Slashdot Mirror
Infranet: Circumventing Web Censorship
edsonw writes "In this paper presented at the 11th USENIX Security
Symposium, Feamster et alii presented a method that provide access to censored sites while continuing to host normal uncensored content, using covert communication and steganographic techniques." The Infranet webpage has some more information. No public code yet, though.
Yay! Porn at work for everyone! Umm...I mean, yeah, I hate censorship. And stuff. *g*
In order to enjoy the once free ("not as in beer but as in freedom) Internet, the average user has to sneak around like a criminal.
Information doesn't want to be free
Information just wants to be
hmm, a proxy server in hiding, eh? What will they think of next?
Seriously though, could the technology used to view the content, not be used by the very entity trying to prevent it's use to detect and block sites using the technology?
---
Programming is like sex... Make one mistake and support it the rest of your life.
In today's world censorship is very important.
Why, just yesterday I started a new conspiracy theory based on information that should have been censored. But, it wasn't! Now my head is full of ideas that will just add to my slow slide into complete madness.
Thanks censors, you are too late to help me.
Interesting idea. It seems to be a standard proxy that attempts to make the encryption seem to be unencrypted data. The trick will be making it transparent to the user, but still having it protect the data (if everyone in China starts requesting just .png files, from just a few servers, it would be awfully suspicious).
I'd also imagine that the http requests could get awfully cluttered if they are encrypted into patterns. How will they avoid having the patterns be recognizable to interceptors?
It will be interesting to see what the system ends up looking like.
Concerning the slow death of the internet I am suprised that no major effort has been made to create a new layer and method of communication over the Internet that, through the use of a well written EULA and some pre-emptive patenting create a new tunneled Internet piggy-backing on the old Internet. THrough the use of a distributed network similar to Gnutella one could have, say unlimited space to create a site. Then clients on the network replicate through a protocol (EULA'ed and Patented with Encryption) the site to neighbors based on demand and requirments. I shouldb't be that hard for some of those closet geniuses out there. Then in the EULA prohibit commerical use of the protocol that way we can get back to what the Internet is for, free information exchange. I can even think of an efficent way to replicate the site. Every client on the network (say A---B---C----D) can access the page at it's home address. Then I maintains a cached copy in a PGP'esque format. (Lets say B makes a call to D) B Now contains an encrypted cache of B (Scripts and all, the new format lets assume compiles in scripts). A requests D but B has a copy so A only goes out and gets a key from D to decrypt B's contents. Then A and B could hash their data and split it. (I am using a linear diagram but in a star map you could see the advantage of the hashing). I mean come on it's fool-proof way to eliminate commericals on the net. Create the protocol and throw encryption into it (Gaining the DMCA as a layer of defense) and then patent it BEFORE the public launch) and write a solid EULA to prevent commerical use (unless they pay a 99.9999% royalty rate on the gross revenues!). Do it! you know you want to!
-=[ Who Is John Galt? ]=-
you could take this a step further and change not only the transmission system but also the user! :)
what if you trained yourself to read numbers?
no more slashdot at work, oh no just a spreadsheet
a lot of work? perhaps, but who would catch you?
here's a solution, parse censored websites as haikus!
how come when chinese
build wall damn mongolians
try to knock it down
Having mixed feelings? Everyone hates censoring, unless it suits us, right?
Or is it that we completely support censoring? Or completely against it?
Can there be a middle ground??
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
Does this sort of use of circumvention measures constitute breaking the DMCA?
--
What short sigs we have -
One hundred and twenty chars!
Too short for haiku.
"using covert communication and steganographic techniques"
/. hof...
Good idea, but IMHO it will be expensive to implement, and then the question is who would really want it. Of course dont expect your office people to install it. Maybe certain organizations want it... and then also what garuntee is that it wont be made illegal under some god awful bill.
Till now it has been true that technology has always been a step ahead of censorship, but with the current state of laws, this wont be true for long.
I am positive that by the time a proper implemention comes out somebody will table the bill to ban it, then we will all cry hoarse in slashdot. The story will make to
Paranoia? Not exactly.. censorship is here to stay... and it is getting bigger.
My Aurora : http://www.youtube.com/watch?v=o91ZsGwJYyg
FB : https://www.facebook.com/TanveersPhotography
If I understand this correctly a public server (probably a public web site) needs to host the Infranet server bit to fetch the actual site the user wants.
What's stopping the 'censor' blocking access to servers that are known to run Infranet? If the user / client software can find out which servers support it, the censor can.
Maybe I'm missing something, but it seems pretty flawed to me.
I have quite a bit of experience with a few of the "censor" systems that exist due to my work in Infosec at the corporate level. I have to say that, based on my reading of the whitepaper, I'm uncertain that this will be a sufficient way to bypass most of the censorware that is widely deployed on (at least) corporate network gateways.
The problem here is that the "Infranet" software must talk to the responder directly in order for its steganographic stream to be understood. In the parlance of at least one censorware product, this type of thing would be classified as a "Proxy Avoidance System" and be blocked accordingly. This might be effective against keyword blocking due to the nature of the information being transmitted, but if used as a straight proxy bypass, most censorware products would only need to know where the responders are.
This method would be more difficult to detect than a straight proxy-through, but it still doesn't account for the fact that the "responders" must be known in some way to the transmitter. If a series of public responders is set up, it would only be a matter of time before those sites would be sewed up tighter than a drum by most "reputable" censorware companies' research teams.
As it is, it's not terribly difficult to bypass censorware if you have the ability to put something up on the outside to bounce off of. Nearly all of the production censorware that I see does absolutely nothing with HTTPS -- and the lax security of most firewall policies doesn't restrict the destination port of a standard HTTP/1.1 CONNECT request. With that available, give me any SSH server on the outside and I can get an encrypted session running to a proxy in a matter of minutes.
Come to think of it, I've never heard the people complaining about censorware's _limitations_, only about the limits that it places on them. The truth is that every one of them is imminently bypassable already. Why bother with steganographic communications unless you live in a place where even initiating encrypted communications would put you in the pokey?
Isn't there already something from a recent "Hacker Convention" (or something sounding more omninous) that can aid the user to circumvate state censorships ?
Sorry I don't remember exactly which "convention" is it, nor the name of the "stuff" (mebbe a program, mebbe a suggestion or an on-going project).
If anyone has more info, please post it here. Thanks !
Muchas Gracias, Señor Edward Snowden !
No public code yet, though
Oh, there IS software, you just can't see it...
1. Freenet (progressing at glacial speed) at www.freenetproject.org but very active with anonymous IRC, Frost (like Usenet), Freesites, etc.
2. Gnunet www.gnu.org
3. and finally cDc is coming out with an anonymous P2P network sometime this month. (at least they claim)
First we just had the internet, then came intranets and extranets, now we have something called an infranet? Christ, what's next? endonet? perinet? epinet? ultranet? hypernet? Just not satisfied until we've used all the greek prefixes, are we?
I guess if IANAL = I Am Not A Lawyer, :-)
(Yes, it's off-topic. Sorry.)
then IORAL = I Only Resemble A Lawyer
--
What short sigs we have -
One hundred and twenty chars!
Too short for haiku.
I'm glad someone got the joke :-)
Among those not mentioned (to my knowledge) are:
Peekabooty (http://sourceforge.net/projects/peekabooty/)
JAP - Just another proxy (web page is down, but you may be able to find the app out there)
Both of these apps create a local proxy which to my understanding fits the specs of the MIT project. My feeling is the more the merrier, as long as no spyware is added.
Still, it's sad that somebody would post that first one without understanding what the damn acronym means.
- Arnold Crenshaw
While it may be difficult to detect steganographic content in an image file, it is not that hard for a content filter to effectivly eliminate all steganographic content. In the case of China, all they need to do is apply their own steganographic data to each inbound image file.
Or, they could hold a copy of each image file the first time it is requested. Then, whenever the image is requested again they could compare the two. If the image files are not identical, then that is a clear sign of steganography, and they could then persue furthor investigation.
Come to think of it, the U.S. could do the same thing. I wonder if they are. It would certainly be an interesting way of feriting out potentuial terrists. Assuming that terrorists actualy use steganography.
There are some terms that need to be avoided and or discarded if we are to succeed at returning freedom to the Internet (and elsewhere).
First to go is the beloved and maligned 'hacker', we lost on that one, it's gone no matter what effort is used to returned the word to it's productive and wholesome origin. Using hacker is going to throw red flags in too many places to make it worth the risk of losing a fight that is about a lot more than words.
Lets substitute something harmless, instead of hack and hacker, make it repair and repairer.
other words some of the used in the infranet website are;
censor/ed, change to impair/ed
circumvention, to repair (don't used 'fix')
covert, to reliable.
Maybe some of you can see where I am headed.
The title for the Talks would change from:
Infranet:Circumventing Web Censorship and Surveillance to,
Infranet:Repairing Web Impairment and Data Leakage
For those who didn't get it yet, here is the point.
Our inside terms have spilled to the outside and been manipulated to the darkest of interpretations.
The inside terms have then been used to propagandise the public into accepting them, and then it gets codified into law.
Lets get out of our terms and sic the thought police on themselves by being more descriptive, and not letting them play us with our own words.
Then why, despite the fact that Mexico has 4 times the population of Canada, are there more Canadians illegally residing in the US than Mexicans?
I believe what it lacks most is some kind of "FreeZilla" browser - an all-encompassing package with a friendly, known interface. The package should install Freenet infrastructure and all tools necessary for publication and browsing.
I believe that something like this is in place Freenet would be ready for a population explosion...
and finally cDc is coming out with an anonymous P2P network sometime this month. (at least they claim)
Yeah that's peekabooty at http://sourceforge.net/projects/peekabooty
You've probably noticed that Slashdot has a lot of a) duplicate stories and b) very similiar stories (RIAA/MPAA sux, censorshop sux, linux kernel 2.1.0.2.1.2.1 released, spam sux)
Hey, If Slashdot posts duplicate stories, you can karmawhore with duplicate posts, right? So when there is Yet Another Duplicate Story, just use the placeholder-for-a-real-search Slashdot has, and when you find a similar story (not that hard even with Slashdot's crappy seach), set the threshold at +5 and copy-paste some posts into the new story. It helps if you post a reply to your own post as an AC complaining about the posts being at -1. You know, something about "crack smoking moderators" always works.
Don't believe me? Look at these:
I made those posts and now I post at 1 again. I'm going to go on at least until I get +1 posting bonus...
So I'm a pervert. Welcome to the Internet.
IANAL - UORAL
Which are used to protect copyrighted content.
Generally, they have to be able to argue that you broke a copy protection system, even lame copy-protection systems (Adobe's ROT13 for EBooks), or copy-protection systems that do little to prevent copying (DVD-CSS), but rather limit playback and conversion to other formats.
I can understand why one would think the DMCA's anti-circumvention section applies too all forms of circumvention giving the way the law has been abused (Threatening Academics with Lawsuits), but it really only applies to copy protection systems.
"Communism is like having one [local] phone company " - Lenny Bruce
Can you imagine a #438 of Slashdot autoresponses?
The "stuff" is called Peek-A-Booty.
The key to success for a scheme like this would be for responder websites to be not just inocuous, but also very popular in their own right. Since by design you have to block ALL traffic from the responder to stop the Infranet traffic, you'd get a huge outcry from the user base. Plus these sites have very dynamic content, so seeing the same URL come across with different content would not in itself be suspicious.
In the case of corporate proxy filtering, news and financial sites like CNN and the Wall Street Journal would be useful. In the case of foreign country censorship, you'd have to use non-news sites because objective reporting is exactly what they're trying to block.
Because they're white, not many people will give a shit. So what?
I'm always surprised that the freedom thing comes up in these discussions. Look at the web page that this thing links to. It starts out mentioning that many "countries and companies" [sic] "routinely apply blocking".
.mil and .k12.state.us have given up any expectation of effective censorship, for the good or for the bad. The amount of porn spams hitting my company from .mil or k12 institutions is just shocking, and maybe corporations should follow the lead of the government in just doing away with firewalls and let Al Qaida and the spammers sort it all out through economic darwinism.
Uh huh. And then, in the footnotes you'll find the literature references which almost exclusively point to repressive regimes.
It's pretty rare that you see privacy advocates point to blocking measures being used to increase privacy. In the case of corporations, that includes privacy w.r.t. corporate secrets, as well as privacy w.r.t. the internal infrastructure (think viruses, worms, JavaScript "window.open" bombs, etc).
For some reason, it never occurs to some privacy advocates that even at the individual level, blocking can be beneficial.
The most interesting discussion, on how democratic controls should be applied to the filtering, is rarely held.
I'm stuck in corporate hell. If dozens of users beat down my door with requests to block porn spam, then I'm not just legally justified in blocking the shit, but also morally.
It's rare that people are actually offended by it. More often than not, it's just because they lose work because they open an e-mail, and their system just locks up under the load caused by all the window.opens.
I'm fully aware that some corporate sysadmins are moralistic dorks. But I'm quite offended by the insinuation that by blocking certain web sites I'm somehow taking away my users $DEITY given rights to view certain information crucial to their civil rights.
Oh well. All evidence points to the conclusion that
Bert Driehuis -- All I asked was a friggin' rotatin' chair. Throw me a bone here, people.
Interesting. Hey! We got "offtopic", rather than "troll". Neat.
What I was saying is that there should be one instaler, downloadable as freenet.zip, freenet.rpm and freenet.tgz that would install everything needed for Freenet access and configure the user browser to use it.
I think that to leave the development stage and enter the userbase sphere, Freenet will need to be not only stable, fast and secure, it will need to be easy to install and use too.
Flaimbait? That was just arbitrary and you know it.
- Arnold Crenshaw
As far as I'm concerned censors need to be lined up and mass exacuted.. Damn it I going to get myself shot at again. Ok.. Forget what I just wrote!