a project with a non-transparent maintainer set, a contested fork history, and a community that has spent the last four years arguing about who is actually behind it. If you're running VLESS in production, the supply-chain question matters as much as the cryptography. This series collects what we've been able to verify, what we suspect, and what's purely community rumour — clearly labelled in each case.
Epistemic register
Each post tags every claim with one of:
- Verified — directly observable in commits, releases, or publicly archived discussions. Linked.
- Circumstantial — multiple independent signals pointing the same way, no smoking gun.
- Community speculation — widely repeated in the Telegram / Reddit / GitHub-issue ecosystem, not independently verifiable.
- Author guess — our own theory, called out as such.
If you find a verifiable claim mislabelled, or a "verified" claim that turns out not to be, please open an issue against the Field Notes repo — these posts get updated.
Parts
- VLESS Maintainer Analysis: Victoria Raymond, RPRX, and mmmray — the identity-overlap question. Coding style, timezone clustering, project-overlap evidence, and the counterpoints.
- The Xray Fork Drama — why V2Ray was forked in 2021, the license-and-attribution fight, the AGPL question, and what's left of the original team.
Why this matters
If you're deploying VLESS in a hostile network, you're betting your egress traffic on:
- The cryptography (mostly fine — REALITY is a strong protocol).
- The implementation (one or two humans, no organisation, occasional force-pushes).
- The supply chain (binaries on GitHub Releases, GitHub-Actions-signed, no detached GPG).
The cryptography is the easy part. The other two are why this series exists.
Related on the wiki
- VLESS / Xray Deployment Guide — the actionable companion. Config snippets, hardening checklist, when to pick Sing-box instead.
- VPN Recommendation — where VLESS sits alongside Mullvad, WireGuard, and Tor.
- WireGuard in Containers — the right answer when your threat model is privacy, not censorship.
0 Comments
Log in to comment