A pluggable transport for Tor that disguises your connection as HTTPS traffic to a CDN or content delivery service, making it harder for network monitors to detect you're using Tor at all. Instead of connecting directly to Tor entry nodes, meek bounces your traffic through commercial HTTPS servers—typically fronting services like Amazon CloudFront or Google App Engine—so your ISP sees only encrypted requests to a mainstream CDN, not Tor handshakes.
Why it matters: meek defeats simple network-level censorship. Countries and ISPs that block known Tor IP addresses can't easily block CloudFront without nuking half the internet. Useful if you're on a network that inspects or throttles Tor directly, or in jurisdictions where Tor itself is flagged. The catch: you're trusting the CDN provider with metadata; meek trades direct Tor visibility for plausible deniability at the ISP level.
Technically, meek uses HTTP domain fronting, a technique where the TLS SNI and Host header point to different services. The CDN sees a request for its own services; the remote Tor bridge sees your actual traffic. Performance is slower than direct Tor (extra hop), and some CDN providers have begun deprecating domain fronting, so meek utility depends on what services still support it.