Archive

Posts Tagged ‘Tor’

Telex

August 3rd, 2011 No comments

Anticensorship in the Network Infrastructure: Watch out for Telex.

 

Telex is a new approach to circumventing Internet censorship that is intended to help citizens of repressive governments freely access online services and information. The main idea behind Telex is to place anticensorship technology into the Internet’s core network infrastructure, through cooperation from large ISPs. Telex is markedly different from past anticensorship systems, making it easy to distribute and very difficult to detect and block.

What makes Telex different from previous approaches:

  • Telex operates in the network infrastructure — at any ISP between the censor’s network and non-blocked portions of the Internet — rather than at network end points. This approach, which we call “end-to-middle” proxying, can make the system robust against countermeasures (such as blocking) by the censor.
  • Telex focuses on avoiding detection by the censor. That is, it allows a user to circumvent a censor without alerting the censor to the act of circumvention. It complements services like Tor (which focus on hiding with whom the user is attempting to communicate instead of that that the user is attempting to have an anonymous conversation) rather than replacing them.
  • Telex employs a form of deep-packet inspection — a technology sometimes used to censor communication — and repurposes it to circumvent censorship.
  • Other systems require distributing secrets, such as encryption keys or IP addresses, to individual users. If the censor discovers these secrets, it can block the system. With Telex, there are no secrets that need to be communicated to users in advance, only the publicly available client software.
  • Telex can provide a state-level response to state-level censorship. We envision that friendly countries would create incentives for ISPs to deploy Telex.

Bypassing the Chinese Firewall

March 11th, 2011 No comments


There are multiple ways to bypass the Chinese Firewall, using VPN, anonymous browsers or Tor. But I prefer to use the most simple way, which for me is using an ssh tunnel.

host:~user$ ssh -D 8888 login@myserver.org

(There is also a nice GUI for those who are not familiar with the command line.)

Then I configure my system preferences to use the socks proxy on 127.0.0.1:8888, which can also be done in Firefox Network settings. (see screenshots)

As the Chinese Government also tries to block external sites, such as Youtube and Openleaks, by filtering DNS requests, it’s necessary to filter this too. One could e.g. point them to 127.0.0.1 (in system preferences) and then send through another ssh tunnel:

host:~user$ sudo ssh login@myserver.org -L 53:127.0.0.1:53

(sudo because 53 is a privileged port.)

But actually it’s easier by just hacking the firefox configuration:

Luckily, with SOCKS5 Firefox can control which side of the proxy handles DNS lookups. By default, it does the lookups locally resulting in the scenario above. To change this, set network.proxy.socks_remote_dns = true in about:config. This makes the SOCKS proxy more like a regular proxy, where DNS is handled by the remote end of the tunnel.

… or one can install iodine and tunnel all DNS requests accordingly.

Have phun!