Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Debut Proxy-Less Anonymity Service

Posted by CmdrTaco on from the you-can't-see-me dept.

Trailrunner7 writes "As state-level censorship continues to grow in various countries around the globe in response to political dissent and social change, researchers have begun looking for news ways to help Web users get around these restrictions. Now, a group of university researchers has developed an experimental system called Telex that replaces the typical proxy architecture with a scheme that hides the fact that the users are even trying to communicate at all."

18 of 116 comments (clear)

  1. Um. excuse me? by countertrolling · · Score: 5, Insightful

    The key innovation in Telex is that it uses "stations" installed at ISPs to recognize and reroute specially tagged requests from clients trying to reach censored sites.

    Oh, right... We can fully expect our friendly ISPs to go along with this nice, convenient fully centralized 'service'... Pleeeze

    --
    For justice, we must go to Don Corleone
    1. Re:Um. excuse me? by mlts · · Score: 4, Insightful

      Even if they went along with this "service", all it takes is one of the Four Horsemen of the Infoclypse (as Tim May put it) to rear their ugly heads through the connection, and the ISP will either stop running the station, or make sure they have thorough logging.

    2. Re:Um. excuse me? by gerddie · · Score: 5, Interesting

      After reading TFA: They do not assume that your ISP has this "station", only some ISP. You tag your https request to some unblocked site by using public key code encryption to indicate that you want a secure anonymous connection. When your request packages are routed you might hit a router from an ISP who runs such a "station". This router may identify the tag and and if so, the "station" answers the request by setting up an encrypted between itself and the user (you) who can then use it like a proxy. In other words - the headline is wrong, because you still use a proxy, the only difference is that the IP of the doesn't need to be publicly known. Instead, you need to know the public key of a (group of) station(s) and hope that the traffic gets routes to pass through one of these.

  2. Bad assumption by Anonymous Coward · · Score: 4, Interesting

    The bad assumption is that government controlled ISPs in said censored nations won't make their own Telex nodes and just intercept traffic before it reaches the web at large. The really bad assumption is that other ISPs between the end user and the fake destination will have Telex nodes to do the dirty work. This method seems to be screaming MITM me.

    1. Re:Bad assumption by mmmmbeer · · Score: 5, Interesting

      I don't think just any node could interpret the message. It would be built specifically for the node they are using. It also doesn't imply anything about not using other security. The telex message could be (and probably should be) an encrypted communication, so the telex node would just know where it's going, not what it means.

      Basically, all this does is allow any website to act as a proxy without being obvious that they're a proxy. It's an interesting idea, but I don't think it has any chance of working. Governments will identify possible nodes through either technological means or just good old "social engineering" (snitches) and simply shut off all access to those sites. Or they'll take it a step further and restrict all sites except for a whitelist.

    2. Re:Bad assumption by punit_r · · Score: 2

      A different way to look at the assumption is, the guys who will be making and maintaining "telex" nodes will not sell them to any Government or ISP that censors the internet.

      And the telex client software will change the public keys used to sign the encrypted requests periodically via some update mechanism. This will ensure that ISPs that had claimed to be anti-censorship earlier to get hold of telex boxes with private keys can not turn on their censor filters later and use the old telex boxes to intercept traffic.

  3. "Telex" is old and still around. by grub · · Score: 2


    I remember Telex ads from when I was a kid. Lo and behold, Telex is actually still around.

    --
    Trolling is a art,
  4. Re:Subject-Verb Agreement by davidbrit2 · · Score: 4, Funny

    They are practicing hiding the fact that they're trying to communicate. Almost had me fooled, too.

  5. Proxy-less by Anonymous Coward · · Score: 5, Insightful

    Okay, so we rename the proxy a "station" and now we can call it proxy-less?

  6. Looks like port knocking to me, just with params by frith01 · · Score: 2

    It would be easier to configure a web service which recognized X keyword searches from the same session to convert the session to a port forwarding ssh session to an appropriate proxy.

    ( google search on book, monkey, tuesday, and blue gets you ssh forwarded to privoxy.com, etc. )

    your https connection stays to the main site, & it just forwards the data .

  7. Friendly countries by sverrehu · · Score: 2

    "Friendly countries"; like, the USA?

  8. Re:Telex? by vlm · · Score: 2

    What's the point of naming it Telex? Are they trying to make it hard for end-users to find information about it or do they want the end-users searches to look anonymous with a known term?

    The point is to signal that they're noobs hence not to be trusted with sensitive traffic.

    I've got an idea, how about freenet and/or i2p? That might work. With namecoins for domain registration? Naah I'll never get that past the NiH filter.

    My favorite part about freenet and i2p is "recently" at least on headless linux boxes, they could be installed together, but having made the mistake of being implemented in Java, one sort-required a very specific version of the official sun JRE and the other required another specific version of the openjdk runtime. Way to go, java guys, love that write-once run-everywhere ^H^H run-nowhere architecture.

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  9. Taco, whassa mattah wit you? by countertrolling · · Score: 4, Insightful

    As state-level censorship continues to grow..

    FTA: Widespread ISP deployment might require incentives from governments.

    Can you see the little flaw in this whole concept yet?

    --
    For justice, we must go to Don Corleone
  10. Re:Subject-Verb Agreement by geminidomino · · Score: 2, Informative

    That is why the [sic] notation exists, though, to make sure your pedantic readers know that it wasn't your screw-up.

  11. Re:all we have to do by glop · · Score: 2

    Not the same ISPs. ANY ISP that is on the traceroute to uncensored websites allowing https.

    And the local ISP won't even know there is anything special with the network traffic as this uses public steganography in encrypted data streams.

    Only somebody who has the private key can know the data are "special". So the only remaining attacks on this are:
    - steal a private key from a trusted organization
    - spoof a private key (Bad people can create the "TRUSTME" service, get people to trust it and spy on them)
    - block all https traffic to any ISP than does not want to help the spying government.

    Owning the local ISP used by "TELEX" users does not accomplish anything so this is a definite improvement.

  12. Re:Telex? by ribuck · · Score: 3, Funny

    What's the point of naming it Telex? ...

    I think you might have missed the point. The freedom-friendly ISP routes the connection across the near-defunct Telex network, and therefore bypasses censorship.

    Of course, the websites you browse only display upper-case characters and EBCDIC Art graphics.

    --
    Paid Q&A/Research
  13. Re:anjaana-anjaani by cvtan · · Score: 2

    Worst punctuation I've ever seen.

    --
    Sorry, but gray text on gray background is making my eyes bleed.
  14. Re:all we have to do by Obfuscant · · Score: 2

    Not the same ISPs. ANY ISP that is on the traceroute to uncensored websites allowing https.

    One of the ideas of the Internet is that routing can change at a moment's notice to "route around failures". The traceroute you run now may have a different result than one you ran a minute ago.

    In other words, the packet you send to site A can travel over any route between you and A, and it will not necessarily always go through Telex site B.

    Now, the packets that Telex site B send to Censored site C on your behalf will get through because it doesn't matter what route you used to get to B, B is talking to C and C sends the answers back to B, which then sends them back to you over any route available.

    But if your route to A changes during the connection, your "secret connection" to C goes away. B is no longer redirecting your packets to C because B isn't getting them. Some other sites are doing the routing. New Telex site D may get your packets, but the connection was between B and C, not D and C. And if there are no Telex sites between you and A on this new route, A is going to get packets for a connection that it doesn't have setup.

    The only reliable way for this to work is if the Telex sites are at YOUR ISP so there is little chance of a routing change. If it is at your ISP, then they are most likley under the same government thumb that you are, and you are hosed.