After reading TFA: They do not assume that your ISP has this "station", only some ISP. You tag your https request to some unblocked site by using public key code encryption to indicate that you want a secure anonymous connection. When your request packages are routed you might hit a router from an ISP who runs such a "station". This router may identify the tag and and if so, the "station" answers the request by setting up an encrypted between itself and the user (you) who can then use it like a proxy. In other words - the headline is wrong, because you still use a proxy, the only difference is that the IP of the doesn't need to be publicly known. Instead, you need to know the public key of a (group of) station(s) and hope that the traffic gets routes to pass through one of these.