The first workshop I attended was on circumvention – and it was a real roll-call of the various projects involved in providing for circumvention of filtering and blocking. We had Peacefire, Anonymizer, TOR, Psiphon, DynaWeb, Tactical Tech and more…
Note: this post needs links, but is otherwise mostly complete
Peacefire – two tools, CGI-proxy on Windows machine (if you have a friend outside that you can run through). Second one is emailing out new circumvention sites (assumes infiltration, so only works for a while).
Dynaweb – Having problems in sustaining the network (finance needed).
Psiphon (personal proxy system, similar to other projects) – collapsed into one, installable application (for the uncensored application) and info forwarded to the colleague in the censored country. Upcoming – support for YouTube/GMail. Has to parse/rewrite for the user and this was difficult. Virtually you have to offer such service for every
Tor: anonymity network – 800 volunteer servers around 100k to 200k users. Funded by US Navl Research Lab, EFF, VoA, etc. Plan: Take volunteer users, give them a button, sign up as ‘bridge’ volunteer – China connects to bridge to rest of Tor network – 10kb/s (nothing on broadband) simple passthrough. 30,000 volunteers. How do we let the good guys get access without letting the bad guys learn all the addresses. We should separate the two parts – (a) relay and (b) discovery.
Gives us idea of the arms race – China not cracking down on every possible approach – just the more popular!
How do we solve the discovery problem. 1 – private bridge (social network) – you can give multiple and as long as one is reachable, they can then report the errors (and automated through client). 2 – open sign up is dangerous. The smarter approach is to divide the bridge operator into different pools. Limit through time, resources, etc. Email list approach (every three days).
US filtering companies are better at blocking than the governments. (Hardly a surprise!)
Commercial entitles also blocking anonymizer etc. Anonymizer’s CEO said that businesses who want to reach them often can’t (due to corporate filtering) so they circulate an alternative URL!
A very interesting point: “Encryption is allowed because it helps e-commerce” – so we need a case for circumvention that is not just about circumvention! i.e. legitimate use that can allow a Chinese user to point to a non-restricted use. A few people mentioned that circumvention/anonymising should be built in as a default – and that ‘Western’ users should use the software too as a normal, everyday thing (even as simple as a proxy to protect against spyware).
Anonymizer mentioned that the utilisation (of their software) by commercial interests has gone from 1-2% to 80% of revenue!
On anti-anti-circumvention techniques, it was noted that developers don’t necessarily want to show all their tricks until it is needed – hold back as long as you can while being effective.