Slashdot Mirror

← Back to Stories (view on slashdot.org)

Canadians To Douse Chinese Firewall

Posted by samzenpus on from the take-that-eh dept.

FrenchyinOntario writes "Researchers at a University of Toronto lab are getting ready to release a computer program called Psiphon, which will allow Internet users in free countries to help users in more restrictive countries (like China, North Korea, Saudi Arabia, etc.) to access the Internet by getting past the firewalls and getting around "rubber hose cryptoanalysis" which is a drawback of other anti-firewall programs as it reveals a user's tracks if discovered by authorities. Operating through port 443, Psiphon will allow users in monitoring countries the ability to send an encrypted request for certain information, and for users in secure countries to send it back to them. The UofT's Citizen Lab hopes to debut Psiphon at the international congress of the free speech group PEN in May."

7 of 342 comments (clear)

  1. Six/Four? by slavemowgli · · Score: 4, Informative

    This has already been done: Six/Four

    --
    quidquid latine dictum sit altum videtur.
  2. Re:Canada... by i_should_be_working · · Score: 4, Informative

    Except that the CRTC has nothing to do with what I can and can't view on the 'net.

  3. Re:Opressive Country to-do list by scenestar · · Score: 5, Informative

    An elegant wrinkle is that the data will enter users' machines through computer port 443. Relied on for the secure transfer of data, this port is the one through whichreams of financial data stream constantly around the world.

    "Unless a country wanted to cut off all connections for any financial transactions they wouldn't be able to cut off these transmissions," said Professor Ronald Deibert, the director of Citizen Lab.

    rtfa kthnx

    --
    perpetually dwelling in the -1 pits
  4. Can you say "open Proxy"? by jmorris42 · · Score: 4, Informative

    My complaint with this scheme, and Tor, is that they are essentially open proxies. Anyone who has ever had the misfortune to pooch the acl lines on a Squid and leave it running a bit will know what happens next. One day you notice your bandwidth pegged at max and you scramble to fix it.

    --
    Democrat delenda est
  5. This is different from a public anonymizing proxy by ikioi · · Score: 4, Informative

    Many people are asking, "How is this any better than somesite.com, a normal anonymizing proxy?"
    The difference is that this is a piece of software which runs on an individual person's computer.
    This is more like peer-to-peer than it is like 50,000 people using a well know proxy.

    The Chinese government can easily go to google and search for well known anonymizing proxies
    and block access to them. What the govt can't do, is find out every IP address on the internet
    running this software and block it. The downside of this software is that Chinese users must have
    a friend on the outside to run the software, but the upside is that it's vastly less likely that the
    Chinese government will be capable of blocking access to it.

  6. Obligatory definition by Baloo+Ursidae · · Score: 4, Informative

    Rubber-hose cryptoanalysis in The Jargon Wiki

    --
    Help us build a better map!
  7. Re:A HTTP Proxy with SSL? by chato · · Score: 4, Informative
    ... in the case of China, I believe that you need to trust that the first node is legit
    It doesn't matter if the first node is not legit. First, you can deny that you originated the traffic, as you can be relying packets for other Tor nodes. Second, the route changes every 10 minutes.

    China's internet censorship works at several levels. It includes content-based filtering (banned terms in the text of what you are sending, including "human rights", "democracy" and "Dalai Lama"), so any attempt to bypass the filtering has to be encrypted. It also includes DNS-based filtering so some DNS lookups return the wrong IP addresses, and of course it also includes IP-based filtering that prevent Chinese users from accessing the BBC or Wikipedia, for instance.

    Tor can be very effective at bypassing most of these protections, and you can choose to run it on port 443 (https) to avoid port-based filtering. Also, you can limit the amount of bandwidth you want to donate to other nodes, and the default outgoing policy prevents connections to port 25 so you can't use a Tor node for sending spam.

    On the client side, using SwitchProxy for FireFox is helpful to maintain a list of proxies, including a local Tor instance, that works as a SOCKS proxy, and a list of open proxies (SwitchProxy can automatically change proxy every X seconds).