Slashdot Mirror

← Back to Domains

Domain: jmarshall.com

Stories and comments across the archive that link to jmarshall.com.

Stories · 4

  1. Collage, and the Challenge of "Deniability"

    Tech · Censorship · · posted by samzenpus · from the on-the-down-low dept. · 94 comments
    Slashdot regular Bennett Haselton has written a piece on a new program called Collage that can circumvent censorship by embedding messages in user-generated content on sites like Flickr. The program demonstrates that a long-standing theoretical concept can be reduced to practice but Bennett wonders if anybody would actually need it, as long as they can exchange encrypted messages over Gmail and AIM. He begins "In a presentation delivered at USENIX, Georgia Tech grad student Sam Burnett and his colleagues described how their new program, "Collage," could circumvent Internet censorship by embedding messages in user-generated content on sites like Flickr. The short version is that a publisher uses the Collage system to break a message into pieces that are small enough to embed into a photograph using standard steganography, the photos are published according to some protocol (e.g. "all photos in the photostream of user xyz" or "all photos tagged with the 'xyz' tag"), and receivers who know the protocol for identifying the photos, can retrieve them and decode the message. According to the authors' paper, the system is general enough that it could be adapted to almost any site where user-generated content is published. (All of this can be done by hand using existing tools, but Collage automates the process to hide the individual steps from the user.)" From this short description, you can see the two salient facts about Collage: (1) it's robust, in the sense that in order to shut it down completely, the censor would have to block every site containing user-generated content; and (2) it's efficient only for small text messages (which is what the authors used to test it), and not for high-bandwidth communications such as video. The authors have also highlighted the claim that Collage is (3) deniable, in the sense that in using it, you won't attract the attention of the censors for browsing "innocent" sites like Flickr. On this point, I'm not so sure; I think it's highly dependent on the kinds of publication system that the sender and the recipient agree on. For example, if the sender publishes their messages in photos all in one user's photostream, and that photostream is used primarily by recipients in censored countries to receive encoded messages, and if virtually nobody ever visits that photostream for any other reason, then if the censor ever finds out about that photostream, they could flag any user who ever visits it. It doesn't matter if the "site" as a whole is "innocent", if that one user's photostream is not.

    But there's a more fundamental issue: Currently, in all censored countries, there is at least one way to receive prohibited text messages more efficiently (and with greater deniability) than with Collage. So Collage may work perfectly, but even when it gets released, I'd be very surprised to see large numbers of people using it unless all the simpler alternatives get blocked.

    Most tools that people use to circumvent Internet censorship, are not "deniable" in the sense described above. If you visit a proxy site like VTunnel, any censor who is monitoring your Internet connection can see that you connected to a known proxy site. If you connect to the proxy site using "https://" instead of "http://", then a censor eavesdropping on your connection, won't be able to tell what you looked at through the proxy site (unless they confiscate your computer and look through your browser history), but they'll still be able to tell that you visited a proxy site. Similarly, if you use a tool like UltraSurf or Tor, those tools can circumvent the censor's filters by re-routing your Internet connection through a server outside the censored country -- but a censor monitoring your traffic, can still see that you connected to an UltraSurf or Tor server outside the country, even if they can't tell what Web sites you were visiting.

    But if all you want is to receive short text messages, then there are many options that are completely "deniable." The simplest is probably to use Gmail and to choose the option to always read messages over https://. (If you sign in to Gmail, under "Settings" you can choose between "Always use https" and "Don't always use https".) If you read your inbox contents using https, then a censor eavesdropping on your connection can't see anything at all -- not the contents of messages that people send you, not the email addresses of people who are writing to you, not even the username that you use to sign in to read your Gmail messages. This gives you more or less perfectly deniability. As long as many Gmail users are using Gmail over https://, then doing this by itself would not attract undue attention from censors monitoring your Internet traffic. Using Gmail, you could also exchange higher-bandwidth content like images and video (up to Gmail's attachment size limit, currently 25 megabytes), something not possible with Collage.

    Of course, if you remember the case in which Yahoo turned over information about one of its Chinese account-holders to the Chinese government (who subsequently arrested the user and sentenced them to 10 years in prison), you may be wary of trusting any Western corporation with your privacy. But in this case, you wouldn't have to. Because even if the Chinese government found out that some Gmail users were using Gmail to receive anti-government messages from the U.S., the censors wouldn't be able to eavesdrop on https-protected connections to find out which users were receiving the messages or what they said, so there would be no information for them to demand that Google turn over to them.

    Or if you want to exchange encrypted text messages in real time, you can use any instant messaging client that supports encryption. Whether or not this is "deniable", in the sense of not attracting undue attention for "suspicious activity", depends on what proportion of other users are using the chat program in encrypted mode as well. The current version of AOL Instant Messenger, for example, apparently encrypts all instant messages by default. (Although you should take care to understand exactly what is "encrypted" when using an instant messaging client. In my experiments, when using AOL Instant Messenger, the contents of messages were encrypted, but the specific screen names that you're sending and receiving messages from, are not. In other words, a censor eavesdropping on your traffic, can see which screen names you exchanged messages with, but not the message contents. So if there were an AOL user account in a non-censored country that was a dummy account used primarily for passing banned information to users in censored countries, then if the censors ever found out about that account, they could flag and investigate any user in their country who exchanged messages with that screen name.)

    The bottom line is that as long as at least one of these alternatives remains unblocked in your country, they would serve as an easier way to achieve the same goals that Collage achieves. They're generally faster, more convenient, and most of the time, more "deniable", in the sense that the traffic they generate won't look as suspicious as, say, browsing a Flickr feed that later becomes widely known as source of banned encoded messages. Collage does demonstrate that an interesting idea can be reduced to practice, and is robust in the sense that the general scheme cannot be blocked unless a regime blocks access to every site hosting user-submitted content. But there doesn't seem to be a compelling reason to use it unless and until all of the simpler methods get blocked.

    I write all of this as someone who also wrote a program a few years ago that was meant to serve as a more robust back-up, in case a more popular method of circumventing censorship ever got shut down by the censors. In my case, I thought that most censoring regimes would start blocking all popular Web proxy sites, so I wrote an install script called "Circumventor" that would let you set up a Web server and James Marshall's CGIProxy script on your home computer, turning it into a mini-Web-proxy site. I assumed that eventually, most people in censored countries would have to rely on someone in a non-censored country to set up a private Web proxy like this and e-mail them the URL, once China and Iran got their act together and started blocking most publicly known Web proxy sites. But that never happened, partly because Web proxy sites are now springing up faster than most censors' databases can keep up with. So the web proxy install script fell by the wayside -- but that's good news, because it means that nobody really needed it, since the simpler, more straightforward methods continued to work. Why pester your cousin in the U.S. to set up a Web proxy for you, when most Web proxies you can find in Google are not even blocked yet?

    And so it goes for Collage. It sounds like a perfectly fine idea, and it will be great news all around if nobody ever actually has to use it, because the censors never get around to blocking all of the simpler alternatives.

  2. Behind the Magic of Anti-Censorship Software

    Yro · Censorship · · posted by CmdrTaco · from the something-to-think-about dept. · 40 comments
    Regular Slashdot contributor Bennett Haselton writes in to say "The December 1st release of Psiphon has sparked renewed interest in the various software programs that can help circumvent Internet censorship in China, Iran, and other censored countries. (Some of this interest undoubtedly being motivated by the fact that many of these programs also work for getting around blocking software at work or school.) Have you ever wanted to understand the science behind these programs, the way that mathematicians and codebreakers understand the magic behind PGP? If you loved the mental workout of reading "Applied Cryptography", have you ever wanted a tutorial to do the same for Psiphon and Tor and other anti-censorship programs?" The rest of his editorial follows.

    Well, here's a primer, but you might be disappointed. Like making the Statue of Liberty disappear, it doesn't sound very cool once you know how it's done; the truth is that most anti-censorship programs, including mine, only work because the censors are not trying very hard.

    (Note that I am going to be talking about ways that certain anti-censorship programs can be defeated. I don't believe that this is giving much help to censors, because these are obvious weaknesses that would occur to anyone who knows how the programs work. For reasons I'll get into at the end, I don't think these weaknesses actually make much difference.)

    Basically, all anti-censorship programs fall into two categories: those that require you to have a helper outside of the censored country, and those that don't.

    Take Psiphon. To use Psiphon, someone in a non-censored country has to install it on their home computer, which turns their computer into a Web server with an interface similar to Anonymouse.org, where you type in the URL of the page you want to view and it fetches it for you. The difference, of course, is that Anonymouse.org is widely known and blocked by any self-respecting Internet filtering system, while your newly created Psiphon URL pointing to your home computer is not blocked anywhere, yet. So if you set up a Psiphon URL on your computer in the U.S. and e-mail it to your friend in China, your friend can use it to surf wherever they want. (Note that this also has the desirable property that the person in China doesn't have to install any software, so they can use the URL even from a cybercafe computer with restricted user permissions.) The hurdle, of course, is that the person in China has to have a contact outside the country to help them. This is not a huge barrier for many Chinese, but it still means the program doesn't have the instant gratification property of something that you turn on and it just works.

    Peacefire, by the way, had released the Circumventor program in 2003 which did essentially the same thing. (And the Circumventor was itself really just a wizard for installing a Web server with James Marshall's CGIProxy script, which deserves most of the credit, although the Circumventor did help bring it "to the masses", since most users don't have the ability to set up an SSL-enabled Web server themselves.) Psiphon made some improvements, namely:

    • Ability to create password-protected accounts to restrict the URL to certain users.
    • Smaller download (although it may not matter much since only broadband users would be installing it anyway).
    • Ability to run on Linux. (Circumventor only works on Windows, although you can install CGIProxy on a Linux webserver if you know how.)
    Circumventor has some of its own advantages, although they're the kind that could easily be incorporated into Psiphon soon:
    • A wizard to help users forward incoming connections on their router and enter exceptions in software firewalls to make the software work. (If they want to. No tweaking people's firewall settings without asking them!)
    • Slightly harder to block, due to some strategies such as using a different SSL certificate for each install (Psiphon uses the same one each time).

    And both programs fall victim to the same attacks, although as far as I know, none of these have been implemented in practice:

    • Blocking sites whose SSL certificates do not match the site hostname (easier for a censoring proxy server like the ones used in the Middle East, than for an IP firewall like the Great Firewall of China).
    • Blocking outgoing Web connections to residential IP address ranges like Comcast.

    But basically, they're the same program -- so the difference in press coverage has been illustrative of how much context matters to reporters. Psiphon is the "politically correct" version -- they've played down the fact that it can be used to get around blocking software in schools and played up the fact that it can be used to beat the censors in China and Iran, and the press coverage has focused exclusively on that human rights aspect. The Circumventor was also written to help foreign victims of censorship, and articles have been written about its uses for that purpose, but I've also been unapologetically promoting its use to get around blocking software at home and in school, as part of an advocacy for greater civil rights for people under 18. (Also because the more installations there are in the U.S., the more it helps users abroad.) As a result, some of the TV news pieces about it have used such ominous music and lighting that they practically looked like recycled footage from "To Catch a Predator". Of course, Psiphon can be used for exactly the same thing. (I also emailed some of the reporters who recently wrote about Psiphon, to tell them about Circumventor; so far, I haven't heard back from any of them, but I doubt they're being politically correct this time, I think they're just not thrilled that C-Net scooped them by three years and seven months.)

    So, Psiphon and Circumventor fall in the first category -- programs that only work if you've got a contact outside the censored country to help you. In the second category is Tor, which was originally written to provide mathematically secure anonymity, but had the nice property that it could be used to get around the Great Firewall of China as well. With your browser in China using Tor as a proxy, packets are routed to other Tor nodes outside the country, which connect you with any blocked Web site that you want to see. Best of all, you just install it on a machine in China, and presto, it works, no nagging your expat cousin in the U.S. to install something on their computer to help you. Dynamic Internet Technologies, run by Chinese dissident Bill Xia in North Carolina, runs another service that works "out of the box" -- you send an instant-message to one of the DIT screen names, and it replies with a list of currently running Web proxies. (Bill has asked me not to publicize the actual screen names that perform this service, because it's intended only for Chinese users. I think that's a case of "security through obscurity", but I respect his wishes.)

    Unfortunately, all such "instant gratification" solutions have the same basic weakness, which by a simple argument can be extended even to hypothetical future programs in the same category. In the case of a program like Tor, the censor only has to install the software, look at what IP addresses the software connects to when it bootstraps itself, and add those IP addresses to the blacklist. Even if the software chooses at random from multiple IP addresses to bootstrap to, the censor can still obtain all of them by repeatedly re-installing the software (possibly wiping the machine each time so the software can't tell that it's been installed before). No matter how you slice it, if Alice the legitimate user and Bob the censor download the program on the same day, Bob can make the program not work for Alice if he updates the blacklist quickly enough. He doesn't even have to reverse-engineer the software, he just has to use a network sniffer to see where it connects to. (For DIT's proxy-by-instant-message system, the censor can instant-message the screen name repeatedly, from different accounts, until they've collected and blocked all the available proxies; this would be analogous to re-installing Tor repeatedly and seeing what IPs it connects to.)

    Peacefire has produced other approach which is a simple, obvious idea, and it was quite by accident that we found out it slips through the cracks of the seemingly "unsolvable" problem with instant-gratification outlined above. Like the other solutions, it works only as long as the censors are fairly lazy, but they are, and it does. About 30,000 people have signed up through a form on our site to be notified each time we create a new Circumventor site and mail it out, every 3 or 4 days. Agents of the blocking companies have joined the list too, of course, but we mail different sites to different subsets of the list. Now, an attack analogous to the attacks listed in the previous paragraph, would be for the censors to join under many different accounts, and then block any site that gets mailed to any of those accounts. But the catch is that when an address joins the list, a new site doesn't get mailed to that address until some random time in the future. So the censor has to check all of the fake Hotmail accounts that they've created, over and over, if they want to block all of the new sites as soon as they're released. Hardly impossible, but the censor can no longer use the instantaneous approach of: (1) enter the system / join the list / install the software; (2) see where it connects to and block those points of access; (3) repeat. (If we instantly e-mailed a randomly selected site to each new signup, then this attack would work.) By going from instant gratification to almost-instant-gratification, you change one of the conditions for the theorem stated in the previous paragraph, so that it no longer holds true. Still, like Tor and the DIT system, it could be blocked with a moderate amount of effort.

    The Tor protocol, by the way, has been the subject of a great deal of sophisticated mathematical analysis, really brainy stuff that is beyond the scope of this article. But it's important to understand that that analysis focuses on the security of the Tor protocol for achieving anonymity. For anonymity, the protocol is very strong; for routing around censorship, it's fairly straightforward to defeat. That's not at all a criticism of the Tor developers; Tor was designed to achieve anonymity, and just turned out to work for beating censorship as well -- but only, of course, as long as the censors aren't making much effort to block it.

    Which all leads to the obvious question: Why have the censors not bothered?

    Nobody knows for sure, but I fear the answer is that the Chinese government and other censors know that the greatest weapon in their arsenal is not IP blocking, or keyword filtering, or even the threat of arrest. It's just apathy. The Chinese censors know what we anti-censorware developers in the free world keep forgetting: that most Chinese are not liberty-minded Jeffersonians chomping at the bit under the oppressive yoke of their government and waiting to be freed by circumvention software. As Michael Chase and James Mulvenon of the RAND Corporation put it in their report on Internet usage by Chinese dissidents, You've Got Dissent!: "[A]lthough some peer-to-peer applications... are designed specifically to combat censorship on the Internet and address privacy concerns, most Chinese Internet users are undoubtedly more interested in using peer-to-peer applications for entertainment purposes such as downloading MP3 music files." The censors know what Netscape knew when they fought tooth and nail against Microsoft including Internet Explorer on the desktop of every Windows machine: defaults matter. It doesn't matter that users can go to Netscape's site and download their browser, and it doesn't matter that users can access a banned site by installing a cool p2p program. Most people just don't.

    When I first started working on the Circumventor, I assumed that since the Chinese Internet censorship bureau reportedly employed about 30,000 people, surely if they were already spending that much effort and money, they'd throw plenty of resources at defeating any new anti-censorship program, so the Circumventor would have to be able to withstand any such attack. But I was wrong. According to the RAND corporation paper, the censors have been quite busy, for example, policing political forums for dissident postings that other users might casually run into. But they apparently assume -- correctly, it seems -- that content doesn't pose much of a threat if users have to go out of their way and download a program to access it. And if the user has to have a friend outside the country to help them, then forget it.

    This is not to downplay the enormous good that programs like Tor, Circumventor and Psiphon can do in bringing free speech to the people in censored countries who want it. But it's easy to forget that those often do not comprise a large part of the population.

    One of the biggest disappointments for me came in May 2005 when I was looking for ways to get around the word filter on MSN China's blogging service. Microsoft, apparently acting on public relations advice from Lex Luthor, had decided to filter the words "freedom", "democracy", and "Taiwan independence" from the titles of blogs on MSN China. (I know, I know, they have to comply with Chinese laws to do business there. But I don't think the Chinese have actually outlawed the word "democracy".) Eventually I did find a loophole, so I searched on MSN for some Chinese blogs published by expatriates to ask them to help test the workaround for me. With a few exceptions, most of the bloggers were rather hostile, saying that they supported their government's efforts to censor the Internet and to stamp out Falun Gong as a dangerous "cult". (These were expats living in the U.S., so presumably they were not worried about the Chinese government sending a tank across the Pacific to run them over if they criticized the ruling party. Even if they thought they had to watch what they said because they might someday return to China, or because they still had family there, surely it would have been easier just to ignore me; the hostility that I encountered sounded genuine.) The moral is, no matter how much your movement believes in its efforts to help oppressed people, you can't just assume you'll be greeted as liberators (ahem).

    So now you know most of what there is to know about the state of the art in anti-censorship software. It's just that there is less to understand than the hype originally suggests -- the programs aren't really secure, but they work because the censors aren't really trying. And there aren't any cool mathematical formulas that you can impress your friends with -- for that, you'll still have to go back to Applied Cryptography. It's a lot less impressive to be the Bruce Schneier of circumvention algorithms than it is to be the real Bruce Schneier.

  3. Behind the Magic of Anti-Censorship Software

    Yro · Censorship · · posted by CmdrTaco · from the something-to-think-about dept. · 40 comments
    Regular Slashdot contributor Bennett Haselton writes in to say "The December 1st release of Psiphon has sparked renewed interest in the various software programs that can help circumvent Internet censorship in China, Iran, and other censored countries. (Some of this interest undoubtedly being motivated by the fact that many of these programs also work for getting around blocking software at work or school.) Have you ever wanted to understand the science behind these programs, the way that mathematicians and codebreakers understand the magic behind PGP? If you loved the mental workout of reading "Applied Cryptography", have you ever wanted a tutorial to do the same for Psiphon and Tor and other anti-censorship programs?" The rest of his editorial follows.

    Well, here's a primer, but you might be disappointed. Like making the Statue of Liberty disappear, it doesn't sound very cool once you know how it's done; the truth is that most anti-censorship programs, including mine, only work because the censors are not trying very hard.

    (Note that I am going to be talking about ways that certain anti-censorship programs can be defeated. I don't believe that this is giving much help to censors, because these are obvious weaknesses that would occur to anyone who knows how the programs work. For reasons I'll get into at the end, I don't think these weaknesses actually make much difference.)

    Basically, all anti-censorship programs fall into two categories: those that require you to have a helper outside of the censored country, and those that don't.

    Take Psiphon. To use Psiphon, someone in a non-censored country has to install it on their home computer, which turns their computer into a Web server with an interface similar to Anonymouse.org, where you type in the URL of the page you want to view and it fetches it for you. The difference, of course, is that Anonymouse.org is widely known and blocked by any self-respecting Internet filtering system, while your newly created Psiphon URL pointing to your home computer is not blocked anywhere, yet. So if you set up a Psiphon URL on your computer in the U.S. and e-mail it to your friend in China, your friend can use it to surf wherever they want. (Note that this also has the desirable property that the person in China doesn't have to install any software, so they can use the URL even from a cybercafe computer with restricted user permissions.) The hurdle, of course, is that the person in China has to have a contact outside the country to help them. This is not a huge barrier for many Chinese, but it still means the program doesn't have the instant gratification property of something that you turn on and it just works.

    Peacefire, by the way, had released the Circumventor program in 2003 which did essentially the same thing. (And the Circumventor was itself really just a wizard for installing a Web server with James Marshall's CGIProxy script, which deserves most of the credit, although the Circumventor did help bring it "to the masses", since most users don't have the ability to set up an SSL-enabled Web server themselves.) Psiphon made some improvements, namely:

    • Ability to create password-protected accounts to restrict the URL to certain users.
    • Smaller download (although it may not matter much since only broadband users would be installing it anyway).
    • Ability to run on Linux. (Circumventor only works on Windows, although you can install CGIProxy on a Linux webserver if you know how.)
    Circumventor has some of its own advantages, although they're the kind that could easily be incorporated into Psiphon soon:
    • A wizard to help users forward incoming connections on their router and enter exceptions in software firewalls to make the software work. (If they want to. No tweaking people's firewall settings without asking them!)
    • Slightly harder to block, due to some strategies such as using a different SSL certificate for each install (Psiphon uses the same one each time).

    And both programs fall victim to the same attacks, although as far as I know, none of these have been implemented in practice:

    • Blocking sites whose SSL certificates do not match the site hostname (easier for a censoring proxy server like the ones used in the Middle East, than for an IP firewall like the Great Firewall of China).
    • Blocking outgoing Web connections to residential IP address ranges like Comcast.

    But basically, they're the same program -- so the difference in press coverage has been illustrative of how much context matters to reporters. Psiphon is the "politically correct" version -- they've played down the fact that it can be used to get around blocking software in schools and played up the fact that it can be used to beat the censors in China and Iran, and the press coverage has focused exclusively on that human rights aspect. The Circumventor was also written to help foreign victims of censorship, and articles have been written about its uses for that purpose, but I've also been unapologetically promoting its use to get around blocking software at home and in school, as part of an advocacy for greater civil rights for people under 18. (Also because the more installations there are in the U.S., the more it helps users abroad.) As a result, some of the TV news pieces about it have used such ominous music and lighting that they practically looked like recycled footage from "To Catch a Predator". Of course, Psiphon can be used for exactly the same thing. (I also emailed some of the reporters who recently wrote about Psiphon, to tell them about Circumventor; so far, I haven't heard back from any of them, but I doubt they're being politically correct this time, I think they're just not thrilled that C-Net scooped them by three years and seven months.)

    So, Psiphon and Circumventor fall in the first category -- programs that only work if you've got a contact outside the censored country to help you. In the second category is Tor, which was originally written to provide mathematically secure anonymity, but had the nice property that it could be used to get around the Great Firewall of China as well. With your browser in China using Tor as a proxy, packets are routed to other Tor nodes outside the country, which connect you with any blocked Web site that you want to see. Best of all, you just install it on a machine in China, and presto, it works, no nagging your expat cousin in the U.S. to install something on their computer to help you. Dynamic Internet Technologies, run by Chinese dissident Bill Xia in North Carolina, runs another service that works "out of the box" -- you send an instant-message to one of the DIT screen names, and it replies with a list of currently running Web proxies. (Bill has asked me not to publicize the actual screen names that perform this service, because it's intended only for Chinese users. I think that's a case of "security through obscurity", but I respect his wishes.)

    Unfortunately, all such "instant gratification" solutions have the same basic weakness, which by a simple argument can be extended even to hypothetical future programs in the same category. In the case of a program like Tor, the censor only has to install the software, look at what IP addresses the software connects to when it bootstraps itself, and add those IP addresses to the blacklist. Even if the software chooses at random from multiple IP addresses to bootstrap to, the censor can still obtain all of them by repeatedly re-installing the software (possibly wiping the machine each time so the software can't tell that it's been installed before). No matter how you slice it, if Alice the legitimate user and Bob the censor download the program on the same day, Bob can make the program not work for Alice if he updates the blacklist quickly enough. He doesn't even have to reverse-engineer the software, he just has to use a network sniffer to see where it connects to. (For DIT's proxy-by-instant-message system, the censor can instant-message the screen name repeatedly, from different accounts, until they've collected and blocked all the available proxies; this would be analogous to re-installing Tor repeatedly and seeing what IPs it connects to.)

    Peacefire has produced other approach which is a simple, obvious idea, and it was quite by accident that we found out it slips through the cracks of the seemingly "unsolvable" problem with instant-gratification outlined above. Like the other solutions, it works only as long as the censors are fairly lazy, but they are, and it does. About 30,000 people have signed up through a form on our site to be notified each time we create a new Circumventor site and mail it out, every 3 or 4 days. Agents of the blocking companies have joined the list too, of course, but we mail different sites to different subsets of the list. Now, an attack analogous to the attacks listed in the previous paragraph, would be for the censors to join under many different accounts, and then block any site that gets mailed to any of those accounts. But the catch is that when an address joins the list, a new site doesn't get mailed to that address until some random time in the future. So the censor has to check all of the fake Hotmail accounts that they've created, over and over, if they want to block all of the new sites as soon as they're released. Hardly impossible, but the censor can no longer use the instantaneous approach of: (1) enter the system / join the list / install the software; (2) see where it connects to and block those points of access; (3) repeat. (If we instantly e-mailed a randomly selected site to each new signup, then this attack would work.) By going from instant gratification to almost-instant-gratification, you change one of the conditions for the theorem stated in the previous paragraph, so that it no longer holds true. Still, like Tor and the DIT system, it could be blocked with a moderate amount of effort.

    The Tor protocol, by the way, has been the subject of a great deal of sophisticated mathematical analysis, really brainy stuff that is beyond the scope of this article. But it's important to understand that that analysis focuses on the security of the Tor protocol for achieving anonymity. For anonymity, the protocol is very strong; for routing around censorship, it's fairly straightforward to defeat. That's not at all a criticism of the Tor developers; Tor was designed to achieve anonymity, and just turned out to work for beating censorship as well -- but only, of course, as long as the censors aren't making much effort to block it.

    Which all leads to the obvious question: Why have the censors not bothered?

    Nobody knows for sure, but I fear the answer is that the Chinese government and other censors know that the greatest weapon in their arsenal is not IP blocking, or keyword filtering, or even the threat of arrest. It's just apathy. The Chinese censors know what we anti-censorware developers in the free world keep forgetting: that most Chinese are not liberty-minded Jeffersonians chomping at the bit under the oppressive yoke of their government and waiting to be freed by circumvention software. As Michael Chase and James Mulvenon of the RAND Corporation put it in their report on Internet usage by Chinese dissidents, You've Got Dissent!: "[A]lthough some peer-to-peer applications... are designed specifically to combat censorship on the Internet and address privacy concerns, most Chinese Internet users are undoubtedly more interested in using peer-to-peer applications for entertainment purposes such as downloading MP3 music files." The censors know what Netscape knew when they fought tooth and nail against Microsoft including Internet Explorer on the desktop of every Windows machine: defaults matter. It doesn't matter that users can go to Netscape's site and download their browser, and it doesn't matter that users can access a banned site by installing a cool p2p program. Most people just don't.

    When I first started working on the Circumventor, I assumed that since the Chinese Internet censorship bureau reportedly employed about 30,000 people, surely if they were already spending that much effort and money, they'd throw plenty of resources at defeating any new anti-censorship program, so the Circumventor would have to be able to withstand any such attack. But I was wrong. According to the RAND corporation paper, the censors have been quite busy, for example, policing political forums for dissident postings that other users might casually run into. But they apparently assume -- correctly, it seems -- that content doesn't pose much of a threat if users have to go out of their way and download a program to access it. And if the user has to have a friend outside the country to help them, then forget it.

    This is not to downplay the enormous good that programs like Tor, Circumventor and Psiphon can do in bringing free speech to the people in censored countries who want it. But it's easy to forget that those often do not comprise a large part of the population.

    One of the biggest disappointments for me came in May 2005 when I was looking for ways to get around the word filter on MSN China's blogging service. Microsoft, apparently acting on public relations advice from Lex Luthor, had decided to filter the words "freedom", "democracy", and "Taiwan independence" from the titles of blogs on MSN China. (I know, I know, they have to comply with Chinese laws to do business there. But I don't think the Chinese have actually outlawed the word "democracy".) Eventually I did find a loophole, so I searched on MSN for some Chinese blogs published by expatriates to ask them to help test the workaround for me. With a few exceptions, most of the bloggers were rather hostile, saying that they supported their government's efforts to censor the Internet and to stamp out Falun Gong as a dangerous "cult". (These were expats living in the U.S., so presumably they were not worried about the Chinese government sending a tank across the Pacific to run them over if they criticized the ruling party. Even if they thought they had to watch what they said because they might someday return to China, or because they still had family there, surely it would have been easier just to ignore me; the hostility that I encountered sounded genuine.) The moral is, no matter how much your movement believes in its efforts to help oppressed people, you can't just assume you'll be greeted as liberators (ahem).

    So now you know most of what there is to know about the state of the art in anti-censorship software. It's just that there is less to understand than the hype originally suggests -- the programs aren't really secure, but they work because the censors aren't really trying. And there aren't any cool mathematical formulas that you can impress your friends with -- for that, you'll still have to go back to Applied Cryptography. It's a lot less impressive to be the Bruce Schneier of circumvention algorithms than it is to be the real Bruce Schneier.

  4. Teleportation at Last

    Science · Science · · posted by CowboyNeal · from the beam-me-up-Scotty dept. · 0 comments
    jsm writes " Using a little-understood property of twin particles called "entanglement", researchers at Caltech have used two beams of light to transport a third beam of light a distance of one yard. Essentially, they're making a copy of the original beam, so it's arguable whether the beam has been transported or merely duplicated. Still, it may be applicable to larger objects (philosopher's stone, anyone?)." I hope this means that someday I can get around without using a car.