Domain: psiphon.ca
Stories and comments across the archive that link to psiphon.ca.
Stories · 4
-
50,000 Users Test New Anti-Censorship Tool TapDance (www.cbc.ca)
The CBC reports: What if circumventing censorship didn't rely on some app or service provider that would eventually get blocked but was built into the very core of the internet itself? What if the routers and servers that underpin the internet -- infrastructure so important that it would be impractical to block -- could also double as one big anti-censorship tool...? After six years in development, three research groups have joined forces to conduct real-world tests.
An anonymous reader writes: Earlier this week, Professor Eric Wustrow, from the University of Colorado at Boulder, presented An ISP-Scale Deployment of TapDance at the USENIX Workshop on Free and Open Communications on the Internet. TapDance is an anti-censorship, circumvention application based on "refraction networking" (formerly known as "decoy routing") that has been the subject of academic research for several years. Now, with integration with Psiphon, 50,000 users, a deployment that spans two ISPs, and an open source release, it seems to have graduated to the real world.
"In the long run, we absolutely do want to see refraction networking deployed at as many ISPs that are as deep in the network as possible," one of the paper's authors told the CBC. "We would love to be so deeply embedded in the core of the network that to block this tool of free communication would be cost-prohibitive for censors." -
"Liberated" Tunisia Still Censoring Websites
Frequent Slashdot contributor Bennett Haselton writes "Tunisia's high court will decide on Wednesday whether to allow censoring of websites containing pornography or 'calls to violence.' It's disappointing that censorship continues in post-revolutionary Tunisia, but it's enough of an improvement over the old regime, that anti-censorship cyber-activism efforts would probably best be spent on helping other countries." Read on for Bennett's analysis.In Tunisia, where dictator Zine El Abidine Ben Ali was ousted one year ago amid hopes for a new era of freedom, the high court will decide on Wednesday whether to censor foreign pornographic websites in accordance with local law. Facebook pages that "call for violence" may also be blocked. Conveniently, all the machinery for censoring the Internet in Tunisia is already in place, having been installed under Ben Ali's dictatorship for the purposes of censoring and spying on Tunisian citizens (and, for a while, phishing their Facebook passwords). The irony recalls the situation in Iraq in 2009, when the government announced plans to start censoring foreign websites -- to which Iraqi citizens complained that they thought censorship would end with the fall of Saddam's regime. Actually, apart from the three outlier countries of Turkey, Israel and Lebanon, pornography remains illegal in every Middle Eastern country (and some conservative African nations), including the recently "liberated" ones including Egypt, Iraq and Tunisia. (Although, Iraq's street market in pornography thrives as long as the police have better things to do.)
I'm against such censorship in principle -- I think that even the right to publish and access pornography counts as a fundamental human right. But I think we have to take what progress we can get, and censoring just pornography and calls to violence, is a big improvement over censoring pornography and dissident political speech, which is the norm in most non-"liberated" Middle Eastern countries like Syria, Iran, and Saudi Arabia. Syria blocks foreign opposition sites like All4Syria.info, Iran blocks Facebook and YouTube to keep dissidents from posting or viewing anti-government material, and Saudi Arabia blocks Reporters Without Borders and filters the Amnesty International report on human rights in Saudi Arabia (but not the rest of the Amnesty International site!).
Saudi Arabia blocking the Amnesty International report on human rights in their country (while leaving the rest of the site unblocked), in particular, seems like the kind of thing that a government would do more as a "fuck you" to human rights activists, than a means to achieve a practical goal. For one thing, most of the facts in the human rights report about Saudi Arabia -- about sex discrimination and lack of political and religious freedom -- are already well known to the people who live there. And secondly, what percent of the citizens of a country would ever read the Amnesty International report on human rights in that country, even if it were not blocked? How many Americans even know that Amnesty puts out an annual report about human rights violations in the United States? So it seems more like a symbolic move to remind everyone who's in charge. For all the disappointment in the lack of progress for free speech in post-"liberation" countries, the non-"liberated" ones are indeed worse.
As for the Tunisian proposal to censor "calls to violence", I wouldn't always be against that, even in principle. In most countries, direct incitements to violence can be considered illegal (it depends on what you say and, of course, on what judge you get). In a developing country rife with ethnic tensions, even greater restrictions on calls to violence could be justified. When you finally watched Hotel Rwanda , weren't you hoping someone would bust in on that radio DJ telling everyone to kill Tutsis in the middle of a civil war, and blow him to hell? The biggest problem with a rule against "calls to violence" is that the government could stretch the definition to silence political speech. But it's possible to keep that kind of abuse in check, as has mostly been achieved in the U.S. For that, what you need is an independent judiciary, not an abolishment of all rules against calls to violence.
So the free-speech situation in "liberated" Tunisia may be nothing to write home about, but it sounds much better than it used to be, when writing home to complain about it could get you arrested. A Wall Street Journal article from July 2011 describes how, under Ben Ali's dictatorship, Tunisian cyber-activist Slim Amamou had been imprisoned and abused by the police for calling for peaceful demonstrations. Post-revolution, he was freed and asked to join the interim government, where the strictest restriction placed on him was to "stop sending Twitter messages during internal government meetings to his 25,000 followers". They may not have their porn, but that's still progress.
Of course, if someone in Tunisia wants to circumvent the government filters (using tools like proxy sites, VPNs, Tor, UltraSurf, Psiphon, etc.) and get to a porn site, more power to them. I just wouldn't make it a priority to set aside resources to help them get it. Not while there are Iranians who need help getting around the latest restrictions blocking them from Facebook and Gmail.
Two caveats. First, if someone wants to sell circumvention services to Tunisians who just want to get around the porn blocker, that doesn't count as "setting aside resources", so that's a perfectly noble endeavor. In fact, given the economies of scale in the circumvention business, selling to Tunisians could help to bring the price down for other users, including users in countries like Saudi Arabia where the government does engage in political filtering, and where circumvention services could be a tool for social change. Second, providing circumvention services (free or paid) to Tunisians, does probably make it less likely that the new government would revert to political censorship, knowing that many of its citizens have the tools to beat it, even if those tools are only currently used to access porn sites. So to that extent, setting aside resources to provide circumvention services in Tunisia might be a worthwhile cause.
Still, I think it's a lot less important than using circumvention tools to fight political censorship in truly autocratic countries like Iran. For the next generation of proxy servers that I'm rolling out, I'm working on setting aside some of them just for Iranian IP addresses. Even if Iranians just use them to get on Facebook, that's still contributes more to advancing the cause of social democracy, than Tunisians using them to get on Playboy.
-
Ultrasurf Easily Blocked, But So What?
Frequent Slashdot contributor Bennett Haselton writes "A simple experiment shows that it's easy to find the IP addresses used by the UltraSurf anti-censorship program, and block traffic to all of those IP addresses, effectively stopping UltraSurf from working. But this is not a fault of UltraSurf; rather, it demonstrates that an anti-censorship software program can be successful even if it's relatively trivial to block it." Read on for Bennett's analysis.
UltraSurf is an enormously popular program used to circumvent Internet censorship in countries like China (as well as schools and workplaces in mostly-free countries like the US, with mixed success). When you run UltraSurf on your computer, it re-routes your outgoing Internet traffic to external IP addresses controlled by UltraSurf, so that it looks to observers (and network censors) as if you are connecting to UltraSurf's IP addresses, rather than a website like YouTube or Facebook that may be banned on your network.
UltraSurf uses a list of thousands of external IP addresses, to make it non-trivial for an adversary to locate all of their IP addresses and block them all. However, using a few steps that would be obvious to many programmers facing the same problem, I did find a way to detect all the IP addresses that UltraSurf connects to, and block all of them so that UltraSurf stopped working. It would not be hard for a government censor operating the filter in a country like China to do the same thing. But this does not mean that UltraSurf's network is likely to collapse any day now; on the contrary, it means that it and similar programs are likely to flourish for years to come, since the censors obviously have other priorities.
Some background information first. Most Internet censorship circumvention tools fall into one of two categories (whose names I have just invented for the purpose of this article):
(1) Self-bootstrapping. If a program is self-bootstrapping, then in a censored country you simply run a copy of the program and it will establish a connection to an IP address outside the country, one of many in a large "cloud" of IP addresses controlled by the software program's publisher. Thereafter, your Internet usage is routed through that connection in order to evade your country's filter. UltraSurf and Tor fall into this category.
(2) Non-self-bootstrapping. To use one of these programs from a censored country, first you have to get a friend in a non-censored country to install the software on their computer (or their webserver, if they have one). Then they give this location (normally in the form of a URL) to their friend in the censored country, and their friend types that URL into their browser to circumvent their country's filtering. Psiphon is the best-known program in this group.
In 2006 I wrote that even though the first category of programs was more convenient to use (not requiring you to rely on a friend in an uncensored country), any program in that category could be blocked by an adversary willing to make only a modest amount of effort: Install the program, see what IP addresses it connects to, block those, see if the program connects to any other backup IP addresses, block those, and so on, until the program runs out of IP addresses to use. There are a few simple countermeasures that designers of a program could take, but they can also be defeated easily.
(For example, if the program randomly chooses an IP address from a large internally stored list, then you just have to run the program over and over until you've found most of the IP address chosen by its random algorithm. A cleverly written program could try to evade this as follows: Pick a set of IP addresses at random from the list, and then "lock in" to that set of IP addresses, so that future runs of the program on that PC will always connect to those IP addresses, ignoring the other ones in the list. This makes it a little bit harder for the censor to pry out all of the IP addresses in the program's internal list. But then you, as the censor, can either (a) run the program repeatedly, but find where the program stores its "locked set" and erase that between each run, so that on future runs the program will keep selecting a different IP address set, or (b) if you can't figure out where the program is storing its "locked set" between each run, then just install the program repeatedly on different machines.)
One way or another, if the program knows what IP addresses to connect to when it bootstraps itself, the attacker can trick the program into revealing all of them. The attacker doesn't even need to reverse-engineer the software to see the set of instructions that it's executing internally; they only need to be able to see the IP addresses that the program is connecting to.
Much later, I was able to reduce this to practice in an experiment on my own machine, using a Perl script, the built-in Windows "netstat" tool to list connections from locally running programs to outside IP addresses, and the "ipseccmd" tool to add new firewall rules blocking those IP addresses. After the script was left running overnight, it had collected and blocked all the IP addresses that UltraSurf apparently used, and on future runs, UltraSurf would display an error message saying that it couldn't find any IPs to connect to.
(Interestingly, netstat also showed that UltraSurf frequently opened connections to www.google.com over SSL -- that is, accessing URLs that would begin with "https://www.google.com/" -- so that traffic between the program and the Google website would be encrypted, and the contents would be invisible to censors in China. When I saw it was doing that, I added an exception to the script so that the Google IP addresses would not be blocked. Perhaps it was submitting search terms to Google in order to find pages that give the location of the latest UltraSurf connection points, or perhaps it was checking a GMail account created by UltraReach that stores messages containing more IP addresses; I didn't reverse-engineer UltraSurf to find out. But even if this was UltraSurf's clever means of obtaining new IP addresses, the system still runs up against the same problem: Any IPs that can be connected to by the UltraSurf client, can also be ascertained by the attacker who watches UltraSurf to see where it connects to, and then blocks those IPs as well.)
Naturally I had mixed feelings about pointing this out publicly, since I agree with UltraReach's goal of providing unfiltered access to users in China and other censored countries. But this idea is sufficiently obvious, that I don't think anything is lost by demonstrating it. There may be programmers interested in creating even more programs to help users in censored countries, and it would be counterproductive for those programmers to believe that existing programs like UltraSurf "magically" evade the censors by using some complex algorithm to hide the IP addresses that they connect to. In fact, the program doesn't conceal the IP addresses that it connects to (how could it?), and it would be straightforward to design and build a new program that did roughly the same thing. We should give UltraReach credit for the right things: they made a tool that provides unfiltered access to millions of people, they made the tool small and easy to use, and they arranged with their partners to subsidize the unfiltered Internet connections at no expense to those end users (although see some caveats, which have been pointed out the Hal Roberts at the Berkman Center, about the price of this "free" access). But the one thing UltraReach did not do is find a way to get around the problem of an attacker installing the problem to see what IP addresses it connects to. That's not a criticism of UltraReach; this is presumably an impossible problem to solve.
(Side note about counter- and counter-counter-measures: If UltraReach does think that censoring countries might try harder to block UltraSurf at some point in the future, they should start releasing different versions of the product every month that use different sets of IP addresses. Release one version for September 2009 that uses one set of IP addresses, then another version in October 2009 that uses another set, and so on. Then if the censors decide in December 2009 to start seriously trying to block all UltraSurf IP addresses, they'll be able to find and block all the IP addresses used by the Dec09 version, just by installing a copy of the program and observing it. But, users who downloaded previous months' versions of the program will be able to continue using their copies. If the Chinese censors wanted to find and block the IP addresses used by preivous months' copies of UltraSurf, they would have to either (a) figure out how to distinguish UltraSurf traffic from other Internet traffic, not an easy thing since UltraSurf uses encrypted traffic on port 443, the same port used for encrypted Web traffic, or (b) obtain copies of the program that users had downloaded in previous months, which is no longer as trivial as simply observing the current version of the program. The more often UltraReach swaps out a new version of UltraSurf that connects to a new set of IP addresses, the harder it will be for the Chinese censors to find all the sets of IPs used by previously released versions. However, once the Chinese censors start trying seriously to block UltraSurf, even though the trick just described will allow previous downloaders of the program to continue surfing freely, all new users who download the program after that point, can be easily blocked -- because the Chinese censors can just watch how often a new version of UltraSurf is made available for download, and block the IPs used by that copy.)
But I think the fact that the Chinese have not done this reveals something usually overlooked about the nature of the anti-censorship arms race. The situation is frequently cast as a battle between the evil geniuses who run the government filters and the good geniuses who write the software to get around the filters, while the grateful citizens of the censored country are the beneficiaries. But if the government censors haven't even done some simple experiments like this in order to block UltraSurf, they must not think it's a high priority to stop the program from working. This in turn suggests that the number of people using UltraSurf in a country like China, while large in absolute numbers, don't constitute a large enough proportion of the population to worry the government. Presumably either the ideas leaking in through an unfiltered Internet are not reaching a large enough proportion of the population, or the ideas are not expected to take hold in enough people's minds to reach a tipping point that causes a problem for the ruling party.
It's not that the Chinese censors don't care about controlling the Internet and the effect that it has on their citizens' thinking. The Chinese have reported fielded a droid army of about 50,000 cubicle drones to help fight Internet propaganda battles, such as drowning out anti-government posts on public forums. Why would they spend such enormous efforts to generate forum posts, but not make the effort to find and block all UltraSurf IP addresses? Because the battlefront is about defaults. If the user tries to access a site and it's blocked, then only a tiny proportion will make a significant effort to circumvent the block. (The exception would be when an extremely popular site like YouTube is blocked; operators of Web proxy sites report that during these periods, they get so much traffic from Chinese users trying to view YouTube videos, that the servers often crash.) Similarly, if users see that 90% of the posts on a given forum are on one side of the issue, then they're more likely to think that's the majority viewpoint (whether they agree with it or not). Hence the usefulness of the army of 50,000 to invade forum threads. Defaults matter; would Internet Explorer have ever displaced Netscape's browser (kids, ask your parents) if it hadn't been the default browser in all versions of Windows?
So the moral for any would-be designers of new anti-Internet-censorship tools, is not to worry too much about whether there's a theoretical way (or even a practical way) that the censors could shut the tool down. UltraSurf became enormously popular without solving that problem, and perhaps another tool could as well. -
A Secure OS For the Dalai Lama?
Jamyang (Greg Walton) writes "I am editor of the Infowar Monitor and co-author of the recent report, Tracking Ghostnet. I have been asked by the Office of His Holiness, the Dalai Lama (OHHDL) and the Tibetan Government in Exile (TGIE) to offer some policy recommendations in light of the ongoing targeted malware attacks directed at the Tibetan community worldwide. Some of the recommendations are relatively straightforward. For example, I will suggest that OHHDL convene an international Board of Advisers, bringing together some of the brightest minds in computer and international security to advise the Tibetans, and that the new Tibetan university stands up a Certified Ethical Hacking course. However, one of the more controversial moves being actively debated by Tibetans on the Dharamsala IT Group [DITG] list, is a mass migration of the exile community (including the government) to Linux, particularly since all of the samples of targeted malware collected exploit vulnerabilities in Windows. I would be very interested to hear Slashdot readers opinions on this debate here." (More below.) Jamyang continues: "Allow me to play devil's advocate for a moment here: in the short term, moving to a platform that is perhaps less familiar to the attacker provides considerable relief, but it is essentially less difficult to write exploits for Mac OS/Linux than it is for Windows, given the many anti-exploitation mechanisms Microsoft has embedded in the last years, so in the long run, if the attackers want your data, the entire move is moot. People should choose a platform based on their productivity requirements instead of purely security. Furthermore, most of the web servers broken into during these attacks (to be used as command and control servers) were not Windows, but Linux. What do you think?
(While I have the floor I'd also like to take this opportunity to plug two initiatives where Slashdot readers can directly help the Tibetan tech community, either through sharing your expertise or your cash! Firstly, one of the obstacles to migrating to Linux for a Tibetan speaker is the lack of decent Tibetan font — can you help? Secondly, Avaaz is raising funds for projects that will help End The Blackout in Tibet, including a proposal to support the deployment of Psiphon's circumvention network. Thanks, or in Tibetan, thuk.je.che!"