DOCSLIB.ORG

Massbrowser: Unblocking the Web for the Masses, by the Masses [Pdf]

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Massbrowser: Unblocking the Web for the Masses, by the Masses [Pdf] MassBrowser: Unblocking the Web for the Masses, By the Masses Milad Nasr∗, Hadi Zolfaghari,∗ and Amir Houmansadr University of Massachusetts Amherst fmilad,[email protected] Project Website: https://massbrowser.cs.umass.edu/ Abstract 1 Introduction Existing censorship circumvention systems fail to of- The Internet plays a crucial role in today's social fer reliable circumvention without sacrificing their and political movements by facilitating the free cir- users' QoS, or undertaking high costs of opera- culation of speech, information, and ideas; democ- tion. We design a new circumvention system, called racy and human rights throughout the world crit- MassBrowser, with the objective of addressing such ically depend on preserving and bolstering the In- practical weaknesses of existing designs. Our sys- ternet's openness. Consequently, repressive regimes, tem is based on a new design principle, called \the totalitarian governments, and corrupt corporations separation of properties," that states that circum- regulate, monitor, and restrict the access to the In- vention systems should be tailored for circumven- ternet, which is broadly known as Internet censor- tion as opposed to offering additional properties like ship. The techniques commonly used to enforce cen- anonymity. We combine various state-of-the-art cir- sorship include IP address blocking, DNS hijacking, cumvention techniques to make MassBrowser signif- and TCP content filtering [14, 38, 40, 60] to block icantly resistant to blocking, while keeping its cost access to certain destinations or to prevent certain of operation small ($0.001 per censored client per forms of content from being transmitted. To en- month). sure compliance and to detect undercover politi- cal/social activists, repressive regimes additionally We have built and deployed MassBrowser as a fully utilize advanced networking tools, including deep operational system with end-user software for regu- packet inspection (DPI), to prevent the use of the lar Internet users (currently in beta release mode). censorship circumvention technologies by their citi- A key part of MassBrowser's design is using non- zens [35, 36, 57, 77]. censored Internet users to run volunteer proxies to To restore the openness of the Internet, researchers help censored users. We perform the first user study have designed and deployed an arsenal of tools [10, on the willingness of typical Internet users in helping 14, 15, 31, 32, 41, 46, 50, 61, 72, 74, 80] that help users circumvention operators. We have used the findings bypass censorship. Such tools, known as circumven- of our user study in the design of MassBrowser to tion systems, deploy a variety of techniques ranging encourage wide adoption by volunteers; particularly, from IP indirection to onion routing to traffic obfus- our GUI software offers high transparency, control, cation [38, 60]. and safety to the volunteers. Key shortcomings of existing systems: Unfor- tunately, existing circumvention systems suffer from ∗The first two authors made equal contribution. one or all of the following weaknesses: (1) Easily 1 blocked: A majority of in-the-wild circumvention sys- and be able to communicate through blocked social tems, including Tor, Lantern, Psiphon, and VPNs, networks, but for the majority of the censored users work by setting up proxy servers outside the censor- properties like anonymity are not a concern. This ship regions, which relay traffic for censored users. is evident by the fact that \public" VPNs, \pub- Unfortunately, the proxies are implemented in a way lic" HTTP proxies, and centralized circumvention that are easily blockable by the censors, e.g., due to systems like Lantern [39] and Psiphon [53] are the using a small set of IP addresses that can get enu- most popular among censored users in China and merated and blacklisted by the censors [57,59,75,77]. Iran [66, 67] (when compared to privacy-preserving (2) Costly to operate: To resist proxy blocking by the alternatives like Tor) despite the fact that they pro- censors, recent circumvention systems have started vide no anonymity or browsing privacy [27]. to deploy proxies on shared-IP platforms such as The SoP principle enables us to optimize the per- CDNs [44], App Engines [25], and Cloud Storage formance of a circumvention system around blocking services [9], a technique broadly referred to as do- resistance, and to offer features like anonymity and main fronting [19]. This mechanism, however, is pro- browsing privacy as options to the users (possibly by hibitively expensive [45] to be used at large scale. degrading the QoS). We will demonstrate how bas- (3) Poor QoS: Proxy-based circumvention systems ing our design on SoP enables us to overcome the like Tor and its variants [32, 43, 65] suffer from low circumvention shortcomings discussed above. Note quality of service (e.g., very high latencies and low that while systems like VPNs and HTTP proxies do bandwidths). This is primarily due to the imbalance not aim for anonymity/privacy, they do not leverage between the bandwidth demand from censored users the SoP principle in optimizing censorship resilience, versus the bandwidth available by the proxies (e.g., which is the key approach taken in this work. Tor's ≈ 6500 relays need to proxy traffic for around two million daily users [58], while some users lever- The MassBrowser System: We have designed age Tor for bandwidth-extensive applications like Bit- and implemented a new circumvention system, called Torrent. (4) Hard to deploy: Modern circumvention MassBrowser, that aims at addressing the weaknesses systems proposed in the academia are impractical to of prior designs being based on the SoP principle. be used at large scale due to various reasons. For That is, MassBrowser aims at offering reliable block- instance, decoy routing systems [31, 37, 80] require ing resistance while providing practical QoS and low wide adoption by Internet ISPs, and tunneling sys- operational costs. MassBrowser is a volunteer-run tems [32, 34, 43, 65] can be disabled by third-party proxy-based system: it leverages normal Internet service providers they use for tunneling. users with access to the free Internet, which we call Buddies, to proxy censored web traffic for censored Our approach: In this paper, we present a new cir- users, i.e., Clients. The key to the resilience and QoS cumvention system that aims at addressing the short- of any volunteer-based circumvention system like ours comings of existing circumvention solutions. We base is to have a balanced ratio of proxying capacity to our system on a design principle not employed by ex- circumvention bandwidth demand. Towards this, we isting circumvention systems. Our principle, which leverage the SoP principle to (1) optimize the proxy- we call the separation of properties (SoP) prin- ing load on Buddies by using CacheBrowsing [29] and ciple, states that the key feature targeted by an ef- other selective proxying mechanisms introduced later, fective circumvention system should be blocking re- and, (2) encourage volunteer participation by giv- sistance, and other features such as anonymity and ing Buddies full control and transparency over what browsing privacy should be left as optional to the they proxy. A central component of MassBrowser is users. The SoP principle is based on the real-world a hard-to-block Operator service that oversees and observation [11, 20, 27, 66, 67] that the majority of enforces MassBrowser's key functionalities, particu- censored users are solely interested in blocking resis- larly, by strategically matching Clients to Buddies tance, e.g., to be able to access blocked news articles based on the preferences of Buddies and the demands 2 from Clients. teers to whitelist the categories of websites they are The following summarizes the intuitions behind willing to proxy, and the bandwidth they are willing MassBrowser's properties, which will be extensively to devote. discussed throughout the paper: QoS and Cost: Privacy Guarantees: For normal clients, Mass- MassBrowser combines several techniques including Browser provides the same level of privacy as public CacheBrowsing [29], selective proxying, and Domain VPNs/proxies and centralized systems like Lantern Fronting [19] to optimize the QoS of circumven- and Psiphon. Therefore, a Buddy can infer the Inter- tion connections while minimizing its operational net destinations of its clients, as well as their commu- costs. As shown in Section 8.2, we estimate the total nication contents for non-HTTPS destinations (fortu- cost of deploying MassBrowser to be no more than nately, major content providers such as news and so- $0.001 per active client per month. Blocking re- cial networking services offer HTTPS). On the other sistance: MassBrowser's selective proxying not only hand, a MassBrowser client can optionally compro- optimizes QoS, but is also aimed at attracting a larger mise her QoS for stronger privacy properties. Specif- pool of Buddies by providing them full control and ically, our implementation of MassBrowser supports transparency over what they proxy (we support this connecting through Tor for users who need anonymity claim by performing a user survey). Blocking Mass- in addition to blocking resistance (at the expense of a Browser's Buddies causes censors collateral damage degraded QoS). This will tunnel a Client's Tor traf- as the Buddies are normal Internet users who fre- fic through a Buddy who has opted to serve as a quently change network locations and connect from Tor bridge. Therefore, MassBrowser's Buddy soft- behind NAT. (i.e., to block a NATed Buddy, the cen- ware can be used as a pluggable transport [52] by sors will need to block the Buddy's subnet) To make Tor bridges. We evaluate MassBrowser's cost of oper- an analogy, blocking MassBrowser Buddies is equiva- ation when used as a Tor pluggable transport, show- lent to blocking (the impractically expensive) domain ing that it is drastically cheaper than meek [44], while fronted proxies. We also use state-of-the-art circum- both offering similar blocking resistance properties vention techniques to protect MassBrowser's Opera- (both meek and MassBrowser aim at increasing the tor against blocking.
Load more

Recommended publications
  • Threat Modeling and Circumvention of Internet Censorship by David Fifield
    Threat modeling and circumvention of Internet censorship By David Fifield A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor J.D. Tygar, Chair Professor Deirdre Mulligan Professor Vern Paxson Fall 2017 1 Abstract Threat modeling and circumvention of Internet censorship by David Fifield Doctor of Philosophy in Computer Science University of California, Berkeley Professor J.D. Tygar, Chair Research on Internet censorship is hampered by poor models of censor behavior. Censor models guide the development of circumvention systems, so it is important to get them right. A censor model should be understood not just as a set of capabilities|such as the ability to monitor network traffic—but as a set of priorities constrained by resource limitations. My research addresses the twin themes of modeling and circumvention. With a grounding in empirical research, I build up an abstract model of the circumvention problem and examine how to adapt it to concrete censorship challenges. I describe the results of experiments on censors that probe their strengths and weaknesses; specifically, on the subject of active probing to discover proxy servers, and on delays in their reaction to changes in circumvention. I present two circumvention designs: domain fronting, which derives its resistance to blocking from the censor's reluctance to block other useful services; and Snowflake, based on quickly changing peer-to-peer proxy servers. I hope to change the perception that the circumvention problem is a cat-and-mouse game that affords only incremental and temporary advancements.
    [Show full text]
  • Array AG 9.4 CLI Handbook
    Array AG 9.4 CLI Handbook Copyright Statement Copyright Statement Copyright©2000-2018 Array Networks, Inc., 1371 McCarthy Blvd, Milpitas, California 95035, USA. All rights reserved. This document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and compilation. No part of this document can be reproduced in any form by any means without prior written authorization of Array Networks. Documentation is provided “as is” without warranty of any kind, either express or implied, including any kind of implied or express warranty of non-infringement or the implied warranties of merchantability or fitness for a particular purpose. Array Networks reserves the right to change any products described herein at any time, and without notice. Array Networks assumes no responsibility or liability arising from the use of products described herein, except as expressly agreed to in writing by Array Networks. The use and purchase of this product does not convey a license to any patent copyright, or trademark rights, or any other intellectual property rights of Array Networks. Warning: Modifications made to the Array Networks unit, unless expressly approved by Array Networks, could void the user’s authority to operate the equipment. Declaration of Conformity We, Array Networks, Inc., 1371 McCarthy Blvd, Milpitas, CA 95035, 1-866-692-7729; declare under our sole responsibility that the product(s) Array Networks, Array Appliance complies with Part 15 of FCC Rules. Operation is subject to the following two conditions: (1) this device can not cause harmful interference, and (2) this device must accept any interference received, including interference that can cause undesired operation.
    [Show full text]
  • A Privacy Threat for Internet Users in Internet-Censoring Countries
    A Privacy Threat for Internet Users in Internet-censoring Countries Feno Heriniaina R. College of Computer Science, Chongqing University, Chongqing, China Keywords: Censorship, Human Computer Interaction, Privacy, Virtual Private Networks. Abstract: Online surveillance has been increasingly used by different governments to control the spread of information on the Internet. The magnitude of this activity differs widely and is based primarily on the areas that are deemed, by the state, to be critical. Aside from the use of keywords and the complete domain name filtering technologies, Internet censorship can sometimes even use the total blocking of IP addresses to censor content. Despite the advances, in terms of technology used for Internet censorship, there are also different types of circumvention tools that are available to the general public. In this paper, we report the results of our investigation on how migrants who previously had access to the open Internet behave toward Internet censorship when subjected to it. Four hundred and thirty-two (432) international students took part in the study that lasted two years. We identified the most common circumvention tools that are utilized by the foreign students in China. We investigated the usability of these tools and monitored the way in which they are used. We identified a behaviour-based privacy threat that puts the users of circumvention tools at risk while they live in an Internet-censoring country. We also recommend the use of a user-oriented filtering method, which should be considered as part of the censoring system, as it enhances the performance of the screening process and recognizes the real needs of its users.
    [Show full text]
  • Internet Censorship in Thailand: User Practices and Potential Threats
    Internet Censorship in Thailand: User Practices and Potential Threats Genevieve Gebhart∗†1, Anonymous Author 2, Tadayoshi Kohno† ∗Electronic Frontier Foundation †University of Washington [email protected] [email protected] 1 Abstract—The “cat-and-mouse” game of Internet censorship security community has proposed novel circumvention and circumvention cannot be won by capable technology methods in response [10, 25, 38]. alone. Instead, that technology must be available, The goal of circumventing censorship and attaining freer comprehensible, and trustworthy to users. However, the field access to information, however, relies on those largely focuses only on censors and the technical means to circumvent them. Thailand, with its superlatives in Internet circumvention methods being available, comprehensible, use and government information controls, offers a rich case and trustworthy to users. Only by meeting users’ needs can study for exploring users’ assessments of and interactions with circumvention tools realize their full technical capabilities. censorship. We survey 229 and interview 13 Internet users in With this goal in mind, the field lacks sufficient inquiry Thailand, and report on their current practices, experienced into the range of user perceptions of and interactions with and perceived threats, and unresolved problems regarding censorship. How do users assess censored content? What is censorship and digital security. Our findings indicate that the range of their reactions when they encounter existing circumvention tools were adequate for respondents to censorship? How does censorship affect the way they not access blocked information; that respondents relied to some only access but also produce information? extent on risky tool selection and inaccurate assessment of blocked content; and that attempts to take action with In addition to guiding more thorough anti-circumvention sensitive content on social media led to the most concrete strategies, these questions about users and censorship can threats with the least available technical defenses.
    [Show full text]
  • The Tor Project
    The Tor Project Our mission is to be the global resource for technology, advocacy, research and education in the ongoing pursuit of freedom of speech, privacy rights online, and censorship circumvention. 1 ● Online Anonymity – Open Source – Open Network ● Community of researchers, developers, users and relay operators. ● U.S. 50 !c)!#" non$ profit or&anization 2 Estimated 2,000,000 to 8,000,000 daily Tor users 3 Threat model: what can the attacker do? Alice Anonymity network Bob watch Alice! watch (or be!) Bob! Control part of the network! 4 Anonymity isn't encryption: Encryption just protects contents. “Hi, Bob!” “Hi, Bob!” Alice <gibberish> attacker Bob 5 6 Anonymity serves different interests for different user groups. Anonymity “It's privacy!” Private citizens 7 Anonymity serves different interests for different user groups. Anonymity Businesses “It's network security!” “It's privacy!” Private citizens 8 Anonymity serves different interests for different user groups. “It's traffic-analysis resistance!” Governments Anonymity Businesses “It's network security!” “It's privacy!” Private citizens 9 Anonymity serves different interests for different user groups. Human rights “It's reachability!” “It's traffic-analysis activists resistance!” Governments Anonymity Businesses “It's network security!” “It's privacy!” Private citizens 10 The simplest designs use a single relay to hide connections. Alice1 Bob1 E(B ob3 ” ,“X “Y ”) Relay Alice2 E(Bob1, “Y”) “Z” Bob2 ”) “X , “Z ” ob2 Alice3 E(B Bob3 (example: some commercial proxy providers) 11 But a central relay is a single point of failure. Alice1 Bob1 E(B ob3 ” ,“X “Y ”) Evil Alice2 E(Bob1, “Y”) Relay “Z” Bob2 ”) “X , “Z ” ob2 Alice3 E(B Bob3 12 ..
    [Show full text]
  • Marionette: a Programmable Network Traffic Obfuscation System Kevin P
    Marionette: A Programmable Network Traffic Obfuscation System Kevin P. Dyer, Portland State University; Scott E. Coull, RedJack LLC.; Thomas Shrimpton, Portland State University https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/dyer This paper is included in the Proceedings of the 24th USENIX Security Symposium August 12–14, 2015 • Washington, D.C. ISBN 978-1-939133-11-3 Open access to the Proceedings of the 24th USENIX Security Symposium is sponsored by USENIX Marionette: A Programmable Network-Traffic Obfuscation System Kevin P. Dyer Scott E. Coull Thomas Shrimpton Portland State University RedJack, LLC. Portland State University [email protected] [email protected] [email protected] Abstract recently, the application layer. The latter looks for spe- cific features of packet payloads that act as a signature Recently, a number of obfuscation systems have been for the application-layer protocol being transported. developed to aid in censorship circumvention scenarios where encrypted network traffic is filtered. In this pa- To combat application-layer filtering, several sys- per, we present Marionette, the first programmable net- tems have been proposed to obfuscate packet payloads, work traffic obfuscation system capable of simultane- and generally hide the true protocol being transported. ously controlling encrypted traffic features at a variety Broadly speaking, these methods fall into one of three of levels, including ciphertext formats, stateful protocol categories: those that use encryption to fully random-
    [Show full text]
  • Application Signature Database Release Notes V 4.12.41
    Application Signature Version: 4.12.41 Application Signature Database Release Notes Version 4.12.41 th -----------------------------------------------------------------------------------------------------------------------------Database Release Notes Date: 19 August,--------------- 2015 Release Information Upgrade Applicable on Application Signature Release Version 4.12.40 CR200i, CR250i, CR300i, CR500i-4P, CR500i-6P, CR500i-8P, CR500ia, CR500ia-RP, CR500ia1F, CR500ia10F, CR750ia, CR750ia1F, CR750ia10F, CR1000i-11P, CR1000i-12P, CR1000ia, CR1000ia10F, CR1500i-11P, CR1500i-12P, CR1500ia, CR1500ia10F Cyberoam Appliance Models CR25iNG, CR25iNG-6P, CR35iNG, CR50iNG, CR100iNG, CR200iNG/XP, CR300iNG/XP, CR500iNG- XP, CR750iNG-XP, CR2500iNG, CR25wiNG, CR25wiNG-6P, CR35wiNG CRiV1C, CRiV2C, CRiV4C, CRiV8C, CRiV12C Upgrade Information Upgrade type: Automatic Compatibility Annotations: None Introduction The Release Note document for Application Filter Database version 4.12.41 includes support for both, the new and the updated Application Signatures. The following sections describe the release in detail. New Application Signatures The Cyberoam Application Filter controls the application traffic depending on the policy configured, by matching them with the Application Signatures. Application Signatures optimize the detection performance and reduces the false alarms. Report false positives at [email protected], along with the application details. The table below provides details of signatures included in this release. Page 1 of 5 Document Version
    [Show full text]
  • Practical Countermeasures Against Network Censorship
    Practical Countermeasures against Network Censorship by Sergey Frolov B.S.I.T., Lobachevsky State University, 2015 M.S.C.S., University of Colorado, 2017 A thesis submitted to the Faculty of the Graduate School of the University of Colorado in partial fulfillment of the requirements for the degree of Doctor of Philosophy Department of Computer Science 2020 Committee Members: Eric Wustrow, Chair Prof. Sangtae Ha Prof. Nolen Scaife Prof. John Black Prof. Eric Keller Dr. David Fifield ii Frolov, Sergey (Ph.D., Computer Science) Practical Countermeasures against Network Censorship Thesis directed by Prof. Eric Wustrow Governments around the world threaten free communication on the Internet by building increasingly complex systems to carry out Network Censorship. Network Censorship undermines citizens’ ability to access websites and services of their preference, damages freedom of the press and self-expression, and threatens public safety, motivating the development of censorship circumvention tools. Inevitably, censors respond by detecting and blocking those tools, using a wide range of techniques including Enumeration Attacks, Deep Packet Inspection, Traffic Fingerprinting, and Active Probing. In this dissertation, I study some of the most common attacks, actually adopted by censors in practice, and propose novel attacks to assist in the development of defenses against them. I describe practical countermeasures against those attacks, which often rely on empiric measurements of real-world data to maximize their efficiency. This dissertation also reports how this work has been successfully deployed to several popular censorship circumvention tools to help censored Internet users break free of the repressive information control. iii Acknowledgements I am thankful to many engineers and researchers from various organizations I had a pleasure to work with, including Google, Tor Project, Psiphon, Lantern, and several universities.
    [Show full text]
  • 3 Censorship Resistance Through the Airport and Hand Delivering It to the User
    Edinburgh Research Explorer SoK: Making Sense of Censorship Resistance Systems Citation for published version: Khattak, S, Elahi, MT, Simon, L, Swanson, CM, Murdoch, SJ & Goldberg, I 2016, 'SoK: Making Sense of Censorship Resistance Systems', Water Treatment Technology, vol. 2016, no. 4, pp. 37-61. https://doi.org/10.1515/popets-2016-0028 Digital Object Identifier (DOI): 10.1515/popets-2016-0028 Link: Link to publication record in Edinburgh Research Explorer Document Version: Publisher's PDF, also known as Version of record Published In: Water Treatment Technology General rights Copyright for the publications made accessible via the Edinburgh Research Explorer is retained by the author(s) and / or other copyright owners and it is a condition of accessing these publications that users recognise and abide by the legal requirements associated with these rights. Take down policy The University of Edinburgh has made every reasonable effort to ensure that Edinburgh Research Explorer content complies with UK legislation. If you believe that the public display of this file breaches copyright please contact [email protected] providing details, and we will remove access to the work immediately and investigate your claim. Download date: 28. Sep. 2021 Proceedings on Privacy Enhancing Technologies ; 2016 (4):37–61 Sheharbano Khattak*, Tariq Elahi*, Laurent Simon, Colleen M. Swanson, Steven J. Murdoch, and Ian Goldberg SoK: Making Sense of Censorship Resistance Systems Abstract: An increasing number of countries implement ample, recent history suggests that the events of the Arab Internet censorship at different scales and for a variety of Spring were in part spurred by the ability of revolutionaries to reasons.
    [Show full text]
  • Massbrowser: Unblocking the Web for the Masses, by the Masses
    MassBrowser: Unblocking the Web for the Masses, By the Masses Milad Nasr∗, Anonymous,∗ and Amir Houmansadr University of Massachusetts Amherst fmilad,[email protected] Project Website: https://massbrowser.cs.umass.edu/ Abstract 1 Introduction The Internet plays a crucial role in today's social Existing censorship circumvention systems fail to of- and political movements by facilitating the free cir- fer reliable circumvention without sacrificing their culation of speech, information, and ideas; democ- users' QoS, or undertaking high costs of opera- racy and human rights throughout the world crit- tion. We design a new circumvention system, called ically depend on preserving and bolstering the In- MassBrowser, with the objective of addressing such ternet's openness. Consequently, repressive regimes, practical weaknesses of existing designs. Our sys- totalitarian governments, and corrupt corporations tem is based on a new design principle, called \the regulate, monitor, and restrict the access to the In- separation of properties," that states that circum- ternet, which is broadly known as Internet censor- vention systems should be tailored for circumven- ship. The techniques commonly used to enforce cen- tion as opposed to offering additional properties like sorship include IP address blocking, DNS hijacking, anonymity. We combine various state-of-the-art cir- and TCP content filtering [14, 35, 37, 56] to block cumvention techniques to make MassBrowser signif- access to certain destinations or to prevent certain icantly resistant to blocking, while keeping its cost forms of content from being transmitted. To en- of operation small ($0.001 per censored client per sure compliance and to detect undercover politi- month).
    [Show full text]
  • A Taxonomy of Internet Censorship and Anti- Censorship
    A Taxonomy of Internet Censorship and Anti- Censorship Draft Version December 31, 2010 Christopher S. Leberknight Mung Chiang Princeton University Princeton University Department of Electrical Engineering Department of Electrical Engineering [email protected] [email protected] Harold Vincent Poor Felix Wong Princeton University Princeton University Department of Electrical Engineering Department of Electrical Engineering [email protected] [email protected] ABSTRACT – Internet is supposed to be born free, yet it is censored almost everywhere, and severely censored in a few countries. The tug-of-war on the Internet between censors and anti-censors is intensifying. This survey presents a taxonomy on the principles, techniques, and technologies of Internet censorship and anti-censorship. It highlights the challenges and opportunities in anti-censorship research, and outlines a historical account via the lenses of news coverage in the past decade. I. INTRODUCTION Internet is supposed to be born free, yet it is censored almost everywhere, and severely censored in a few countries. Censorship is defined as the institution, system or practice of reading communication and deleting material considered sensitive or harmful [1]. Throughout history, various methods of censorship have been used to reinforce specific religious and political agendas. Technology has often served as a major obstacle and catalyst for mandating censorship. Even though technological advancement often ameliorates the inefficiencies and limitations of the past, it also can precipitate unforeseen consequences. The invention of the printing press in Europe in the 15th century is a prime example. The printing press not only increased the spread of information and knowledge but it also increased the practice and frequency of censorship.
    [Show full text]
  • Obfuscating Network Traffic to Circumvent Censorship
    Obfuscating Network Traffic to Circumvent Censorship Awn Umar MEng Mathematics and Computer Science University of Bristol May 21, 2021 Abstract This report explores some techniques used to censor information in transit on the Internet. The attack surface of the Internet is explained as well as how this affects the potential for abuse by powerful nation state adversaries. Previous research and existing traffic fingerprinting and obfuscation techniques are discussed. Rosen, a modular and flexible proxy tunnel, is introduced and evaluated against state-of-the- art DPI engines, as are some existing censorship circumvention tools. Rosen is also successfully tested from behind the Great Firewall in China. 1 Contents 1 Contextual Background 3 1.1 Information on the Internet.....................................3 1.2 Security of Internet Protocols....................................3 1.3 Exploitation of the Internet by Nation States...........................5 1.3.1 Mass Surveillance.......................................5 1.3.2 Censorship..........................................6 1.4 Ethic of Responsibility........................................7 2 Project Definition 7 2.1 Aim and Objectives.........................................7 2.2 Scope.................................................8 2.3 Vocabulary..............................................8 3 Adversarial Model 8 4 Traffic Identification Methods 11 4.1 Endpoint-Based Filtering...................................... 11 4.2 Traffic Fingerprinting........................................ 13 5 Network
    [Show full text]