Users Flock To Firewall-Busting Thesis Project

itwbennett writes "Daiyuu Nobori, a Ph.D. student at Japan's Tsukuba University designed 'VPN Gate' to help individuals in countries that restrict Internet use circumvent government firewalls. The service, which has drawn 77,000 users since its launch last Friday, encourages members of the public to set up VPN servers and offer free connections to individual users, aiming to make the technology more accessible. Nobori had originally planned to host the service on his university's servers, but they have been down recently so he switched it to the Windows Azure cloud platform. He has spent about US$9,000 keeping it up so far."

Windows Azure?

[ickleberry]

MS are probably providing it for free or half nothing to get their name stuck to such an interesting cool 'rebellious' project

Re:

[Anonymous Coward]

Maybe. And if they are, good for them.

Re:

[MLCT]

The same MS who collude with the Chinese government to enable monitoring of dissidents on skype?

Re:

[Em Adespoton]

The same MS who collude with the Chinese government to enable monitoring of dissidents on skype?

You need to read The Sneetches -- Microsoft's just a company of "fix-it-up chappies." Note that both the US and China have stars upon thars :D

Public list of VPNs?

[schneidafunk]

"His service maintains a public, real-time list of freely available VPN servers for users to choose from" - What's to stop a country (say Iran) from blacklisting the public list of VPNs?

Re:

[Beavertank]

How would the project still be useful? By updating with new, unblocked VPNs? Then Iran (or similar country) can block those, too. Assuming the country in question isn't bright enough to automate the process then there may be a window of usability, but even then it would be quite brief.

If you're so sure your comment is good, and only "morons" can complain about the topic, then why post AC?

Re:Public list of VPNs?

[bluefoxlucid]

Yes it's called "Potential Problem Analysis" and it's what's done by people who actually know how to get things done and not find themselves falling down a hole with no idea what went wrong or how they're going to get out of it.

Let's try Tor:

Supply a list of Tor connection nodes at

Potential Problem Analysis: "What if China blocks those 4 IP addresses on their firewall?"

You: "Stop being morons, stuff like this is still useful." (6 months later) "Oh, shit. Well uh, start distributing updates. Oh, they're getting shot down too. Uh."

Intelligent people: "Hmm, that could be a problem. China probably will do that when they see the circumvention, so Likelihood is 'HIGH'. It'd be crippling, so Severity is 'HIGH'. We should make it part of the protocol to be able to trade information about the network, but not force synchronization of full information, that way the network won't have desync issues and it also will be harder to insert nodes on the network to quickly collect a list of all nodes and block them all."

Another Potential Problem, in this case, is that the VPNs are direct and traceable--the country may leave the list of VPNs accessible, track it, and track connections to those addresses. Then they know who the offenders are. In that case, this project would still be useful: Iran could find the Blasphemers, come to their house at night, and behead them.

Re:

[jbolden]

Well written response. You have a very good point. That circumvention only works well in governments with a rather democratic judicial system where circumvention is not in itself a crime.

Re: Public list of VPNs?

[Pale Dot]

Well written response. You have a very good point. That circumvention only works well in governments with a rather democratic judicial system where circumvention is not in itself a crime.

Ironically the system is likely to be more useful in Japan, which recently enacted one of the the toughest laws against online copyright infringement in the (relatively) free world, punishing even mere downloaders with jail time.

Re:Public list of VPNs?

[flyingfsck]

Exactly. That is the whole problem with VPNs. They only work till they get popular.

Re:

[Anonymous Coward]

I suppose in this case they'd have to be constantly scanning the list and updating the national firewall rules. It's a dynamic list of participants hosting VPN service.

My question is more Tor-like in nature... how do you prevent people from doing something illegal (in the host country, like the US) through your connection?

I'd be happy to let someone in China read and post from behind the great firewall, but I obviously don't want strangers sending death threats, looking at child porn, etc. through my home I

Re:

[jonadab]

It's not difficult to get a list of IP ranges corresponding to China. Allow connections only from those addresses, and now only people in China (or people who have an account on a computer in China) can use your VPN to look at child porn through your connection.

If that's not good enough, you can do your own content filtering. If you only filter things that are illegal in your country, people in China can still use your VPN to look at things that are completely legal in most of the world but which the Grea

Re:

[bluefoxlucid]

What's to stop a country from declaring this an act of war? The information blocked is considered harmful as a matter of national security; the people trying to push circumvention software are illegally smuggling propaganda that damages national security. These people have some delusion about how "it's not an act of war because it supports human rights" (I had that argument a few times--as if marching into a country to free a brutally abused people is not an act of war either?); but the truth is that the

Re:

[PoolOfThought]

Use of the VPNs is not limited to people in a particular repressed country. A given repressed citizen in country C might be part of the intended audience should they want to use it, but it's not ONLY for them nor is it only for citizens of C. That is, it is not TARGETED. Acts of War are targeted. You don't commit an act of war at no one in particular. Invading a country (even to help the populace get out from under an "evil" dictator) may still be an act of war (probably is) - but running a VPN available to

Re:

[jbolden]

Inciting rebellion is not an act of war. It is a hostile act but one that falls short of an act of war. Other than that your analysis holds up.

It might be stretch meet the definition of international terrorism, i.e. a government attempting to pressure another government into change of policy by threatening its hold on its territory. But armed bands are required for an actual act of war.

Re:

[bluefoxlucid]

Language is a funny thing. An "Act of War" would be anything that is an attack.

Let's try deconstructing this.

Country A engages in passive-aggressive, non-hostile circumvention activities that cause trouble for Country B. Country B views this a destabilizing: a perceived, potential, or real rebellion is occurring as an indirect cause, which is threatening to the national security of Country B.

Country B correlates the actions of Country A with the destabilizing results, and thus declares that Country B

Re:

[jbolden]

Sorry, that's not an attack. Yes it does matter. Yes we will blame B and not A if B starts a war because of an act of circumvention, Country B is the one who first initiated an act of War. A's actions are hostile but they are not acts of war. There is a difference between a hostile act and an act of war.

A is free to encouraged armed groups to attack B without it rising to an act of war.
A is free to even pay for armed groups to attack B without it rising to an act of war.
When A starts hosting armed groups

Re:

[bluefoxlucid]

I'm free to go on MySpace and taunt 12 year old girls until they commit suicide, and it's not an act of murder. At a point in my life I got *quite* good at manipulating peoples' emotions to injure folks that pissed me off.. but that became distasteful. It'd be relatively easy to carry out an intentional serial murder spree that way, though. Not to mention it's been done.

No consequences because people are too stupid to recognize an attack for what it is when you wrap it up in a fancy sheet.

Re:

[Runaway1956]

"A is free to even pay for armed groups to attack B without it rising to an act of war."

I was agreeing with you, until that sentence. Sorry, if I'm paying someone to invade someone's country, then that really is an "act of war". If/when that country learns what I'm doing, and if they have the capability, I fully expect that country to come after me. Actually paying armed forces to attack someone rises well above mere "aiding and abetting". Offering those forces humanitarian assistance might cross that l

Re:

[jbolden]

That's why I used that example. It has been tried. No it is not an act of war. The criteria is strict.

Re:

[ethorad]

I assumed that essentially paying a group of mercenaries or contractors to invade someone without using your own formal government troops would still be considered an act of war. Otherwise why not rename the army to the "Army plc" and claim that although they do tend to do a lot of contract work for the government they are an independant company. So sorry that they decided to invade your country but it's not an act of war so feel free to try and sue them in the US courts - good luck.

Do you have a referenc

Re:

[jbolden]

Well the difference is that an army needs a base of operations. A group of contractors based in America is still an American army. A group of contractors funded by American based in Argentina is an Argentinian army.

If you want an example US v. Nicaragua. The USA argued we could attack Nicaragua because they were funding rebels.

Re:

[ethorad]

I would be surprised if a group of contractors funded and directed by American sources but who happen to live in Argentina would be classed as Argentinian, but then I'm not a lawyer and there's lots about the law that surprises me. One example would be Hezbollah - they are based in Lebanon but believed to be funded by Iran, and so what they do is often considered to be done by Iran not by Lebanon.

With the US v Nicaragua point, I've never really known much about what went on with Reagan and the Contras, but

Re:

[jbolden]

OK good, you get the point that act of war is stronger.

In the case of Hezbollah the claim of the Lebanon is that the Lebanese army is weaker than Hezbollah. That is Lebanon is not the sovereign agent over South Lebanon / Hezbollah territory. Since Hezbollah does not answer to the Lebanese government that territory is now either:

a) Under the control of a rebel army group
b) Occupied territory.

Since Hezbollah does answer to Syria / Iran technically the world treats Southern Lebanon as occupied territory.

Re:

[ethorad]

Thanks for the information. I don't have mod points at the moment (and couldn't mod in here now anyway) but have an informal +1 informative from me anyway :)

Re:

[UnknownSoldier]

Only cowards attempt to use censorship.

People / Groups / Countries / etc., that hold onto archaic thinking should be named and shamed for their stupidity.

Re:

[DarkOx]

Making a VPN or something like tor available is not an act of war because its passive. Its the people using the VPN to violate their countries laws that are breaking laws. Is Colt manufacturing guns an act of war against China? No obviously but say furnishing them along with a full range of modern navy equipment to Tiwan at rock bottom prices might be; except no even that is not so interpreted in that way.

I don't see to many nations declaring Voice of America and act of war either even though that is ost

Re:

[bluefoxlucid]

Invasions have happened over passive acts such as manufacturing guns in a neighboring country that just happen to get across the border because rebels in that country cross the border, get guns, and come back. Hey I'm not selling guns to your country, it's your own people breaking the law...

Re:

[Colan]

Since the list of VPN servers would be changing, at least to some degree, it seems that the blacklist would have to be constantly adjusting to keep up with the service.

Re: Public list of VPNs?

[Urza9814]

So, what, they don't have the technology to write a three line bash script and a cron job to run it every half hour?

Re:

[SuricouRaven]

Reposting. The list of VPNs can be sent via email, IM, public forums, be spammed in comments on popular sites*, read over the telephone, or passed on paper between friends. Updates spread in a similar way. Censors would be hard-pressed to keep up. It could be done, but it'd be expensive and the need for haste would inevitably lead to mistakes which could block legitimate sites and inspire public dislike of the censor system.

*Irony points if state-sponsored media.

Re:

[alendit]

Host it on I2P then.

So...

[pushing-robot]

(a) we already have TOR and other services
(b) this guy makes a nice, handy list of server IPs for oppressive governments to block.
(c) I doubt he will come to your aid when folks use your connection for [piracy|drug deals|child porn|planning a terrorist attack].

Re:So...

[pipatron]

Yeah, this is pretty insane. Tor already does this FAR MORE SAFE. Not only does it give governments a nice list of server IPs, it gives governments a nice way to catch offenders.

Re:

[Sparticus789]

Apparently they give out PhD's for reinventing the wheel. In that case, my PhD Thesis will involve flying a kite during a lightening storm.

Re:

[the eric conspiracy]

You would be the first to survive that.

So it doesn't count as re-invention.

(and no Franklin didn't actually fly a kite in a lightning storm).

http://www.youtube.com/watch?v=BwZjm6SSTLw [youtube.com]

Re:

[Anonymous Coward]

Responses to your points as follows:
(a) Yes, this is just another alternative.
(b) Tor publishes their exit and entry node lists, and the bridge nodes are obviously discoverable. How is this any different?
(c) Neither will Tor, but they do have a handy paper you can give to the police which explains that you were sharing your uplink. Perhaps a VPN provider would help?

Re:

[griffjon]

b) Exit nodes don't matter for blocking purposes. Bridge nodes are discoverable, but Tor has made them difficult to discover the complete set, https://bridges.torproject.org/ [torproject.org] (or, since that'll be blocked in most useful places, emailing bridges@torproject.org with the "get bridges" in the body) only gives out a few at a time with a captcha requirement, and only sends to https-enabled webmail hosts.

Tor also has an unknown number of private bridges people run and disseminate through their own channels to frie

Re:

[griffjon]

...and Tor provides much higher privacy for the user, with related tools like leave-no-trace bootable-thumbdrives (TAILS) , and is much, much harder to block than a VPN (Iran just this week decided to restrict all VPN traffic).

Also, basing this off of Windows means that rapidly throwing up new servers is a bit more cost-prohibitive and licensing-restricted than flipping on an Amazon EC2 tor image (not using your free ec2 slot? go here: https://cloud.torproject.org/ [torproject.org] ) , or hosting a tor server on a cheap VPS

$9000 in the hole

[roman_mir]

He needs help, because he can't operate that for a loss indefinitely. This is where a currency like Bitcoin can actually be very useful, to make payments across borders without having to go through any official banking methods. He should be able to collect some money from his operations and people who will find his services useful will pay some amount to help him keep it up.

Re:

[roman_mir]

Genious! And really his VPN clients should just save the money and use the Internet like everybody else does, because you know, they can.

Think of the Canadians

[CohibaVancouver]

What *I* want to know is when someone is going to implement a system to help we poor Canadians freely access Hulu and US-Netflix. The pain of being unable to view SNL archive clips is unimaginable to the average American.

Re:

[aristotle-dude]

What *I* want to know is when someone is going to implement a system to help we poor Canadians freely access Hulu and US-Netflix. The pain of being unable to view SNL archive clips is unimaginable to the average American.

Are you really that cheap? Really? It only costs 5 bucks per month to "unblock" "us" content. That will give you access to US-Netflix and Hulu. I access both US Netflix and Hulu Plus from Canada. If you want to access Hulu Plus, just use your Canadian (non-prepaid) credit card to sign up but take the DIGIT portion of our postal code and then add additional digits (try zeros) until it becomes a valid ZIP, then find the city and state that zip corresponds to and enter that in as your billing address city and

Re:

[Zalbik]

That doesn't work when they're using IP block look ups to limit access, even if you have a valid US paid account.

No....but the services mentioned must not do that as it does work. I use unblock-us daily and it works perfectly with Hulu and Netflix US.

Re:

[tlhIngan]

Beverly Hills, 90210. It's not just the name of a show, but a real city and zip. And if you can't guess the state, well, you probably don't deserve it!

Re:

[aristotle-dude]

Are you really that cheap? Really? It only costs 5 bucks per month to "unblock" "us" content. That will give you access to US-Netflix and Hulu. I access both US Netflix and Hulu Plus from Canada. If you want to access Hulu Plus, just use your Canadian (non-prepaid) credit card to sign up but take the DIGIT portion of our postal code and then add additional digits (try zeros) until it becomes a valid ZIP, then find the city and state that zip corresponds to and enter that in as your billing address city and state. You can keep your street address the same as your real billing address.

Rogers and other Canadian ISP's will suspend your service if they detect you are using a VPN. Read the small print. I've had several friends get their internet shut off for this exact thing.

It is not a VPN. They provide a DNS server. But I have to call bullshit on your "story" about your friends. Working from home would be cut off all the time for using VPNs. Seriously, your story is bullshit.

Re:

[jhobbs]

Think of the who?

No thank you, I prefer to be much more ethnocentric than that. I mean, they say 'aboot'. Its like they are from another country or something.

Re:

[motd2k]

Overplay.net SmartDNS handles this for $5/month, letting you easily switch between all the different Netflix locales at will. I don't think many people use traditional proxies/VPN for netflix anymore.

Re:

[antdude]

U.S. Proxies!

Academics have shared access for a long time

[damn_registrars]

This isn't particularly new in academia. People from various universities have often shared access in order to grant their colleagues access to journals that their less-well-funded institutions did not have.

Re:$9000! Really?

[localman57]

Because if you don't spend up all the money budgeted to your department, you can't apply to get more next year?

Sigh, I know I wasn't this cynical back in my 20's...

God damn that expensive

[stewsters]

Wait, 77,000 / 9000 = 8 people per dollar spent? 9000 and only launched last Friday? How much does Azure cost to operate? Throw together a cheap php site or something for $20 a month.

Re:

[SuricouRaven]

He probably paid for high-bandwidth unlimited hosting for a few months in advance.

Good, still not enough.

[Corwn of Amber]

Yeah, so, one more sort-of-TOR, but with fixed servers in easy-to-raid locations.

They don't get it.

There is ONE way to make a REALLY resilient network. It's been proven over and over.

NO. CENTRAL. COMMAND.
MESH EVERYTHING.
ROUTE ERRYTHING BY DHTs.
ALL NODES EQUAL PEERS. With the same capabilities. All nodes are routers. All nodes are relays. All nodes are bridges. All nodes are cell towers. Until we get rid of telcos/ISPs, all nodes are gateways, too.

Like TOR, but if everyone were a bridge and an exit relay and a cell tower.

THAT is unstoppable. Else there WILL be censorship and control and criminalization and destroyed lives like Aaron Swartz's.

already blocked

[seshomaru samma]

His website http://www.vpngate.net/en/ [vpngate.net] is already blocked in China