Internet Unblocking

Data smuggling software could help citizens in countries operating repressive net filters visit any site they want.

Developed by US computer scientists the software, called Telex, hides data from banned websites inside traffic from sites deemed safe.

So far, Telex is only a prototype but in tests it has been able to defeat Chinese web filters.

Telex was developed to get around the problem that stops other anti-censorship technologies being more effective, said Dr Alex Halderman, who has worked on Telex since early 2010. Many existing anti-censorship systems involve connecting to a server or network outside the country in which a user lives. This approach relies on spreading information about these servers and networks widely enough that citizens hear about them but not so much that censors can find out and block them.

Telex turns this approach on its head, said Dr Halderman: Instead of having some server outside the network that's participating we are doing it in the core of the network..

When a user wants to visit a banned site they initially point their web browser at a safe site. As they connect, Telex software installed on their PC puts a tag or marker on the datastream being sent to that safe destination.

Net routers outside the country recognise that the datastream has been marked and re-direct a request to a banned site. Data from censored webpages is piped back to the user in a datastream disguised to resemble that from safe sites.

Circumvention tools are made both by non-governmental organizations and commercial companies. This is not only to support press freedom or activism, but also based on the simple philosophy that all information on the internet should always be available to everyone. Below is a summary of the 11 best-known tools.

• Tor
Developed by the Tor Project. Worldwide, the best-known circumvention and security tool.
Pros: Easily available and easy to use. Good technical support.
Cons: Makes connections slow.

• Psiphon
Developed by the University of Toronto’s CitizenLab. Connections run via different servers in different countries, making origins hard to trace. Works on the basis of invitation by Psiphon to counter abuse.
Pros: No need to download software. Handy for use in internet cafés.
Cons: Invitation is a built-in security shell, but also an obstacle for users who don’t know anyone to arrange an invitation for them. Psiphon has no official security certificate. Makes connections slow.

• Ultrasurf
Developed by Ultrareach, partner of the Global Internet Freedom Consortium. Works as a program in Windows.
Pros: Easy to use. Leaves no trace when uninstalled.
Cons: Has a bad name because it was said to have distributed viruses in the past.

• YourFreedom
Developed by Reichert Network Solutions. Software is free, but possibilities are limited. Possible to pay for an upgrade.
Pros: Good technical support.
Cons: Possibilities of free version limited, especially for sending data.

• JAP
Developed by JonDonym, a commercial branch of the University of Dresden.
Pros: Portable, so suitable for use in internet cafés. Reliable service, open source code. Design faults can be corrected.
Cons: Still in the test phase. Makes connections slower.

• Gpass
Developed by World’s Gate, Inc., partner of Global Internet Freedom Consortium. Not only provides secure connections, but also enables encryption.
Pros: Multiple secure routes, easy to install.
Cons: Has to be installed on your computer from the Consortium website. Repressive governments block the site, making the software hard to get hold of.

• Google Cache, Reader en Translation:
Developed by Google. Handy for picking up information, not suitable for distribution from a security point of view.
Pros: Accessible from any location, as long as Google and Gmail are available.
Cons: Connection isn’t secure.

• GTunnel
Developed by Garden Networks for Information Freedom, has a long history in circumvention software for users in China.
Pros: Suitable for Microsoft Windows. User can send information using GTunnel via Tor or Skype. This double security makes internet traffic securer and more anonymous, but also slower. This can be a disadvantage in countries where internet runs via dial-up connections.
Cons: Limited number of servers available, especially in Taiwan.

• Freegate
Developed by Dynamic Internet Technology (DIT). Works using a limited number of proxy servers in Taiwan and the US.
Pros: Easy to use and can be stored on a USB stick, so also suitable for internet cafés.
Cons: More than one version of the same software available. Status unclear. Limited number of servers. Questionable security.

• Dynaweb
Developed by Dynamic Internet Technology (DIT). Originally for China, but now also used in Iran. Works on the basis of proxy servers.
Pros: Easy to use.
Cons: Proxy servers aren’t secure. Analysts can easily find out who’s using Dynaweb. No scientific data on Dynaweb’s effectiveness. Unclear what the developers do with users’ personal details.

• Hotspot Shield
Originally developed by AnchorFree. For users of unsecured WiFi connections, not specifically for people in countries with repressive governments. Hotspot Shield also carries unsolicited advertising.
Pros: Connection via VPN.
Cons: Download can always be traced on the computer, even after the software has been fully uninstalled – a risk if a computer is confiscated. Users receive personalised ads, advertisers are allowed to use cookies. Not suited for use in non-democratic countries.

Chinese internet users suspect that their government is interfering with the method they have been using to tunnel under the Great Firewall to prevent them connecting with the outside world.

Since 6 May, a number of users says that internet connections via China Telecom, the largest telephone company, and China Unicom have become unstable, with intermittent access when trying to access sites in foreign countries using a virtual private network (VPN). Even Apple's app store has been put off-limits by the new blocks, according to reports.

The disruption has mainly affected corporate connections such as universities while home connections that use standard broadband systems have been unaffected, according to the prominent Chinese technology blogger William Long.

Normally traffic flowing over VPN connections is secure because it is encrypted, meaning that the Chinese authorities were unable to detect what content was flowing back and forth over it. A VPN connection from a location inside China to a site outside China would effectively give the same access as if the user were outside China.

According to Global Voices Advocacy, a pressure group that defends free speech online, the disruption follows new systems put in place in the Great Firewall -- in fact monitoring software on the routers that direct internet traffic within and across China's borders. The new software appears to be able to detect large amounts of connections being made to overseas internet locations.

The problem has become so bad that some universities and businesses have told their users not to try to use VPNs, and only to visit work-related sites; to do otherwise could lead to trouble for the company and the users involved.

Mozilla officials have refused a US government request to ban a Firefox add-on that helps people to access sites that use internet domain names seized earlier this year.

The Firefox add-on, available on Mozilla.org, made it easy for users to access sites that used some of the confiscated addresses. It did this by redirecting them to substitute domain names that were out of the reach of US courts, such as those with a .de top level domain.

You simply type Demoniod.com into your browser as usual, the add-on's authors wrote in an FAQ explaining how it works. The browser sends the address to the add-on, the add-on checks if Demoniod.com is on the list of sites to be redirected and immediately redirects you to the mirror site.

US officials alleged MafiaaFire circumvented their seizure order and asked Mozilla to remove it. The open-source group, in not so many words, said no. Our approach is to comply with valid court orders, warrants, and legal mandates, but in this case there was no such court order, Harvey Anderson of Mozilla explained.

A vocal chorus of lawmakers and policy wonks have decried the domain seizures, arguing that the ex parte actions are a serious power grab that threaten the stability of the internet. If the US government can confiscate addresses it doesn't agree with, what's to stop China or any other country from doing the same thing?

The seizure of file-sharing related domain names by the US Government hasn't been as effective as the entertainment industries had hoped since many of them simply continued their operations under new domains. To make these type of domain transitions go more smoothly, an anonymous group has coded a simple Firefox add-on that automatically redirects users to these new homes.

ICE director John Morton confirmed last week that the seizures will continue in the coming years. But at the same time the authorities amp up their anti-piracy efforts, those in opposition are already coming up with ways to bypass them.

One of these initiatives is the MAFIAA Fire add-on for Firefox. The plugin, which will support the Chrome browser at a later stage too, maintains a list of all the domains that ICE (hence the fire) has seized and redirects their users to an alternative domain if the sites in question have set one up.

The U.S. government has developed technology that can cut through Web censorship barriers in countries like China and deliver news and information to people who don't have currently have access to it.

The Feed Over Email (FOE) system, outlined in a recent report by the Broadcasting Board of Governors, uses email to transport censored data to end users. A server encodes the required internet data (pages, files, applications, RSS feeds etc) and encodes them into an email. The end user runs a client program to decode the data into familiar internet formats.

The government hopes that FOE will allow people to receive the latest news from censored Web sites and also complement existing anti-censorship tools, according to the report. People also can use the tool to download other anti-censorship software, such Tor, Freegate, or Ultrasurf.

The technology was tested between February and June 2010 in the Chinese cities of Hong Kong, Beijing, and Shenzhen and performed well in all tests, according to the report. However, the agency said it's unclear how it will work when publicly available.

The U.S. has undertaken previous efforts to help bypass government Internet censorship, but the report marks the first public disclosure of technological efforts to do so.

Reporters Without Borders have launched the world's first Anti-Censorship Shelter in Paris for use by foreign journalists, bloggers and dissidents who are refugees or just passing through as a place where they can learn how to circumvent Internet censorship, protect their electronic communications and maintain their anonymity online.

At a time when online filtering and surveillance is becoming more and more widespread, we are making an active commitment to an Internet that is unrestricted and accessible to all by providing the victims of censorship with the means of protecting their online information, Reporters Without Borders said.

Never before have there been so many netizens in prison in countries such as China, Vietnam and Iran for expressing their views freely online, the press freedom organisation added. Anonymity is becoming more and more important for those who handle sensitive data.

Reporters Without Borders and the communications security firm XeroBank have formed a partnership in order to make high-speed anonymity services, including encrypted email and web access, available free of charge to those who user the Shelter.

By connecting to XeroBank through a Virtual Private Network (VPN), their traffic is routed across its gigabit backbone network and passes from country to country mixed with tens of thousands of other users, creating a virtually untraceable high-speed anonymity network.

This network will be available not only to users of the Shelter in Paris but also to their contacts anywhere in the world and to all those – above all journalists, bloggers and human rights activists – who have been identified by Reporters Without Borders. They will be able to connect with the XeroBank service by means of access codes and secured, ready-to-use USB flash drives that can be provided on request.

XeroBank is a communications security firm that has cornered the market on one of the rarest commodities in the world: online privacy. It specializes in communication solutions that protect its clients from all eavesdroppers.

The best-known free encryption and censorship circumvention software is also available to users of the Shelter, along with manuals and Wiki entries on these issues. A multimedia space is planned for journalists and Internet users who want to film and send videos.

The Shelter will eventually also have a dedicated website for hosting banned content. Egyptian blogger Tamer Mabrouk's reports on the pollution of Egypt's lakes, which are banned in his country, and articles that are banned in Italy by its new phone-tap law will all have a place in what is intended to be a refuge for those who still being censored.

The Shelter is open from 10 a.m. to 6 p.m. Monday to Friday. Anyone wanting to use it should make a reservation by sending an email to shelter@rsf.org.

A browser that bypasses internet censors has become the most popular way to access the Internet in Kazakhstan, a Central Asian state where sites critical of the government are often blocked.

The Norwegian developed Opera browser made by Opera Software has increased its market share sharply in the ex-Soviet state since it began to allow downloads of compressed web pages via a server outside the country, a feature designed to speed browsing.

The Opera browser is now the most popular in the country with a market share of 32%, beating out rival products from Google, Microsoft and Apple, according to statistics for March from Web analytics firm StatCounter.

The new version of Opera introduced last year, Opera 10, allows users to view otherwise inaccessible Web pages using its Opera Turbo feature designed to speed up browsing over slow connections.

Kazakhstan introduced a law last year allowing local courts to block access to Web sites whose content has been deemed illegal, a step that human rights groups say amounts to censorship.

Some of the most popular blogging websites such as Livejournal.com and Google-run Blogger.com are now inaccessible to most of Kazakhstan's 3.2 million Internet users.

Media Guardian's Innovator of the year is Austin Heap who helped create Haystack, a system for beating Iranian web censorship

Austin Heap followed the last Iranian results on Twitter, and recognised that Iran's censorship had stepped up. He sent a tweet to fellow computer geeks and made contact with Daniel Colascione, based in Buffalo, New York.

The pair worked for 72 hours without sleep to deconstruct the filtering methods of the Iranian telecommunications agency. Then they created Haystack, a censorship workaround that directed requests from computers in Iran through servers elsewhere in the world, hidden in a stream of innocent-looking traffic. They also devised technology to protect the identities of Haystack's users. All this made it possible for people on the ground in Iran to reach blocked sites safely and securely, to organise inside the country and communicate with the world.

Haystack immediately turned Heap himself into a target: the Iranian government blocked his blog, and he received death threats via Twitter and even over the phone. At times he required 24-hour police protection.

Haystack, funded by voluntary donations, landed him an invitation to the US state department, and audiences with political parties in the UK including the Labour party. As much as we've tried to innovate with technology, he said, during a recent trip to London, I think the real innovators of the year are the people with their phones, the people on the streets, the people in Iran and the other people around the world who are standing up for the human rights that they deserve. We can give them the tools, but without the people, the tools are useless.

Heap continues to work with Haystack, and has a list of countries, from Australia to Afghanistan, that he will be tackling next.

From haystacknetwork.com

Haystack is a new program designed to provide unfiltered internet access to the people of Iran. The software package is compatible with Windows, Mac and Unix systems, and specifically targets the Iranian government's web filtering mechanisms.

Haystack is not an ordinary proxy system. It employs a sophisticated mathematical formula to hide users' real Internet traffic inside a continuous stream of innocuous-looking requests. In addition to providing anonymity, Haystack uses strong cryptography, ensuring that even if users' traffic is detected, it cannot be read. Trying to find and decipher our users' traffic amidst all the other traffic on the web really is like trying to find a needle in the proverbial Haystack.

Update: Oops, somebody may have found the needle

16th September 2010. Based on article from washingtonpost.com

Haystack, a company that has created software designed to circumvent Iranian government censors, has stopped testing its program amid criticism of faulty security.

Haystack founder Austin Heap said in an interview Monday that concerns about how his much-touted software program works and whether it is secure are valid.

For the time being, we are going to stop human testing and rely instead on machine testing, Heap said.

He said in a blog Monday that the software is being reviewed by a third party and testing will resume if it passes muster.

The move comes after Foreign Policy (a division of The Washington Post Co.) technology writer Evgeny Morozov and engineers said that lax security in the Haystack program could hurt users in Iran by exposing them to government authorities.

A basement in the gray, Gothic heart of the University of Toronto is home to the CSI of cyberspace. We are doing free expression forensics, says Ronald Deibert, director of the Citizen Lab.

Deibert and his team of academics and students investigate in real time governments and companies that restrict what we see and hear on the Internet. They are also trying to help online journalists and bloggers slip the shackles of censorship and surveillance. Deibert is a co-founder of the OpenNet Initiative (ONI), a project of the Citizen Lab in collaboration with the Berkman Center for Internet and Society at Harvard Law School. ONI tracks the blocking and filtering of the Internet around the globe.

We are testing in 71 countries, says Deibert. We are testing all the time. We are the technical hub of ONI.

We started out in 2002 with China, said Jillian York, project coordinator for Berkman. The work evolved, and then with Cuba we cracked it. However, as Citizen Lab and Berkman gained expertise and resources so did the censors they battled.

We are now onto third-generation controls, York said of Internet censorship. The first generation was simple filtering, IP blocking in China, for example. The second generation was surveillance, which ranged from placing spies or closed-circuit cameras in Internet cafés to installing tracking software on computers themselves. The third generation controls combine all the above. We see it in China, Syria, and Burma. It's a very broad approach, York laments.

ONI's research and public awareness-raising provides just one weapon in the increasingly sophisticated armory that bloggers need to deploy against government encroachment. Some free-speech campaigners engage across a wide battlefront, taking on authorities in Tunisia or Pakistan, for example, to keep blogging and video platforms open. Others, like Deibert, devise tools for an individual user to tunnel beneath a firewall or slip past a digital spy undetected. He helped develop Psiphon, a free, open source application that channels data through a network of proxies to circumvent censorship. Anyone can use it. It's fast and there's nothing to download onto your computer for the Internet police to find, said Deibert.

It's a game of digital cat-and-mouse with authorities hunting down circumvention nodes, and Psiphon switching to an alternate as soon as a node is compromised. Citizen Lab launched Psiphon in December 2006 but did not have the resources to develop it further. So in May this year, Deibert and another ONI founder, Rafal Rohozinski, spun it off as a commercial enterprise. It is still free to users but charges companies to deliver their blocked content. Clients so far include the BBC and the U.S. government-funded Broadcasting Board of Governors. Social networking platforms such as Twitter and Facebook have been a boon to Psiphon and other circumvention tools like Tor, spreading node connection information among bloggers and journalists. This was evident during the media crackdown in Iran that followed the disputed June presidential elections, when Twitter proved difficult to shut down.

Chinese authorities has begun blocking the intermediate nodes and servers, directory services on the basis of the Tor anonymizing their IP addresses.

In the columns of Tor's blog can be read that the great firewall (GFW) is blocking communication with about 80% of the Tor node. Author of note also admitted that it was expected this turn of events.

Already in the middle of last year, China blocked Tor website. Therefore, the operator of the website and its creators tried to be the protection of the new Tor servers, to prevent the Chinese authorities to get into the list of public nodes - the intention is apparently failed.

Although the establishment of an anonymous connection is still possible using the remaining 20% of the nodes, but such an operation takes a long time. Author of this blog entry advises users that you run a Tor private goals (so-called bridge relays) if they want to help Chinese colleagues. This kind of goals do not appear on public lists, and thus difficult to find and block.

The U.S. government is covertly testing technology in China and Iran that lets residents break through screens set up by their governments to limit access to news on the Internet.

The feed over email (FOE) system delivers news, podcasts and data via technology that evades web-screening protocols of restrictive regimes, said Ken Berman, head of IT at the U.S. government's Broadcasting Board of Governors, which is testing the system.

The news feeds are sent through email accounts including those operated by Google Inc, Microsoft Corp's Hotmail and Yahoo Inc.

We have people testing it in China and Iran, said Berman, whose agency runs Voice of America. He provided few details on the new system, which is in the early stages of testing. He said some secrecy was important to avoid detection by the two governments.

New software aiming to circumvent web censorship in the Middle East and beyond was recently launched at a summit on blogging in Cairo. The tool "Al-Kasir" - meaning "the circumventer" in Arabic, is now available for public use in its first test version.

Developer Walid Al-Saqaf, a Sweden-based Yemeni, said he is using the device to work around government web censorship.

The tool also performs periodic checks on censored sites to track whether they remain constantly blocked or if the filtering is lifted at times. Meanwhile, users of the program can report information about filtering and blocking in their respective countries.

While primarily intended for use in Arab countries like Syria, Tunisia, and Yemen where web censorship is widely imposed, Al-Kasir can be used in any country.

Al-Saqaf explained the process of using the tool to access blocked websites.

When you open the program, you will get information about your ISP, country, etc. If someone using the same ISP as you had already reported through Al-Kasir about a blocked website and that website got approved (by the moderators), then it will be accessible by you. If not, then you could report a blocked website and then it will be moderated and if approved, it will be accessible by you as well as everyone else using Al-Kasir and accessing the Internet through your ISP.

Al-Saqaf told MENASSAT that the program only circumvents human-moderated websites that have been blocked by governments due to political or informational reasons: In other words, the program allows access to human rights and activist websites, political websites, discussion groups, and social groups. It was a tough decision to make but it was necessary because otherwise, the bandwidth and the legal constraints would be costly.

Global Voices Advocacy announce that the third update to the Anonymous Blogging guide with Wordpress & Tor is now available online!

The guide outlines several methods of protecting one's identity in order to avoid retaliation and can considerably reduce the risks that a blogger's identity will be linked to his or her online writings through technical means.

In order to provide you with the most up to date information on how to blog anonymously, the guide has been updated once again so that all the tips are compatible with Tor's recent updates.

This update introduces the Tor Browser Bundle, an open source version of a portable browser developed by Tor Project, that lets you use Tor with zero install. Tor Browser is a great pre-configured Tor bundle with self contained Mozilla Firefox browser for USB drives or any other portable media (SD Card, Hard Drives, Compact Flash Card).

If you're going to pursue your blogging activities primarily from shared computers (like cybercafe computers) or if you're unable to install software on a computer, please follow the steps on how to run Tor Browser Bundle without needing to install any software.

The update includes tips on how to acquire the Tor bundle if your internet connection blocks access to the Tor website. It also includes tips on what to do if you encounter problems connecting to the Tor network.

Please link to it, download it and help disseminate this important information. Feel free as well to help us translating the guide into your own language.

Herdict Web crowd sources reports from users to discover, in real time, what users around the world are experiencing in terms of internet website blocking.

Herdict is a named coned from joining ‘herd' and ‘verdict.'

Using Herdict Web, anyone anywhere can report websites as accessible or inaccessible. Herdict Web aggregates reports in real time, permitting participants to see if inaccessibility is a shared problem, giving them a better sense of potential reasons for why a site is inaccessible. Trends can be viewed over time, by site and by country.

Herdict Web is the brainchild of Professor Jonathan Zittrain (The Future of the Internet: And How to Stop It) and is part of The Berkman Center for Internet & Society.

Scroogle is a web service that disguises the Internet address of users who want to run Google searches anonymously.

Scroogle also gives users the option of having all communication between their computer and the search page be SSL encrypted.

The tool was created by Google critic Daniel Brandt who was concerned about Google collecting information on users, and set up Scroogle to filter searches through his servers before going to Google: I don't save the search terms and I delete all my logs every week. So even if the feds come around and ask me questions I don't know the answer because I don't have the logs any more. I don't associate the search terms with the user's address at all, so I can't even match those up.

Traffic has doubled every year and as of December 2007, Scroogle had passed 100,000 visitors a day.

Besides anonymous searches, the tool allows users to perform Google searches without receiving Google advertisements. There is support for 28 languages, and the tool is available as a browser plug-in.

Regular web users can now access anonymously-published websites that are masked by Tor's hidden services thanks to a new tool called tor2web.com.

The tool, created by former Reddit developer Aaron Swartz and WikiScanner creator Virgil Griffith, enables people to view these hidden websites (designated by the .onion domain suffix) without diving into Tor, which can be a pain for casual surfers.

The creators hope that the existence of tor2web will encourage more organizations to publish content anonymously through Tor, now that such a heavy access restriction has been lifted.

The Tor project is most famous as a tool that allows Internet surfers to access websites privately and anonymously from within the onion router. Put simply, it works by passing your requests to another node that acts as a middleman between you and a website, which in turn passes the request onto other nodes, and so on. Every step is encrypted except for the final exit node to the content server connection, and the network is run almost entirely by volunteers.

Tor's hidden services allow web publishers to publish content anonymously so that law enforcement (and general snoopers) can't detect where the information is coming from. The only problem with publishing websites under Tor is that they can only be accessed from within Tor, meaning that the available audience at any given time is infinitesimally small compared to the overall Internet-using population. This is the problem that Swartz and Griffith hope to address with tor2web.