Update README.md

README.md

@@ -2,6 +2,10 @@
 
 **Telemt** is a fast, secure, and feature-rich server written in Rust: it fully implements the official Telegram proxy algo and adds many production-ready improvements such as connection pooling, replay protection, detailed statistics, masking from "prying" eyes
 
+💥 The configuration structure has changed since version 1.1.0.0, change it in your environment!
+
+⚓ Our implementation of **TLS-fronting** is one of the most deeply debugged, focused, advanced and *almost* **"behaviorally consistent to real"**:  we are confident we have it right - [see evidence on our validation and traces](#recognizability-for-dpi-and-crawler) 
+
 # GOTO
 - [Features](#features)
 - [Quick Start Guide](#quick-start-guide)
@@ -119,6 +123,10 @@ then Ctrl+X -> Y -> Enter to save
 ## Configuration
 ### Minimal Configuration for First Start
 ```toml
+# === UI ===
+# Users to show in the startup log (tg:// links)
+show_link = ["hello"]
+
 # === General Settings ===
 [general]
 prefer_ipv6 = false
@@ -193,10 +201,6 @@ weight = 10
 # address = "127.0.0.1:9050"
 # enabled = false
 # weight = 1
-
-# === UI ===
-# Users to show in the startup log (tg:// links)
-show_link = ["hello"]
 ```
 ### Advanced
 #### Adtag
@@ -244,10 +248,26 @@ enabled = true
 
 ## FAQ
 ### Recognizability for DPI and crawler
-Since version 1.1, we have debugged masking perfectly, for all clients without "presenting" a key, 
+Since version 1.1.0.0, we have debugged masking perfectly: for all clients without "presenting" a key, 
-we transparently direct traffic to the target host. 
+we transparently direct traffic to the target host!
-- We consider this a breakthrough aspect, which few people managed to achieve in perfect form.
+
-- Based on this: if configured correctly, **TLS mode is completely identical to real-life handshake + communication** with a specified host:
+- We consider this a breakthrough aspect, which has no stable analogues today
+- Based on this: if `telemt` configured correctly, **TLS mode is completely identical to real-life handshake + communication** with a specified host
+- Here is our evidence:
+    - 212.220.88.77 - "dummy" host, running `telemt`
+    - `petrovich.ru` - `tls` + `masking` host, in HEX: `706574726f766963682e7275`
+    - **No MITM + No Fake Certificates/Crypto** = pure transparent *TCP Splice* to "best" upstream: MTProxy or tls/mask-host:
+      - DPI see legitimate HTTPS to `tls_host`, including *valid chain-of-trust* and entropy
+      - Crawlers completely satisfied receiving responses from `mask_host`
+  #### Client WITH secret-key accesses the MTProxy resource:
+  
+  <img width="360" height="439" alt="telemt" src="https://github.com/user-attachments/assets/39352afb-4a11-4ecc-9d91-9e8cfb20607d" />
+  
+  #### Client WITHOUT secret-key gets transparent access to the specified resource:
+    - with trusted certificate
+    - with original handshake
+    - with full request-response way
+    - with low-latency overhead
 ```bash
 root@debian:~/telemt# curl -v -I --resolve petrovich.ru:443:212.220.88.77 https://petrovich.ru/
 * Added petrovich.ru:443:212.220.88.77 to DNS cache
@@ -314,6 +334,8 @@ Keep-Alive: timeout=60
 * Connection #0 to host petrovich.ru left intact
 
 ```
+- We challenged ourselves, we kept trying and we didn't only *beat the air*: now, we have something to show you
+  - Do not just take our word for it? - This is great and we respect that: you can build your own `telemt` or download a build and check it right now
 ### Telegram Calls via MTProxy
 - Telegram architecture **does NOT allow calls via MTProxy**, but only via SOCKS5, which cannot be obfuscated
 ### How does DPI see MTProxy TLS?

config.toml

@@ -1,3 +1,7 @@
+# === UI ===
+# Users to show in the startup log (tg:// links)
+show_link = ["hello"]
+
 # === General Settings ===
 [general]
 prefer_ipv6 = false
@@ -72,7 +76,3 @@ weight = 10
 # address = "127.0.0.1:9050"
 # enabled = false
 # weight = 1
-
-# === UI ===
-# Users to show in the startup log (tg:// links)
-show_link = ["hello"]