Slashdot Mirror

← Back to Stories (view on slashdot.org)

Telex Would Work, But Is It Overkill?

Posted by CmdrTaco on from the kill-it-again dept.

Slashdot regular contributor Bennett Haselton wrote in this week to say that "The proposed "Telex" anti-censorship system could technically work, but unless I'm missing something, it would more cost-effective to spend the same resources on fighting censorship using existing technologies." His essay on the subject follows.

Professor Alex Halderman published a paper in July describing a new anti-censorship system called Telex, whereby users in censored countries could request banned websites by sending an encrypted request to an SSL-enabled website (i.e., a Web address beginning with https://) outside of their country -- even if the owner of the SSL-enabled website is not participating in the scheme. Since encrypted communications usually contain some random variation, that random variation can be used to embed hidden messages, which can then be decoded by any third-party observer who intercepts the communication and knows how to decode the hidden message. The third-party observer still cannot decode the original encrypted communication between the end user and the SSL-enabled website -- SSL is designed to be unbreakable by all but the intended recipient -- but the observer can decode the "side message" that was designed to be intercepted in transit. So a Telex-enabled router, in the process of passing the communication along, would notice the hidden request for a banned website, and pass the requested content back to the original user.

By analogy, suppose Mrs. Smith wants to send a letter to a friend. Mrs. Smith knows the letter will be sealed, and supposedly unopenable by the postman. But Mrs. Smith also has many choices of colored envelopes to use, and she has agreed with the postman on a color-coded system -- red for "Meet me tonight at the Motel 6", blue for "Not tonight, he suspects something" -- that the postman can "decode" when he picks up the envelope for delivery. The choice of envelope color is the "random variation" inherent in the sending of the message, which the message sender can use to send a "side message" to anyone who passes it along and who knows the system. The postman -- who is analogous to the Telex-enabled router -- has no access to the original sealed message inside the envelope, but he understands the side message just fine. (A Telex user may have no control over what routers their messages pass through, though, so they simply have to hope that there are enough Telex-enabled routers on the Internet that one of them will pick up the message and decode it. Imagine many different amorous mail carriers in the Postal Service, and any one of them who finds the colored envelope will be happy to show up at the appointed time, if Mrs. Smith is not picky.)

The novel feature of Telex is that it would not require the cooperation of the owner of the SSL-enabled website in order to work. You could send an encrypted communication to any website -- https://www.paypal.com/ for example -- and any Telex-enabled routers along the pathway traveled by the connection, would be able to decode the embedded message hidden in the randomness of the encryption. By contrast, for a user to make use of a typical proxy website like Vtunnel, the owner of the Vtunnel website has to set up the site as a proxy; this means the supply of such sites is limited to those websites whose owners have installed proxy software, and the censors have a greater chance of finding and blocking them all. Telex, on the other hand, would continue to work as long as the user in the censored country was able to access any SSL-enabled website, as long as their request happened to pass through a Telex-enabled router.

So far, so good. But this would presumably require an investment of at least several million dollars by any major backbone provider who wanted to try it, by re-configuring their major routers to speak the Telex protocol, and then potentially hundreds of millions of dollars for a sustained long-term effort. (As Halderman says, "We like to envision this technology as a possible government-level response to government-level censorship.") So here's my question: If any backbone provider (or government entity) wanted to go to that trouble to support the cause of fighting Internet censorship, why wouldn't it be much more straightforward for them to just set up proxy websites themselves?

Professor Halderman didn't respond to my inquiry on that point. The Telex FAQ notes that censorious governments can easily block new proxy sites once they find out about them. But in many censored countries, most proxy sites are not blocked, either because the government isn't trying, or they can't keep up. In China, hardly any proxy sites are blocked at all, as the government seems to put more of their resources into suppressing local dissent directly. Meanwhile in Iran, the censors do put more resources into actually blocking proxy sites -- but because Iran is on the U.S. State Department's embargo list, Iranian censors can't buy Internet censoring software from U.S. companies, so they have to find and block the sites themselves. As a result, newly released proxy sites often stay unblocked longer in Iran than they do in other Middle Eastern countries that use U.S.-made blocking software. Meanwhile, Saudi Arabia, for whatever reason, doesn't seem to block proxy sites at all for the time being. (Saudi Arabia is a strange outlier, since most conservative Islamic countries that filter the Web, also block proxy sites as well. It's not clear why Saudi Arabia doesn't.) So if a government or a philanthropist wants to help the cause of fighting censorship, just set up some proxy sites and pay to keep them running -- and you'll be helping the residents of all of those countries right away, for starters. This is in fact what Voice of America (through their various proxy programs) and the founders of UltraSurf (a privately funded network of anti-censorship servers) have been doing all along.

Even in the case of countries like U.A.E. and Yemen that are reasonably quick at finding and blocking proxy sites (as a result of using Western-made blocking software), the most cost-effective way to help these users is probably to set up more proxy sites, hosted at different locations and with perhaps with legitimate-looking "decoy" content, so that U.S. censorware companies can't keep up. My experience has been that the more money you spend (using unique IP addresses, buying .com domains instead of cheap .info ones, and setting up lots of proxies so that each one is sent to only a subset of your target audience), the longer the proxy sites last. You can also use proxy-like services (such as Tor, Hotspot Shield and UltraSurf) to route traffic through dedicated servers, to circumvent censorship in a way that is more transparent and convenient to the end user.

In short, existing proxy sites (and proxy-like services) do the job pretty well for many censored countries, and a massive cash expenditure on setting up more proxies (equivalent to the cost of setting up the Telex system) would probably be enough to demolish all other national filtering schemes completely. The software and tools to run proxy sites have already been tried and tested; all it takes to run them is money. Telex, by contrast, would require backbone providers to alter the architecture of their systems -- which means large-scale testing, isolation of any problems that arise, and countless other potential headaches. And that's not even counting the fact that censorious countries might detect which backbone providers are using Telex, and block all traffic from their countries to any sites hosted on those networks.

So I think Telex is a brilliant technical achievement, and I'd be happy if it got deployed, but I'd be scratching my head as to why the backbone providers (or the government, or whoever sponsored the effort) decided to kill a gnat with a flamethrower. I deal in flyswatters for a living, and they get the job done.

61 of 92 comments (clear)

  1. Still don't see what it has to do with teleprinter by Anonymous Coward · · Score: 1

    Telex is already defined...find another name.

  2. How can this work? by elFisico · · Score: 2

    What is hindering the oppressive regime to install its own telex-routers at the boundaries and filter out all telex-requests? Or, to use the analogy: why shouldn't the regime just block all coloured envelopes?

    1. Re:How can this work? by fuzzyfuzzyfungus · · Score: 1

      The theory, I'm assuming, is that by building the side-channel into SSL interactions with neutral parties, they are making it much harder to block the side-channel without also blocking a great deal of "legitimate" activity that the regime would find useful.

      Banking, commerce, the sort of stuff that induces the regime to not just block the whole damn internet. By doing that, instead of using a custom protocol, or using an SSLed connection to welovedissidentsinothercountries.us, both of which would be pitifully trivial to block, they would force the regime to either block a whole lot of economically useful traffic, or substantially degrade its security(the banks, for instance, are presumably already cooperating, so forcing them to drop SSL just makes it easier for the hackers...)

    2. Re:How can this work? by Baloroth · · Score: 1

      Exactly. The message has to be freely readable by any Telex routers, so presumably it has to be a fairly well known and distributed system (you can't just communicate with one router, since you don't know exactly how it'll be routed). Ideally, you could prevent the sale of Telex routers to that country, which might slow it down a bit, and presumably using the wonders of asymmetrical crypto the user software wouldn't be enough to decode the routing message. So it could work, but only in a pretty limited way.

      The basic idea seems interesting, though, as it would render the network itself a proxy, rather than routing through a single machine. Be really cool if there was a way to do this so that even knowing the exact details of the system, the host government couldn't stop the message, much as public key crypto can't* be broken even knowing the public key. Don't know if that would be possible, though.

      *In the time before the end of the universe, anyways.

      --
      "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    3. Re:How can this work? by mossholderm · · Score: 1

      What is stopping them is the fact that you have to be one of the appropriate telex destinations to even tell that a telex message is passing by. If you don't know the appropriate parameters, you can't tell that the SSL connection even has a telex message inside, much less tell what the message says.

    4. Re:How can this work? by elFisico · · Score: 1

      Exactly my point. Without a secret that is known only to the client and the "good" router but not the regime the whole scheme falls apart...

    5. Re:How can this work? by elFisico · · Score: 1

      This would imply that there is a secret shared between a "good" telex router and the client, but not the regime. How would one organize the distribution of such secrets to the clients without the regime being able to either block the distribution or sniff out the secrets?

      This is just shifting the problem from the communication link level to the secret distribution level...

    6. Re:How can this work? by jythie · · Score: 1

      While the US has problems and I agree we need to fight them.. it is no where on the scale of China/UAE/Iran.

    7. Re:How can this work? by gcnaddict · · Score: 1

      ...but there is a shared secret.

      The Telex header is public key encrypted on the client-side; only the private key of the backbone can be used to even know something is there at all. Just setting up another Telex interceptor won't mean anything as the new interceptor would have to have the private key that matches the public key of the clients using the service. Otherwise, it wouldn't know what to intercept because the request would otherwise blend in with all the other noise of that https connection.

      All a client needs is the public key and the requisite software. Unlike proxy sites which get blocked in droves, such a small pair of files would be almost impossible to track and block. Before long, it would just be distributed through old-fashioned hand-offs via flash drives.

      --
      Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
    8. Re:How can this work? by Osgeld · · Score: 1

      yea its not that hard to turn off the Internet when government does not want you to have it

    9. Re:How can this work? by icebraining · · Score: 1

      But if the Telex routers can detect the side message without breaking the SSL encryption, why couldn't the government routers?

      In fact, why couldn't the government install Telex routers in every ISP they control, but modify the software to drop instead of forwarding the requests?

      --
      Dilbert RSS feed
    10. Re:How can this work? by AJH16 · · Score: 1

      This was exactly my question as well. It relies on an uninvolved party being able to recognize and redirect the request which would seem to render the entire system useless if the censor can get access to a router that recognizes the data to be forwarded. It could then be stripped or blocked. I've yet to hear a good explanation of how the system is supposed to avoid this issue.

      --
      AJ Henderson
    11. Re:How can this work? by bgt421 · · Score: 1

      The answer is public-key cryptography, where I can send you a message encrypted with your public key, and only you (who knows the matching private key) can decrypt the message. A high-level analogy is sending everyone a box that they can close and lock, but only you have the key to unlock. It's impractical to obtain a private key given a public key. The tags or "secret messages" -- the colored notes in the analogy -- are messages encrypted with the public key of the Telex system in use. The initial analysis by the researchers indicates that it is infeasible to determine if the a tag is actually a tag or just a random number. Only a Telex server can tell if the field that holds the tag is a tag or not. Compromising the tag system in the way you describe would require compromising the private key from the Telex system. This would require quantum computing or espionage (stealing the key from the Telex system). It's a neat solution, actually.

    12. Re:How can this work? by Lorde · · Score: 1

      It would work because only friendly Telex stations outside of the censor's reach will be given the private key. Without the private key, it would be impossible to tell a Telex tag from a legit encryption nonce. The censor must either get hold of the private key - and the service could be built to use a new private key every few minutes - or brute force decrypt the suspected Telex tag, which is a lot more trouble than it's worth. The system operates on the same principle as RSA encryption - everyone knows how to perform the encryption/decryption process, but only a select few have the necessary keys to actually DEcrypt the message. The censor could go ahead and build as many Telex stations as they want, but unless someone gives them the private key they won't be able to tell a Telex tagged request from, say, a legit bank transaction request.

    13. Re:How can this work? by elFisico · · Score: 1

      OK, this finally makes sense. So it is steganography as well as encryption. Now I get it! :-)

      And there is no way to corrupt the side-channel-information?

    14. Re:How can this work? by elFisico · · Score: 1

      Hmm, ok, now it makes sense. But wouold it be possible to corrupt the message in the side-channel without invalidating the ssl-connection? That would mean there is a way to block the transfer after all...

    15. Re:How can this work? by elFisico · · Score: 1

      OK, but is it possible to corrupt the side-channel message by changing a few bits that are normally not used?

  3. Re:Stop Interfering In Their Internal Affairs! by YodasEvilTwin · · Score: 1

    So your basic position is that governments should be able to do whatever they want, and individual citizens should never be helped to do anything the government doesn't like? I hardly think the average Chinese citizen thinks that they shouldn't be allowed to access a website just because their communist overlords decided they weren't allowed to. Blocking websites isn't a "way of life".

  4. Re:Stop Interfering In Their Internal Affairs! by MozeeToby · · Score: 4, Insightful

    They're called Human Rights, not Citizen Rights. In the same way that many people feel it is immoral to sit by and watch another man starve, there are many people who believe it is immoral to sit by and watch other people be denied the basic Human Right of free communication and access to knowledge.

  5. Re:Stop Interfering In Their Internal Affairs! by fuzzyfuzzyfungus · · Score: 3, Funny

    I'm afraid that my way of life obligates me to meddle in other people's affairs and ways of life. This is a cherished custom I inherited from my ancestors, and one of the vital elements of my culture. Without it I would be culturally rootless and alienated.

    Please try to be sensitive and respect my deeply held customs and beliefs, rather than arrogantly forcing me to conform to yours.

  6. Re:Still don't see what it has to do with teleprin by i.am.delf · · Score: 1

    Came here to say this. Reusing names within the same field is fail. If you cannot be bothered to google a term to make sure it is relatively unused, you are lazy. When you work in electronics, computers or communication and don't even realize there is a protocol called Telex already....
    It would be like someone say I have a great idea for a computer. We shall name it UNIVAC...

  7. Re:When I read TELEX by 1s44c · · Score: 1

    That's Telix, not telex.

  8. Re:Still don't see what it has to do with teleprin by WrongSizeGlass · · Score: 1

    There is that delicious part about TOR (Telex-On-Radio).. Acronym overload is imminent.

    You mean TBNTT (Telex, But Not That Telex)?

  9. Re:Stop Interfering In Their Internal Affairs! by WrongSizeGlass · · Score: 2

    I appreciate the idealism and effort of this author, but why the fuck should he be trying to involve himself or be so concerned over other countries issues with respect to censorship?

    Some countries and their respective governments don't have the same western notion of free speech, I think its only fair we stay out of these fights. Why do outsiders think they know what is better for their countries?

    Its too bad, but I think we shouldn't be trying to help get around their laws and ways of life.

    Because it is other countries at the moment but there will come a day in the relatively near future that some restrictions are placed upon those of us in 'free' countries.

  10. Telex? Couldn't think of a better name? by Bill_the_Engineer · · Score: 3, Informative

    Seriously Telex is not only a brand name of communications equipment, but its also a name of a very old and still used protocol.

    --
    These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
    1. Re:Telex? Couldn't think of a better name? by Xocet_00 · · Score: 1

      He might also mean the old DOS BBS client called Telix.

    2. Re:Telex? Couldn't think of a better name? by OverlordQ · · Score: 1

      Are you sure you don't mean Teletex ?

      No, Telex. From the intro blurb for Teletex: Not to be confused with Telex or Teletext.

      --
      Your hair look like poop, Bob! - Wanker.
    3. Re:Telex? Couldn't think of a better name? by subk · · Score: 1

      No, Telex

      Still the wrong Telex. I think he meant Telex

      --
      Now, if you'll excuse me, I have backups to corrupt.
  11. Re:Stop Interfering In Their Internal Affairs! by jythie · · Score: 1

    This is an important point.... I find it amusing that some of the technologies that the US government helped fund to thumb their noses at China are now being decried in the US with the same agencies scrambling to find ways to break them. Fighting for the freedom of Chinese citizens, but freaking out when their own use the same protections.

  12. Telex by Osgeld · · Score: 1

    Has survived for decades and still lingers on today in special situations, thanks

  13. Re:Why do they post any of this guy's stuff? by 1s44c · · Score: 1

    Bennett Haselton is an idiot. Read some of his bullshit trying to defame judges (www.judgejokes.com) and it's clear how little he actually understands.

    I don't believe Telex could work. However whatever Bennett Haselton thinks about US judges has nothing to do with the reasons why. If he had a few bad experiences and decided to mock a few power-mongers publicly then good on him.

  14. Re:Still don't see what it has to do with teleprin by gcnaddict · · Score: 1

    Tint

    Telex is not telex.

    --
    Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
  15. new Telex() by MacGyver2210 · · Score: 3, Funny

    Error: Symbol 'Telex' already defined.

    --
    If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits
  16. Re:Stop Interfering In Their Internal Affairs! by houghi · · Score: 1

    So your basic position is that governments should be able to do whatever they want, and individual citizens should never be helped to do anything the government doesn't like?

    Hey, it works for the Americans, so why should it not in other countries?

    --
    Don't fight for your country, if your country does not fight for you.
  17. Re:Still don't see what it has to do with teleprin by bsharp8256 · · Score: 1

    It would be like someone say I have a great idea for a computer. We shall name it UNIVAC...

    Great idea!

  18. Re:Still don't see what it has to do with teleprin by icebraining · · Score: 2

    Tint is not TECO!

    --
    Dilbert RSS feed
  19. would work? by nedlohs · · Score: 1

    Yeah right, after all that huge effort to get ISPs in variouss places to spend money installing something their own customers don't use, the censoring government just aquires that hardware themselves and drops everything that it detects having "telex" crap in it (and sends the thugs to kick down the door of the guy sending the request).

    1. Re:would work? by nedlohs · · Score: 1

      No it wouldn't. If the telex box does it's stuff - easily observable by looking at the incoming and outgoing traffic to it - then you kill that session and send the thugs.

  20. Re:Why do they post any of this guy's stuff? by gcnaddict · · Score: 1

    I'm inclined to agree with your analysis (though I wouldn't have been as harsh about it) as it seems Bennett missed a critical point:

    Upkeep on a Telex-enabled system would theoretically be much less than with a coordinated proxy system used to "outrun" censors. The advantage to Telex is that -- barring a flaw in, say, RSA or PGP PKI -- all that's needed is one public key and a minimal application which handles the client-side logic, or in simpler terms, two files which would remain static barring either a leak of the private key, a cryptanalytical break, or a discovery of every Telex interceptor, all of which would happen far less often than the blocking of a proxy but would be as easy, if not easier, to correct.

    Heck, the facilities for this still exist. The NSA intercepts and conducts deep packet inspection on packets throughout the vast majority of the Internet. This would be a bolt-on fix, and no one would have to know the NSA did it.

    If the end result of the same initial investment in either Telex or Proxies would be the downfall of most (or all) censorship systems, why not go the route that saves on upkeep?

    --
    Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
  21. Telex will not work in the US by cjcela · · Score: 1

    It may work in other places where the government has not power over the ISP's, but in the US of A, as of yesterday, your online activity is recorded with the help of the ISPs, so good luck trusting you can anonymously do anything online, even if they tell you it is safe. I just do not think there is any polytical will to enable this type of systems. It is not much better in other countries. This really hurts; the US use to be a bastion of personal freedoms, but of lately, the government seems to be against its own citizens on this.

    1. Re:Telex will not work in the US by ferrouswheel · · Score: 1

      Yes it will. US citizens just need to access sites in a country with a high density of Telex capable routers.

  22. Who will build that router? by Phaeilo · · Score: 1

    So you want a router on level 7 that does a asymmetric crypto on every client_hello that's passing by. Even if such a machine existed and the border ISPs were compensated for additional costs caused by it, I doubt they'd put up with it. Traditional technologies like TOR or VPNs are already available and seem a lot less insane than "Telex".

  23. Paper Tape by theshowmecanuck · · Score: 1

    They might not have the right type of paper tape. You can always encrypt the hole patterns in the paper type if they do. At least if you are talking about the Telex that I and most of the rest of the world talk about when we use the word 'Telex'.

    --
    -- I ignore anonymous replies to my comments and postings.
  24. Is Telex business? by xnpu · · Score: 1

    Proxy's and VPN's are businesses. They make a profit. Our VPN and that of our closest competitors alone serve 100.000+ users in censored countries. This is quite an incentive to keep things running, and cost really isn't an issue. At all.

    Who will pay for Telex?

  25. Don't forget who runs the country by xnpu · · Score: 1

    There's no reason why these governments wouldn't require all traffic to go through a "transparent proxy". All they have to do is make a government CA in your browser mandatory (which many have already actually) and re-encrypt all connections while filtering them. Without it your connection simply gets blocked. Yes this costs a lot of resources but you're talking about something that would receive military-style budgets given it's purpose. In the end it's Cisco eating two sides of the pie and everybody else just wasting more money.

  26. Re:Still don't see what it has to do with teleprin by grimmjeeper · · Score: 1

    Or, perhaps, I want to make a new operating system that can run multiple copies of Unix. Though I want the name to mean something other than just a play on Unix. I'll change the last couple of letters and call it Multics for "Multiple Computer Servers"...

  27. Re:Still don't see what it has to do with teleprin by Marillion · · Score: 2

    There is an old tradition of airport telex machines (still in use today) being used to communicate with the outside world in the days before the Internet. Just before a massive crackdown, dictators would shutdown all phone lines going out of the country but overlook the airport telex circuits.

    --
    This is a boring sig
  28. Re:Why do they post any of this guy's stuff? by Bieeanda · · Score: 1

    Missing a critical point is a common theme in Haselton's opinion dumps. I used to have a lot of support for him when he was raising the alarm on Cybersitter and the specter of censorware with very strong political leanings, but he went out to lunch years ago and hasn't come back.

  29. Lets try it by hey · · Score: 1

    Maybe there are some billionaires out there who want to throw a few bucks at this? BillG, RichardB?

  30. Re:Stop Interfering In Their Internal Affairs! by colinrichardday · · Score: 1

    But if my culture obligates me to be insensitive to your culture?

  31. Re:Why do they post any of this guy's stuff? by Garridan · · Score: 1

    Why don't you believe it would work? The steganography itself is encrypted: it can only be detected by one holding the private key. Chat-enabled gmail produces enough https traffic that if Google installed Telex servers, there'd be plenty of capacity for legitimate use (that is, not downloading gigabytes of kiddie porn). If this had government / ISP backing, it'd be highly effective: the "message in a bottle" problem goes away if you know your destination will catch the message.

    The only problem I see so far is that it appears that the user needs to trust the Telex server operators. For example, if a curious American citizen uses Telex to obscure their visits to al-qaeda websites, it can likely be traced back to them. Am I missing something?

  32. Just use Steganography by FlyingGuy · · Score: 1

    It is all explained here.

    --
    Hey KID! Yeah you, get the fuck off my lawn!
  33. Re:Stop Interfering In Their Internal Affairs! by HarrySquatter · · Score: 1

    I hardly think the average Chinese citizen thinks that they shouldn't be allowed to access a website just because their communist overlords decided they weren't allowed to.

    Then you know very little about the culture of the Chinese.

  34. Re:Why do they post any of this guy's stuff? by 1s44c · · Score: 1

    Two reasons this won't work spring to mind:
    1) This requires core routers to attempt decryption on all SSL traffic passing though them. This is deep packet inspection on a scale the Internet has never seen and would require massively expensive router upgrades, if it's even possible at all. The companies expected to carry out all this work get no commercial benefit for their efforts. It's unlikely anyone else will pay these companies to do this work.
    2) The whole security model relies on a secret key being held on a massive number of different core routers, should this secret key ever be leaked anyone with it can detect that secret data is being sent. It won't be possible for either side in the communication to know if this is happening. You want to use this against China? Guess who built the hardware that holds the secret key?

  35. Well this is great and all but by bedouin · · Score: 1

    . . . it doesn't help when the entire country has an Internet kill switch. The average teenager in a country who needs this has been dodging filtering since middle school; political activists have been keen to alternatives for years. Blocking Facebook and Twitter in Egypt taught the entire nation about Tor.

    The people who really need and want unfiltered content know how to get it. I'd rather see work on wireless meshes and other alternatives, that will benefit everyone including the US as it becomes a more facist state than it already is.

  36. Re:Bennett Haselton by RespekMyAthorati · · Score: 1

    I don't get it.

  37. Re:Still don't see what it has to do with teleprin by rsilvergun · · Score: 1

    Yeah, but is it Linux?

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  38. This guy is biased and this article is a troll by LS · · Score: 2

    As someone living and working in China, I can tell you that Bennett Haselton's size http://peacefire.org/circumventor/ is currently unreachable in China.

    Once I use my personal proxy to get to his site, we find a link to a "Circumventor" site, http://www.mousematrix.com/. But after clicking the MouseMatrix link, it redirects to http://www.stupidcensorship.com/, which has the following message:

    This IP address range has been blocked from accessing our server due to abusive traffic.

    If you are a human who has been using our website, then you personally are probably not the reason that this IP address range got banned, so please send an email to bennett (at) peacefire.org with the subject line 'allow access', and include your IP address: 221.220.52.152

    Sorry for the inconvenience and hopefully we can restore your access soon!

    Now THAT makes a lot of sense. Block Chinese IPs from using your proxy service.

    I think this guy is just an ignorant hater. Who is he? He has no technical background, and his ego is hurt when someone with an actual working solution comes along. He claims that proxies work, but they don't, not even his own. You can put thousands out there, but there are tens of thousands of people in China working for the GFW that can block them all, and that is the status quo.

    Please don't give this guy any more time and front page space.

    LS

    --
    There is a fine line between being a cultivated citizen and being someone else's crop. - A. J. Patrick Liszkie
  39. Why Telex is Safer than Proxies by Karger · · Score: 1

    I don't think Telex is the right approach, but it offers one important benefit over the proxy approach: deniability. It may be true that regimes don't block all proxies. But if they decide to check up on you, they can see that you are using one of the censorship evasion proxies and punish you. With Telex, it appears that you are communicating with a legitimate web site; the only way to know otherwise is to crack the encryption and see that there's a message intended for Telex.

    Getting help from ISPs isn't the only way to accomplish that. For example, if you could convince major players on the internet to run Telex-like systems _on their own machines_, then a user would have deniability because they could claim they were using the legitimate services on those machines. E.g. this might be a nice thing to put Google's 900,000 servers to work on, and would be a nice payback for last year's China hacking scandal.. Or something that all American universities could do in the name of free speech. The obvious way to block such a system would be to block the hosting site, but that may force the censor to cut off access to useful material (e.g. the teaching content on American university sites).

    But it doesn't stop there; a censor could set up an SSL proxy and force all https traffic through it, which would allow them to decrypt any communication and look for suspicious side-requests. That's why we built a system a few years ago that disguises the subversive request in plain sight as a sequence of standard web browsing requests (and hides the response in images), without relying on SSL at all.

  40. Re:Stop Interfering In Their Internal Affairs! by fuzzyfuzzyfungus · · Score: 1

    I think, at that point, that we resort to some unpleasant Ultima Ratio Regum style solution and see whose culture happens to have developed more efficient means for wiping out the hosts infected by the other's...

  41. Re:Stop Interfering In Their Internal Affairs! by fuzzyfuzzyfungus · · Score: 1

    In seriousness, both about the above and about my original post, this really illustrates a fairly important distinction within the set of things that fall under "culture", and which affects how cultural tolerance/intolerance, diversity, etc. work:

    There are, first those elements of culture which are not mutually exclusive, or mutually exclusive in such a limited sense(oh noes! If I try to eat more than three traditional evening meals from different cultures in the same night I will be too full!) as to not matter. Funny clothes, weird food items, culturally sanctioned 'my invisible friend and/or the traditions of my ancestors say that these are my days off' days, etc. These occassionally cause minor inconveince, sometimes cause modest advantages(like Chinese take-out, or the fact that it's easier to find people to take the Christmas shifts when you've got people who aren't even culturally linked to Abrahamic monotheisms on staff...)

    However, "culture" deals with more than food items and traditional dress and whatnot. It also covers things like the legitimate distribution of power, the legitimate users of force, and the legitimate circumstances, and victims, of that legitimate force. These things are mutually exclusive. You cannot have a divide-right monarch and a constitutional representative democracy as the simultaneously supreme governing power. Neither is compatible with a theocratic state.

    At some point, in order to constitute a society, you pretty much have to declare a given set of cultural priorities supreme in the mutually-exclusive stuff that it defines. Some such declarations create vastly greater impositions than others on members of other cultural groups(eg. "your entire religion is heathenish satan worship, it is hereby suppressed." vs. "nope, sorry, stoning people for ritual uncleanness is murder under the law, you'll have to give that up or face the slammer."); but they all create some. You just have to decide which toes get stepped on.