DOCSLIB.ORG

2010 Circumvention Tool Usage Report

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
2010 Circumvention Tool Usage Report 2010 Circumvention Tool Usage Report Hal Roberts, Ethan Zuckerman, Jillian York, Robert Faris, and John Palfrey † The Berkman Center for Internet & Society October 2010 † Each co-author is affiliated with The Berkman Center for Internet & Society at Harvard University. Hal Roberts is a fellow; Ethan Zuckerman is a senior researcher; Jillian York is a staff member; Robert Faris is the director of research; and John Palfrey is a faculty co-director of the Berkman Center. We gratefully acknowledge support for this research from the U.S. Department of State via a subgrant through Internews Network (USA). The Berkman Center shares funders with some of the makers of circumvention tools such as Tor, Psiphon, Freegate and Ultrasurf. Neither the Berkman Center nor the authors of this paper have any involvement in any of the technologies or entities described in this report, including but not limited to Tor, Freegate, or Ultrasurf. Neither the Berkman Center nor the authors stand to profit in any way financially from the success of any general technology or specific tool described in this report. 1 Circumvention Tool Usage Report Hal Roberts, Ethan Zuckerman, Rob Faris, John Palfrey Berkman Center for Internet and Society at Harvard University Introduction Circumvention tools allow users to bypass Internet filtering to access content otherwise blocked by governments, workplaces, schools, or even the blocked sites themselves. There are a number of different types of these tools: blocking-resistant tools, simple web proxies, virtual private network (VPN) services, and open HTTP/SOCKS proxies. But every type of circumvention tool provides the same basic functionality – proxying user connections to provide access to otherwise blocked sites. In the following report, we use a variety of methods to evaluate the usage of the first three of these four types of tools to test two hypotheses. First, even though much of the media attention on circumvention tools has been given to a handful of tools – notably Freegate, Ultrasurf, Tor, and Hotspot Shield – we find that these tools represent only a small portion of overall circumvention usage and that the attention paid to these tools has been disproportionate to their usage, especially when compared to the more widely used simple web proxies. 1 Second, even when including the more widely-used simple web proxies, we find that overall usage of circumvention tools is still very small in proportion to the number of Internet users in countries with substantial national Internet filtering. Key Findings • We estimate that no more than 3% of Internet users in countries that engage in substantial filtering use circumvention tools. The actual number is likely considerably less. • Many more users use simple web proxies than use either blocking-resistant tools or VPN services. Of the 11 tools with at least 250,000 unique monthly monthly users, 3 are blocking- resistant tools, 1 is a VPN service, and 7 are simple web proxies. • When users search for proxy and circumvention related terms in filtering countries, they overwhelmingly search for generic proxy terms like “proxy,” and those terms overwhelmingly return either simple web proxies or sites that list simple web proxies and HTTP/SOCKS proxies, not more sophisticated tools. Circumvention Tool Types The OpenNet Initiative has documented network filtering of the Internet by national governments in over forty countries worldwide. 2 Countries use this network filtering as one of many methods to 1 We used google to search nytimes.com (eg. [site:nytimes.com freegate]) for mentions of the ten most popular circumvention tools (as documented in the body of this paper) and found the following number of mentions for the following terms: Freegate: 17, Ultrasurf: 3, Global Internet Freedom Consortium (which includes both Freegate and Ultrasurf): 15, Tor project: 8, Hotspot Shield: 7. The other six tools in the set of ten most used circumvention tools are all simple web proxies – the six combined received only one mention on nytimes.com.. 2 See the country reports, available for free online, at http://opennet.net. For a book-length treatment of this topic, see 2 control the flow of online content that is objectionable to the filtering governments for social, political, and security reasons. Filtering is particularly appealing to governments as it allows them to control content not published within their national borders. In addition to national Internet filtering by governments, many schools and businesses filter their local connections to the Internet. Many web sites even filter their own content by the geographic location their users – for example, television streaming site hulu.com blocks all users outside of the U.S. from accessing its content. All circumvention tools use the same basic method to bypass this sort of network filtering: they proxy connections through third party sites that are not filtered themselves. By using this method, a user in China who cannot reach http://falundafa.org directly can instead access a proxy machine like http://superproxy.com/, which can fetch http://falundafa.org for the user. The network filter only sees a connection to the proxy machine (superproxy.com), and so as long as the proxy itself remains unfiltered, the user can visit sites through the proxy that are otherwise blocked by the network filter. Some, but not all, tools also encrypt traffic between the user and proxy, both so that the traffic between the user and proxy is much more difficult to monitor and so, that filtering triggered by the content of the traffic (instead of merely the destination of the traffic) will not work. Despite this core similarity, circumvention tools differ significantly in many implementation details. We break circumvention tools into four large categories based on their proxy implementations. Each category of tool is distinguished from one another also by virtue of each being closely associated with a single model of financial support. The four categories of tools are: • blocking-resistant tools • simple web proxies • VPN services • HTTP/SOCKS proxies The defining characteristic of blocking-resistant tools is that they implement sophisticated methods for evading blocking by filters. A core problem for all circumvention tools is that proxy sites can be blocked just as content and other sites. China can block superproxy.com as well as falundafa.org, and then proxy requests through superproxy.com will cease working. Some tools in each of the above categories use simple forms of blocking resistance to avoid this sort of filtering—for example, a simple web proxy might maintain a list of alternative domain names to send to users in the case that one or more of its existing domain names is blocked. The tools we classify as blocking-resistant tools distinguish themselves from the other categories of tools by implementing much more sophisticated technical means of blocking resistance. 3 Ronald Deibert, John Palfrey, Rafal Rohozinski, and Jonathan Zittrain, eds., Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace (MIT Press, 2010). 3 All of these tools use the same basic method for remaining unblocked. In addition to a core of powerful proxy machines that transit and accelerate proxy traffic, these tools maintain a large pool of “disposable” front end proxies whose only job is to proxy traffic back to the core proxies. These blocking-resistant tools are able to cycle quickly through large numbers of these front end proxies as they are blocked by filtering countries, so that the user is ideally always able to 3 All of the tools in this category also require installation of a downloaded, client-side application but use the native interface of the browser for web access, unlike the simple web proxies described below. We include only a handful of tools in this category: Freegate, Ultrasurf, and Tor. All of the tools in this category are supported primarily by governmental or charitable funding. Freegate and Ultrasurf are part of the Global Internet Freedom Consortium (GIFC), a Falun Gong-associated group, and are expressly aimed at allowing Chinese people to bypass Chinese government filtering to access political content (though users in other countries use the GIFC tools as well). Tor was initially developed as an anonymity tool but is also effective as a circumvention tool. Simple web proxies are server-side applications accessed through web page forms. To use one of these tools, the user simply visits a web page that includes a form with a url input box. Instead of entering a web page url into the browser address bar, the user enters the address into the web page form. By submitting this web page form, the user sends the url request to the proxy web server, and the web server returns the page via the proxy. Simple web proxies do not require the user to download or install any client-side application. To use the tool the user needs only visit the web page hosting the proxying web application (for instance http://superproxy.com). Simple web proxies do require, however, that the user navigate the separate, form based browsing interface. Almost all of these tools support themselves by hosting ads, on either or both of the initial landing page and the banners inserted onto the top of proxied web pages. Some tools go a step further and attempt to replace ads on the requested page with their own ads. Simple web proxies were initially targeted at students in the U.S. and other countries to bypass school filtering systems, but they use the same basic proxying methods as the blocking-resistant tools and so also serve to bypass national filters as long as a given proxy is not specifically blocked by a given country. Some simple proxies have been optimized for usage in countries where the Internet is filtered by the government.
Load more

Recommended publications
  • Peer-To-Peer Protocol and Application Detection Support
    Peer-to-Peer Protocol and Application Detection Support This appendix lists all the protocols and applications currently supported by Cisco ASR 5500 ADC. • Supported Protocols and Applications, page 1 Supported Protocols and Applications This section lists all the supported P2P protocols, sub-protocols, and the applications using these protocols. Important Please note that various client versions are supported for the protocols. The client versions listed in the table below are the latest supported version(s). Important Please note that the release version in the Supported from Release column has changed for protocols/applications that are new since the ADC plugin release in August 2015. This will now be the ADC Plugin Build number in the x.xxx.xxx format. The previous releases were versioned as 1.1 (ADC plugin release for December 2012 ), 1.2 (ADC plugin release for April 2013), and so on for consecutive releases. New in this Release This section lists the supported P2P protocols, sub-protocols and applications introduced in the ADC Plugin release for December 1, 2017. ADC Administration Guide, StarOS Release 21.6 1 Peer-to-Peer Protocol and Application Detection Support New in this Release Protocol / Client Client Version Group Classification Supported from Application Release 6play 6play (Android) 4.4.1 Streaming Streaming-video ADC Plugin 2.19.895 Unclassified 6play (iOS) 4.4.1 6play — (Windows) BFM TV BFM TV 3.0.9 Streaming Streaming-video ADC Plugin 2.19.895 (Android) Unclassified BFM TV (iOS) 5.0.7 BFM — TV(Windows) Clash Royale
    [Show full text]
  • Everyone's Guide to Bypassing Internet Censorship
    EVERYONE’S GUIDE TO BY-PASSING INTERNET CENSORSHIP FOR CITIZENS WORLDWIDE A CIVISEC PROJECT The Citizen Lab The University of Toronto September, 2007 cover illustration by Jane Gowan Glossary page 4 Introduction page 5 Choosing Circumvention page 8 User self-assessment Provider self-assessment Technology page 17 Web-based Circumvention Systems Tunneling Software Anonymous Communications Systems Tricks of the trade page 28 Things to remember page 29 Further reading page 29 Circumvention Technologies Circumvention technologies are any tools, software, or methods used to bypass Inter- net filtering. These can range from complex computer programs to relatively simple manual steps, such as accessing a banned website stored on a search engine’s cache, instead of trying to access it directly. Circumvention Providers Circumvention providers install software on a computer in a non-filtered location and make connections to this computer available to those who access the Internet from a censored location. Circumvention providers can range from large commercial organi- zations offering circumvention services for a fee to individuals providing circumven- tion services for free. Circumvention Users Circumvention users are individuals who use circumvention technologies to bypass Internet content filtering. 4 Internet censorship, or content filtering, has become a major global problem. Whereas once it was assumed that states could not control Internet communications, according to research by the OpenNet Initiative (http://opennet.net) more than 25 countries now engage in Internet censorship practices. Those with the most pervasive filtering policies have been found to routinely block access to human rights organi- zations, news, blogs, and web services that challenge the status quo or are deemed threatening or undesirable.
    [Show full text]
  • Digital Authoritarianism and the Global Threat to Free Speech Hearing
    DIGITAL AUTHORITARIANISM AND THE GLOBAL THREAT TO FREE SPEECH HEARING BEFORE THE CONGRESSIONAL-EXECUTIVE COMMISSION ON CHINA ONE HUNDRED FIFTEENTH CONGRESS SECOND SESSION APRIL 26, 2018 Printed for the use of the Congressional-Executive Commission on China ( Available at www.cecc.gov or www.govinfo.gov U.S. GOVERNMENT PUBLISHING OFFICE 30–233 PDF WASHINGTON : 2018 VerDate Nov 24 2008 12:25 Dec 16, 2018 Jkt 081003 PO 00000 Frm 00001 Fmt 5011 Sfmt 5011 C:\USERS\DSHERMAN1\DESKTOP\VONITA TEST.TXT DAVID CONGRESSIONAL-EXECUTIVE COMMISSION ON CHINA LEGISLATIVE BRANCH COMMISSIONERS Senate House MARCO RUBIO, Florida, Chairman CHRIS SMITH, New Jersey, Cochairman TOM COTTON, Arkansas ROBERT PITTENGER, North Carolina STEVE DAINES, Montana RANDY HULTGREN, Illinois JAMES LANKFORD, Oklahoma MARCY KAPTUR, Ohio TODD YOUNG, Indiana TIM WALZ, Minnesota DIANNE FEINSTEIN, California TED LIEU, California JEFF MERKLEY, Oregon GARY PETERS, Michigan ANGUS KING, Maine EXECUTIVE BRANCH COMMISSIONERS Not yet appointed ELYSE B. ANDERSON, Staff Director PAUL B. PROTIC, Deputy Staff Director (ii) VerDate Nov 24 2008 12:25 Dec 16, 2018 Jkt 081003 PO 00000 Frm 00002 Fmt 0486 Sfmt 0486 C:\USERS\DSHERMAN1\DESKTOP\VONITA TEST.TXT DAVID C O N T E N T S STATEMENTS Page Opening Statement of Hon. Marco Rubio, a U.S. Senator from Florida; Chair- man, Congressional-Executive Commission on China ...................................... 1 Statement of Hon. Christopher Smith, a U.S. Representative from New Jer- sey; Cochairman, Congressional-Executive Commission on China .................. 4 Cook, Sarah, Senior Research Analyst for East Asia and Editor, China Media Bulletin, Freedom House ..................................................................................... 6 Hamilton, Clive, Professor of Public Ethics, Charles Sturt University (Aus- tralia) and author, ‘‘Silent Invasion: China’s Influence in Australia’’ ............
    [Show full text]
  • Telex | Anticensorship in the Network Infrastructure
    Telex | Anticensorship in the Network Infrastructure Eric Wustrow Scott Wolchok Ian Goldberg* J. Alex Halderman University of Michigan *University of Waterloo Background | Internet Censorship No censorship Some censorship Country under surveillance from Reports Without Borders Most heavily censored nations 2 Background | Network-based Censorship Government censors Block websites containing “offensive” content Commonly employ blacklist approach Observed techniques IP blocking, DNS blackholes, forged RST packets Popular countermeasures Mostly proxy based — Tor, Freenet, Ultrasurf, … Problem: Cat-and-mouse game Need to communicate proxy addresses to users but not to censors, or else they’ll be blocked too! 3 Our Approach | Telex Operates in the network infrastructure Components placed at ISP between the censor's network and non -blocked portions of the Internet. We call this end-to-middle proxying Focuses on avoiding detection by the censor Complements anonymity systems such as Tor Employs a form of deep-packet inspection Turns common censor technology on its head Has no secrets to communicate to users in advance Relies instead on public -key steganography Provides state-level response to state censorship We envision government incentives for ISPs 4 Telex | Threat Model Censor … controls client’s network, but not external network … blocks according to a blacklist … allows HTTPS connections to non-blocked sites 5 Telex | Overview 6 Telex | Overview 7 Telex | Overview 8 Telex | Overview 9 Telex | Overview 10 Telex | Overview 11 Details | Telex-TLS Handshake 1. Client starts TLS connection to NotBlocked.com TLS ClientHello[nonce= ] .com ked c c NotBlo 2. Station recognizes using private key, but Censor can’t tell from normal random nonce 12 Details | Telex-TLS Handshake 3.
    [Show full text]
  • For Citizens Worldwide
    EVERYONE’S GUIDE TO BY-PASSING INTERNET CENSORSHIP FOR CITIZENS WORLDWIDE A CIVISEC PROJECT The Citizen Lab The University of Toronto September, 2007 cover illustration by Jane Gowan Glossary page 4 Introduction page 5 Choosing Circumvention page 8 User self-assessment Provider self-assessment Technology page 17 Web-based Circumvention Systems Tunneling Software Anonymous Communications Systems Tricks of the trade page 28 Things to remember page 29 Further reading page 29 Circumvention Technologies Circumvention technologies are any tools, software, or methods used to bypass Inter- net filtering. These can range from complex computer programs to relatively simple manual steps, such as accessing a banned website stored on a search engine’s cache, instead of trying to access it directly. Circumvention Providers Circumvention providers install software on a computer in a non-filtered location and make connections to this computer available to those who access the Internet from a censored location. Circumvention providers can range from large commercial organi- zations offering circumvention services for a fee to individuals providing circumven- tion services for free. Circumvention Users Circumvention users are individuals who use circumvention technologies to bypass Internet content filtering. 4 Internet censorship, or content filtering, has become a major global problem. Whereas once it was assumed that states could not control Internet communications, according to research by the OpenNet Initiative (http.opennet.net) more than 25 countries now engage in Internet censorship practices. Those with the most pervasive filtering policies have been found to routinely block access to human rights organi- zations, news, blogs, and web services that challenge the status quo or are deemed threatening or undesirable.
    [Show full text]
  • Ultrasurf Traffic Classification: Detection and Prevention
    Int. J. Communications, Network and System Sciences, 2015, 8, 304-311 Published Online August 2015 in SciRes. http://www.scirp.org/journal/ijcns http://dx.doi.org/10.4236/ijcns.2015.88030 Ultrasurf Traffic Classification: Detection and Prevention Raed Al-Qura’n, Ali Hadi, Jalal Atoum, Malek Al-Zewairi King Hussein Faculty of Computing Sciences, Princess Sumaya University for Technology, Amman, Jordan Email: [email protected], [email protected], [email protected], [email protected] Received 24 June 2015; accepted 8 August 2015; published 11 August 2015 Copyright © 2015 by authors and Scientific Research Publishing Inc. This work is licensed under the Creative Commons Attribution International License (CC BY). http://creativecommons.org/licenses/by/4.0/ Abstract Anti-censorship applications are becoming increasingly popular mean to circumvent Internet censorship, whether imposed by governments seeking to control the flow of information available to their citizens, or by parental figures wishing to shield their “parishioners” from the dangers of the Internet, or in organizations trying to restrict the Internet usage within their networking ter- ritory. Numerous applications are readily accessible for the average user to aid-in bypassing In- ternet censorship. Several technologies and techniques are associated with the formation of these applications, whereas, each of these applications deploys its unique mechanism to circumvent In- ternet censorship. Using anti-censorship applications in the work environment can have a nega- tive impact on the network, leading to excessive degradation in the bandwidth, immense con- sumption of the Internet data usage capacity and possibly open the door for security breaches. Triumphing the war on anti-censorship applications has become more difficult to achieve at the network level due to the rapid updates and the adopted new technologies to circumvent censor- ship.
    [Show full text]
  • International Bloggers and Internet Control Hal Roberts, Ethan Zuckerman, Jillian York, Robert Faris, and John Palfrey
    International Bloggers and Internet Control Hal Roberts, Ethan Zuckerman, Jillian York, Robert Faris, and John Palfrey Berkman Center for Internet & Society August 2011 Each co-author is affiliated with The Berkman Center for Internet & Society at Harvard University. Hal Roberts is a fellow; Ethan Zuckerman is a senior researcher; Jillian York was a Berkman Center staff member at the time of this report; Robert Faris is the director of research; and John Palfrey is a faculty co-director of the Berkman Center. We gratefully acknowledge support for this research from the US Department of State via a subgrant through Internews Network (USA). We are grateful for the participation of Global Voices Online and for the work of those who translated our blogger survey into more than a dozen languages. We offer our special thanks to the bloggers that participated in the survey. OBJECTIVE The Internet is an increasingly contested space, particularly in countries with repressive governments. Infringements on Internet freedom, particularly through Internet filtering and surveillance, have inspired activists and technologists to develop technological counter-measures, most notably circumvention tools to defeat Internet filters and anonymity tools to help protect user privacy and avoid online surveillance efforts. The widely heralded role of online activism in the Arab spring and the increasing incidence of Internet filtering around the world have spurred greater interest in supporting the development and dissemination of these tools as a means to foster greater freedom of expression online and strengthen the hand of activists demanding political reform. However, despite the perceived importance of this field, relatively little is known about the demand for and usage patterns of these tools.
    [Show full text]
  • Ransomware: La Bolsa O La Vida (Digital) Nicasio De Tomas Channel Manager Dell Security Iberia Alex Vazquez Ingeniero Preventa Dell Security
    Ransomware: la bolsa o la vida (digital) Nicasio de Tomas Channel Manager Dell Security Iberia Alex Vazquez Ingeniero Preventa Dell Security • Algunas definiciones • Tipos de Ransomware • Breve historia del Ransomware • Canales de Propagación • Como protegernos contra el Ransonware • Seguridad basada en capas • Sonicwall NGFW – Configuración y buenas prácticas • Conclusiones y Referencias 2 Confidential SonicWALL Algunas definiciones • Ransomware (del inglés ransom (rescate) y ware (software)): es un tipo de malware que restringe el acceso a determinadas partes o archivos del sistema infectado, y pide un rescate a cambio de quitar esta restricción.1 Algunos tipos de ransomware cifran los archivos del sistema operativo inutilizando el dispositivo y coaccionando al usuario a pagar el rescate. (Source: https://es.wikipedia.org/wiki/Ransomware 3 Confidential SonicWALL Algunas definiciones(cont.) • Exploit Kit: Un exploit kit es un kit de software diseñado para ejecutarse en servidores web, con el fin de identificar las vulnerabilidades de software en los equipos cliente que se comunican con él, para explotarlas y poder transferir y ejecutar código malicioso. (Source: https://en.wikipedia.org/wiki/Exploit_kit) 4 Confidential SonicWALL Algunas definiciones(cont.) • Spear phishing: Intentos de phishing dirigidos a particulares o empresas específicas. Los atacantes pueden recopilar información personal acerca de su objetivo y aumentar su probabilidad de éxito. Esta técnica es, con diferencia, la más exitosa en Internet hoy en día, representa el 91% de los ataques. (fuente: https://en.wikipedia.org/wiki/Spear-phishing) • Drive-by download significa dos cosas, ambas relacionadas con la descarga involuntaria de software a través de Internet: 1) Descargas autorizadas por el usuario, pero sin entender las consecuencias (por ejemplo descargas que instalan un programa desconocido, un ejecutable falsificado,componentes ActiveX o Java applet).
    [Show full text]
  • Top10vpn Free VPN Risk Index
    Free VPN Risk Index: Android Apps Network Test Results App Name Publisher APK Name Major Abnormalities Minor Aberrations Major Abnormality #1 Major Abnormality #2 Major Abnormality #3 Major Abnormality #4 Minor Aberration #1 Minor Aberration #2 Minor Aberration #3 Minor Aberration #4 Minor Aberration #5 Minor Aberration #6 Minor Abberation #7 Minor Abberation #8 Minor Abberation #9 We received unexpected and possibly dangerous Your DNS resolver returns Certain TCP protocols Certain UDP protocols We detected an HTTP The detected HTTP You are listed on a results when looking up IP addresses for names are blocked in outbound are blocked in outbound We detected at least one proxy due to IP address proxy blocks malformed Not all DNS types were Hotspot Shield Free VPN Proxy & Wi-Fi Security AnchorFree GmbH hotspotshield.android.vpn 3 6 significant DNS blacklist important names that do not exist traffic traffic proxy differences HTTP requests correctly processed Your ISP's DNS server is The packet loss was The network indicated Some DNS resolvers SuperVPN Free VPN Client SuperSoftTech com.jrzheng.supervpnfree 1 3 slow to lookup names somewhat high bursts of packet loss appear to be down Certain TCP protocols Your DNS server are blocked in outbound The network indicated Some DNS resolvers accepts unusual glue Hi VPN - Super Fast VPN Proxy, Secure Hotspot VPN Hi Security com.ehawk.proxy.freevpn 0 4 traffic bursts of packet loss appear to be down records We received unexpected Your DNS resolver returns and possibly dangerous IP addresses for names
    [Show full text]
  • Strategy to Block Traffic Create by Anti Censorship Software in Lan for Small and Medium Organisation
    Proceedi ngs of the 3rd International Conference on Computing and Informatics , ICOCI Paper No. 2011,8-9 June, 2011 Bandung, Indonesia 121 STRATEGY TO BLOCK TRAFFIC CREATE BY ANTI CENSORSHIP SOFTWARE IN LAN FOR SMALL AND MEDIUM ORGANISATION Baharudin Osman 1, Azizi Abas 2, and Kamal Harmoni 3 1Universiti Utara Malaysia, Malaysia, [email protected] 2Universiti Utara Malaysia, Malaysia, [email protected] 3Kedah Industrial Skills and Management Development Centre, Malaysia,[email protected] ABSTRACT . Anti-censorship software originally develop to fight internet censorship in China. The anti-censorship software such as Ultrasurf, Freegate, Gpass, GTunnel and FirePhoenixare become popular for the stubborn user who used the internet for thier own’s purpose and disobey the poilicies . Since it is widely use by users in organisation local area network to bypass firewall policies, it become a threat to LAN organization. Hence, it cause a problem for network administrator who manage the internet utilisation and enforcing internet policies. For an organisation, uncontrolled internet usage lead the opened system vulnerability to viruses, backdoor, non-productivity activities and slow internet connection. Thus, this studies proposed strategies to filter and blocking traffic create by anti-censorship software in LAN. Method used in this project is “design computer security experiment” . Therefore, this project will guide the network administrator to control internet utilisation, protect organisation LAN and carried out implementation of the internal organization’s internet policies. Keywords : anti-censorship, block traffic, Ultrasur INTRODUCTION Computer technologies are changing rapidly. In the organization of LAN, to prevent users from accessing restricted web site and conduct activities such as downloading movie and accessing pornography web site has become a common internet policy.
    [Show full text]
  • Senate Committee on the Judiciary Subcommittee on Human Rights and the Law
    Senate Committee on the Judiciary Subcommittee on Human Rights and the Law Hearing on Global Internet Freedom: Corporate Responsibility and the Rule of Law May 20, 2008 Testimony by Shiyu Zhou, Ph.D. Deputy Director, Global Internet Freedom Consortium Mr. Chairman, members of the Committee, Ladies and Gentlemen. I would like to thank you for this opportunity to testify before you today on the topic of global Internet freedom and the Corporate Responsibility and the Rule of Law. The lack of information freedom in closed societies is usually coupled with severe violations of human rights and it also puts the United States at risk. In Iran, Cuba and certain other totalitarian countries, information control is often used for manipulation and indoctrination and whipping up anti-US sentiment, as illustrated by the xenophobia fostered online in the People’s Republic of China (PRC) following the Tibet crackdown and the Olympics Torch Relay. Violence begins with hate, and hate begins with distorted information. Information control can also cost lives. When the PRC leadership chose to suppress news of the SARS outbreak in 2002, the virus spread far beyond China’s borders to places like San Francisco, causing the death of at least several hundred victims and almost a global pandemic. The Internet has become the greatest hope for global information freedom. It is a vast, fast, and inexpensive way to access information and to communicate and the number of Internet users worldwide has soared. By January of this year, the PRC had 210 million users and has since surpassed the US, and both Iran and Vietnam were at 18 million users and growing.
    [Show full text]
  • Keyword Filtering in the Great Firewall of China
    Chinese Wall or Swiss Cheese? Keyword filtering in the Great Firewall of China Raymond Rambert Zachary Weinberg∗ Diogo Barradas∗ Nicolas Christin College of Information & INESC-ID, Instituto School of Computer Sciences Superior Técnico Computer Science University of Universidade de Lisboa Carnegie Mellon University Massachusetts Lisbon, Portugal Pittsburgh, PA, USA Amherst, MA, USA diogo.barradas@ [email protected] [email protected] tecnico.ulisboa.pt ABSTRACT 1 INTRODUCTION The Great Firewall of China (GFW) prevents Chinese citizens from Chinese keyword-based censorship of the Web is well known [13, accessing online content deemed objectionable by the Chinese gov- 24, 25, 36, 40], but no two past studies report exactly the same be- ernment. One way it does this is to search for forbidden keywords havior. For at least fifteen years, there have been regular reports in unencrypted packet streams. When it detects them, it terminates of the GFW’s keyword list being updated in response to breaking the offending stream by injecting TCP RST packets, and blocks news [e.g., 1], but the frequency and extent of these updates is not further traffic between the same two hosts for a few minutes. known. Chinese authorities now seem to be concentrating on block- We report on a detailed investigation of the GFW’s application- lists enforced by applications [28, 29, 34]. This raises the question layer understanding of HTTP. Forbidden keywords are only de- of whether keyword-based censorship by backbone routers has tected in certain locations within an HTTP request. Requests that been deemphasized or its focus changed. contain the English word “search” are inspected for a longer list In this paper, we investigate the current extent of the Great Fire- of forbidden keywords than requests without this word.
    [Show full text]