Peacefire & VOA need tech help to defeat China Firewall

John Gilmore gnu at toad.com
Thu Jan 23 05:30:57 EST 2003 

From: "Bennett Haselton" <bennett at peacefire.org>
To: <list-peacefire-broadcast at osiris.978.org>
Sent: Monday, January 20, 2003 6:26 AM
Subject: volunteers to help work on anti-censorship technology

[You are receiving this after signing up for membership in Peacefire at
http://www.peacefire.org/join/.  To unsubscribe yourself from this list and
cancel your Peacefire membership, see unsubscription instructions at the
end of this message.]

Happy New Year to everybody -- sorry it's been an unusually long time since
the last Peacefire newsletter, but the good news is that there are big
things coming in 2003.  Peacefire has joined forces with Voice of America
<http://www.ibb.gov/>, a federal agency that used to do pro-democracy radio
broadcasts into communist Eastern Europe and Asia, and is currently still
broadcasting into China while branching out into finding ways to defeat
Internet censorship.  They've contracted with us to help defeat the "Great
Firewall of China", the firewalls put in place by the Chinese censors to
block people in China from reading foreign Web sites that criticize the
Chinese government.  The technology could be extended to help people in
other regions such as the Middle East where the Internet is heavily
censored.

This is the kind of project that I hope many tech-savvy members will be
able to help with, one way or another.  Personally I think this may be one
of the most important things I ever get to work on, if not *the* most
important.  To a lifelong puzzle-hobbyist, it's like a dream: working on a
problem that's like a giant, open-ended puzzle that's never been completely
solved, where the answer could help millions of people around the
world.  As for working on the problem itself, it requires some technical
knowledge, but not a lot; I coach a high school math team and I've worked
on some of these problems with the students in the math club.  I could do
that since there's nothing classified about the solutions to the problem
that VOA has asked us to find, because our strategy is to assume the
Chinese censors will be able to "take apart" the software and figure out
how it works anyway, so we should publish all the details of how it will
work, and encourage people to try and find ways to defeat the system.  Only
if the complete design is published and nobody can find any flaws that
would enable the censors to attack it, then we go ahead with building it
according to that design.

One of the first papers I put out as part of the project, was about the
common pitfalls and problems with many existing "anti-censorship" systems:
http://www.peacefire.org/circumventor/list-of-possible-weaknesses.html
If you can follow most of the discussion on that page, you'd probably be
able to help.  It's less about technical knowledge, and more about looking
at a given problem through new angles, so it's an ideal technical project
for young people to contribute.

There are several existing anti-censorship projects out there, made by
companies including SafeWeb, DynaWeb, and a self-described hacker coalition
called Hacktivismo, all of which have contributed some valuable insights,
but many of their designs fall prey to the attacks listed at the URL
above.  Also, none of the other groups working on this problem have
published the details of how their proposed solutions work, so there may be
other problems that haven't come to light yet.  (If any of their programs
ever came to represent a serious threat to the Chinese censors, the Chinese
government would almost certainly "take it apart" to find out how it works
and find any exploitable weaknesses, so keeping the design secret is really
just delaying the inevitable.  This is why our strategy is to publish the
design in advance, and only proceed with it if no one is able to find a
weakness in the design, even knowing all the details of how it works.)

One good question that nobody has asked me, but some people probably will,
is why I would be asking people to contribute ideas for free, if VOA is
paying me.  I would say that even if you subtract all the hours per week
that VOA has paid for at a normal programmer's salary, that still leaves a
lot of hours every week that I'm working on the project, which could be
considered "donated" time (not to mention all those years with Peacefire,
which is how VOA heard about us in the first place :) ).  In any case, it's
up to each individual person whether they want to help.  Besides, the most
important part of the process is to have many reviewers look at the
software design and try to find flaws that the censors could exploit, and
that doesn't take any minimum time commitment.

As part of this project, Peacefire is probably going to move towards fewer
consumer-reports-style pages about what blocking software really blocks,
and more towards work on anti-censorship technology.  We will still help to
publicize the problems with blocking software, especially when the Supreme
Court decides this year whether the "Children's Internet Protection Act" is
constitutional, which requires blocking software to be installed on all
computers used by children *or* adults, in any library that receives
federal funding.  But for the most part, most people who are paying any
attention at all, have gotten the message that blocking software is sloppy
and often politically motivated.  Plus, many other research groups are now
also doing studies on the problems with blocking software.  On the other
hand, developing secure anti-censorship technology is still something that
no group has ever pulled off completely, and I think we're in a position to
do it.

If you'd be interested in working on the design for an anti-censorship
program, you might want to check out the URL above.  Some other recommended
reading on how the design has evolved so far, most of which is about
pitfalls in existing systems, pitfalls that our design should avoid:

Problems with using a "distributed cloud" of circumvention points to defeat
Internet censorship:
http://www.peacefire.org/techpapers/distributed-cloud.html
An attack that can be used to map out a peer-to-peer network of machines
being used as circumventors:
http://www.peacefire.org/circumventor/peer-to-peer-map-out-attack.html
An attack that can be used against Anonymizer-type Web sites even if they
encrypt page contents using HTTPS:
http://www.peacefire.org/circumventor/fingerprinting-sites-downloaded-over-h
ttps.html

As you'll notice if you read those, all the stuff so far has my name on
it.  Let's do something about that :)  If you'd be interested in
contributing in any way, email me at bennett at peacefire.org with some
information about your background if you want (even though no background is
necessary).  We'll be setting up a separate mailing list to discuss the
strategies for anti-censorship software, and anybody can contribute ideas
for possible attacks against the anti-censorship that the censors might use
-- so that we can be sure to take those into account when designing the
system.

It's eerie, thinking about the political implications of something like
this, the number of people it could possibly affect.  This is the biggest
project Peacefire has undertaken, but no individual person's contribution
is too small.  So contact me and check out the URLs if you're interested.

-Bennett

bennett at peacefire.org 425 649 9024 http://www.peacefire.org

------
To leave Peacefire and unsubscribe yourself from this list, send an empty
message to:
list-peacefire-broadcast-unsubscribe at osiris.978.org
The only requirement for being a member of Peacefire is to be subscribed to
peacefire-broadcast, but if you unsubscribe from this list you will no
longer be a member.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list