By Tuan Nguyen
Posting in Cities
A new system would would turn the entire internet into a proxy server and make it virtually impossible for a censoring government to block individual sites.
Researchers have developed a new technology that may finally put an end to elaborate government-enacted internet censorship schemes like the infamous Great Firewall of China.
Implementing it, however, would require a broad infrastructure and widespread support from the international community.
Up until now, anti-censorship technology typically involved routing users around these blocks through an outside server called a proxy. The problem with this method is that it essentially becomes a game of whack-a-mole where individuals and groups would need to set up a new proxy each time authorities detect and blocks it. The new system, called Telex, takes a completely different approach wherein the entire internet is turned into a proxy server, which makes it virtually impossible for governments to block individual sites.
"This has the potential to shift the arms race regarding censorship to be in favor of free and open communication," said J. Alex Halderman, assistant professor of computer science and engineering at the University of Michigan and one of Telex's developers.
How Telex works
The Telex software can be made available to be downloaded from a site or a copy can be borrowed from a friend. Once installed, the user can access blocked web sites through Internet Service Providers (ISPs) outside the censoring nation that deploy equipment called Telex stations.
The process begins with the user establishing a secure connection to any password-protected site that isn't blocked, otherwise known as a HTTPS website. This connection works as a decoy and allows the Telex software to mark it as a Telex request by inserting a secret-coded tag into the page headers. These tags utilize a cryptographic technique called "public-key steganography."
"Steganography is hiding the fact that you're sending a message at all," Halderman said. "We're able to hide it in the cryptographic protocol so that you can't even tell that the message is there."
The secret request is passed through routers at various ISPs until it reaches the ones that operate Telex stations. The stations have a private key that can recognize tagged connections from Telex clients and divert it so that the user could visit any site on the Internet.
International cooperation required
For the system to work, the one major caveat is that large segments of the Internet would need to be involved through participating ISPs.
"It would likely require support from nations that are friendly to the cause of a free and open Internet," Halderman said. "The problem with any one company doing this, for example, is they become a target. It's a collective action problem. You want to do it on a wide scale that makes connecting to the Internet almost an all or nothing proposition for the repressive state."
For now, the technology is at the proof-of-concept stage, which simply means the researchers have done most of their tinkering using a prototype system. Experiments so far have involve having testers browse the web for four months and a trial with a Beijing-based client who was able to stream videos on the blocked site YouTube.
The research team is scheduled to present the system on Aug. 12 at the annual USENIX Security Symposium held in San Francisco.
Related on SmartPlanet:
- Dramatic video: hacker vs. computer
- Infographic: How Stuxnet supervirus works
- Did Twitter scoop the news media on Bin Laden announcement?
- Report suggests that U.S. helped create super cyber weapon
- Anonymous hacktivists add Stuxnet code to their arsenal
- Our Internet is breaking down, here’s the path to a new one
More on the rise of Chinese tech:
- Video: China unveils world’s longest sea bridge, but is it?
- Is China’s helicopter drone a spy bot?
- China to launch lunar rover, mine moon for nuclear fuel
- A tell-tale glimpse of China’s stealth technology
- China to develop a greener nuclear reactor
- China to build cloud computing city
Aug 10, 2011
Censorship is about to come home to roost here in the USA. Our Congresswoman in District 7 of sleepy old Tennessee has introduced HR 96, the "Internet Freedom Act." It would more properly be called the "Corporate Takeover and Privatization of the Internet Act," because the net effect of the bill is to turn over the people's Internet to corporate giants such as AT&T, Comcast and Verizon to carve up as they wish for profit. Blackburn is the point person for the campaign to "keep the government's hands off the Internet." Her bill states that the Federal Communication Commission, which has regulated mass communications in the public interest since 1934, is to have no oversight and no role whatsoever regarding the Internet. She has publicly stated that "Congress should control the Internet" to keep it free. But isn't Congress the government...? Hmmm. In George Orwell's book, ???1984,??? things were called the opposite to misdirect the masses and to help those in power slide their sleaze past the people. For example, the Ministry of Truth and the Ministry of Love were anything but. Currently, the Internet is protected by our First Amendment freedom of speech rights. By removing these protections from the web, Internet Service Providers (ISPs) such as Comcast, AT&T and Verizon (all big campaign contributors to Blackburn), will be able to CENSOR, BLOCK, or DENY SERVICE to any web site, organization or individual they do not agree with, for any reason at all, including political position or opposition, religious affiliation, content or opinion. The ISPs would control the Internet. And they could control what you are "allowed" to view or post. Not coincidentally, the current president of the U.S. won the vote largely through a grass-roots web-based campaign. I wonder... why would the G.O.P. want to limit free access to the Internet in, say, 2012...? As the power-wielders in "1984" knew, if you're going to lie - lie BIG. If you're going to steal freedom away from the public, label it the OPPOSITE of what you intend to do, and promote it in LOUDLY and in PLAIN SIGHT, (i.e. Fox News, Rush Limbaugh, etc.) People will line up in lockstep around the lie without bothering to question the details. The new software referenced in this article is great. But if the ISPs end up controlling what we can and cannot download or view on the Internet, the point is moot.
...but the bad guys would be able to hide themselves. When it comes down to it, only a tiny fraction of us believe in total freedom of speech. Whether it's terrorists, kiddie pornographers, cyber thieves or what have you, the great majority of us believe that there really is evil on line. So I reluctantly have to agree with the skeptics. It won't just be China doing it's usual behind-closed-doors extortion. It will be the governments of the liberal democracies as well that will cut this off.
what government, ours included, would "indulge" its citizenry by allowing us to get around censorship. i can just hear them now. "Of course we're against censorship but hey, it's a necessary when disaster strikes . . ."
If I were a hacker I'd be salivating over the prospect of hijacking a telex proxy. I'm sure that it is NOT the case that this research is so narrow as to say that its job is finished when the telex principle is adequately demonstrated... leaving all other aspects like security as an exercise to the reader. Academic research is much more thorough than that... In fact, hacking this may make simple work of identifying its users... which would put China at the front of the hacker queue.
Fine, but what if some country (China, Iran, North Korea, etc.) wants to be a control freak? All they have to do is block outside access entirely (including satellite), and set up their own internet framework.THAT, they can control as they wish. I'm surprised that this isn't already being done.
Even if the software works well, the first step governments will take is to make it illegal to use or host the software. Unless, that is, if they could hook into it somehow...
The global trend, both here and abroad (even amongst supposedly "free" nations) is for governments to co-opt the ISPs to make censorship and surveillance easier, not harder.
Governments can't cut this off. It can be done by anyone on their own computer. This system, or one like it has been introduced many times. It always fails in the end. It's just too hard to use. Users value ease over privacy. The Government won't have to do anything but sit back and watch.
You misunderstand the system. There will be no central proxy server. That is how it works. Right now, there is a proxy server for your internet. It is called DNS. There are several DNS servers. They take a name, like "http://www.smartplanet.com" and translate that into a real internet address, which is currently a string of four numbers. If you have your own list of numbers, then you can go directly to the address you want without ever using the DNS system The government control of the internet takes place at the DNS servers. The US Government uses the same tactics as the Chinese do. The Chinese do it for political reasons, the US does it for Political payoff reasons ( think Hollywood), but the mechanics and methods are the same. To do more, the governemts would have to stop the traffic and look at the packets. There are ways to make that harder to do (HTTPS, for instance), and it would seriously degrade service to put it in. That is rarely done, because no government has the resources to really stop and examine each bit of information that flows to each of it's citizens. one or two, yes. One or two Hundred Million, No. And, the packets all tell where they came from. Packets are passed down from computer to computer. It is possible to change the computer address, but the real computer address for the rout is on the list, or you would never get it back. Just like with a phone line, if you can receive it, it can be traced. But there are literally Trillions of packets traveling on the internet at any given time. No single government has the resources to track them all. The US has tried, and failed. So have the Chinese and the Russians. The Egyptians recently tried, with a much smaller number of people. They couldn't either, so they pulled the plug that connects Egypt to the rest of the world. (There are only two cables, one to Italy, and one to Israel.) China will fail again if they try. They aren't trying. It's just too hard, and would upset too many of their own people.
Your idea has been done, countless times. But,the advantages of the real internet outweigh the disadvantages. China has tried to just operate it's own internal internet. Many Corporations do also. But the real internet was beckoning, and the countries found that it hurt them more to not use the internet. So, they use the internet, then try to control the people. The list of those who had done that would include China, Viet Nam, Cuba, Venuzulea, Iran, Egypt, Syria, Myanmar (Burma) and the list goes on. That includes the UK, the US, Germany, Italy, Australia and Russia too, by the way. In the end a means of communications that doesn't let you communicate just isn't very useful.
Mubarek tried that in Egypt. That's when he lost power. You can get away with a lot, as a dictator, but if you make ALL the people mad, Your Outta There!
We have bigger problems, make our Internet secure from Hackers. We need to take a couple of steps back, then move forward with new technology hardware and software. Then move forward, not keep fixin' a bad initial design.
The telex scheme requires the use of SSL (https://) to hide the true destination. I don't see why China can't simply shutdown SSL on all sites outside of the country. I'm sure they'd like to see what's in those packets anyway.
You will never make the internet safe from Hackers.Hackers built the internet. There is no way to keep them out. ;;; Oh, you mean Crackers. That would be people who crack open other peoples computers for various criminal activities. If you want to keep cracker out, the first step is to not run anything from a company called Microsoft. There also problems with computers produced by companies calle Apple and Cisco. Cisco is working to fix their problems. The other two are doing things, but mostly to make customers think they are or will be safe. The large professionals of course, use other systems. It can't make them totally safe, but if used properly, it can make it much harder. then the hope is that the criminal element will crack someone elses computers. The names to remember if you want to take those few steps back and then move forward things you will want to use are "Unix, BSD, Linux" you will also want to understand things like "Screening, Honeypot, and SE" less secure are things like "Sandbox, Scanner and Virtual Machine". This will be a technical issue for you to solve. The basic transfer protocol to use will be something called IP V6. It is a larger variant of the TCP/IP protocol that the internet currently uses. As the internet workes by passing small 'packets' of information between computers, you cannot change that basic behavior and still communicate with a large number of other computers. There will still be risks. Anything that can be made, can be broken. We can't keep it from happening. But, we can make it harder to break. But, like at home, you cannot keep burglars, out, but you can have a lock with more than one tumbler, where all the houses use the same key. Why have the least secure house on the block?