Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Censorship

Infranet: Circumventing Web Censorship 103

edsonw writes "In this paper presented at the 11th USENIX Security Symposium, Feamster et alii presented a method that provide access to censored sites while continuing to host normal uncensored content, using covert communication and steganographic techniques." The Infranet webpage has some more information. No public code yet, though.
This discussion has been archived. No new comments can be posted.

Infranet: Circumventing Web Censorship

Comments Filter:
  • Mmmm... (Score:3, Funny)

    by Vardan ( 172720 ) on Tuesday August 20, 2002 @10:23AM (#4104911)
    Yay! Porn at work for everyone! Umm...I mean, yeah, I hate censorship. And stuff. *g*
    • Even the RIAA may come to appreciate technology like this after they're blacklisted everywhere...
  • by Anonymous Coward
    In order to enjoy the once free ("not as in beer but as in freedom) Internet, the average user has to sneak around like a criminal.

    Information doesn't want to be free
    Information just wants to be

    • I'm always surprised that the freedom thing comes up in these discussions. Look at the web page that this thing links to. It starts out mentioning that many "countries and companies" [sic] "routinely apply blocking".

      Uh huh. And then, in the footnotes you'll find the literature references which almost exclusively point to repressive regimes.

      It's pretty rare that you see privacy advocates point to blocking measures being used to increase privacy. In the case of corporations, that includes privacy w.r.t. corporate secrets, as well as privacy w.r.t. the internal infrastructure (think viruses, worms, JavaScript "window.open" bombs, etc).

      For some reason, it never occurs to some privacy advocates that even at the individual level, blocking can be beneficial.

      The most interesting discussion, on how democratic controls should be applied to the filtering, is rarely held.

      I'm stuck in corporate hell. If dozens of users beat down my door with requests to block porn spam, then I'm not just legally justified in blocking the shit, but also morally.

      It's rare that people are actually offended by it. More often than not, it's just because they lose work because they open an e-mail, and their system just locks up under the load caused by all the window.opens.

      I'm fully aware that some corporate sysadmins are moralistic dorks. But I'm quite offended by the insinuation that by blocking certain web sites I'm somehow taking away my users $DEITY given rights to view certain information crucial to their civil rights.

      Oh well. All evidence points to the conclusion that .mil and .k12.state.us have given up any expectation of effective censorship, for the good or for the bad. The amount of porn spams hitting my company from .mil or k12 institutions is just shocking, and maybe corporations should follow the lead of the government in just doing away with firewalls and let Al Qaida and the spammers sort it all out through economic darwinism.
  • hmm, a proxy server in hiding, eh? What will they think of next?

    Seriously though, could the technology used to view the content, not be used by the very entity trying to prevent it's use to detect and block sites using the technology?
  • Transparency (Score:3, Interesting)

    by zmalone ( 542264 ) <wzm.pylae@com> on Tuesday August 20, 2002 @10:30AM (#4104993) Homepage
    Interesting idea. It seems to be a standard proxy that attempts to make the encryption seem to be unencrypted data. The trick will be making it transparent to the user, but still having it protect the data (if everyone in China starts requesting just .png files, from just a few servers, it would be awfully suspicious). I'd also imagine that the http requests could get awfully cluttered if they are encrypted into patterns. How will they avoid having the patterns be recognizable to interceptors? It will be interesting to see what the system ends up looking like.
  • by kenp2002 ( 545495 ) on Tuesday August 20, 2002 @10:31AM (#4105005) Homepage Journal
    Concerning the slow death of the internet I am suprised that no major effort has been made to create a new layer and method of communication over the Internet that, through the use of a well written EULA and some pre-emptive patenting create a new tunneled Internet piggy-backing on the old Internet. THrough the use of a distributed network similar to Gnutella one could have, say unlimited space to create a site. Then clients on the network replicate through a protocol (EULA'ed and Patented with Encryption) the site to neighbors based on demand and requirments. I shouldb't be that hard for some of those closet geniuses out there. Then in the EULA prohibit commerical use of the protocol that way we can get back to what the Internet is for, free information exchange. I can even think of an efficent way to replicate the site. Every client on the network (say A---B---C----D) can access the page at it's home address. Then I maintains a cached copy in a PGP'esque format. (Lets say B makes a call to D) B Now contains an encrypted cache of B (Scripts and all, the new format lets assume compiles in scripts). A requests D but B has a copy so A only goes out and gets a key from D to decrypt B's contents. Then A and B could hash their data and split it. (I am using a linear diagram but in a star map you could see the advantage of the hashing). I mean come on it's fool-proof way to eliminate commericals on the net. Create the protocol and throw encryption into it (Gaining the DMCA as a layer of defense) and then patent it BEFORE the public launch) and write a solid EULA to prevent commerical use (unless they pay a 99.9999% royalty rate on the gross revenues!). Do it! you know you want to!
    • Whoa that is supposed to be B reqs from D, not B reqs from B! Sorry, I am eating as I write.... Damn /. ... gr.... still needs a speel checker (Spelling error was intentional btw.)
    • by Hard_Code ( 49548 ) on Tuesday August 20, 2002 @10:51AM (#4105178)
      Isn't that called FreeNet?
      • FreeNet lacks a serious push. It's missing something, I don't know what, but it's missing something...
      • Freenet works until the usage of freenet is blanketly outlawed. Freenet fails with the totalitarian argument : "you wouldn't be using encryption if you didn't have anything to hide".

        This not only encrypt the content, but also maskarades as an innocent-looking, 100% normal, everyday happening communication.
    • by richieb ( 3277 ) <richieb@g[ ]l.com ['mai' in gap]> on Tuesday August 20, 2002 @10:57AM (#4105224) Homepage Journal
      Concerning the slow death of the internet I am suprised that no major effort has been made to create a new layer and method of communication over the Internet that, through the use of a well written EULA and some pre-emptive patenting create a new tunneled Internet piggy-backing on the old Internet.

      But a wireless grid network that just runs on our own computers, could potentially bypass the current internet infrastructure completely.

      We each will turn into a micro-ISP, providing little routing and little storage for our neighbors.

  • you could take this a step further and change not only the transmission system but also the user!
    what if you trained yourself to read numbers?
    no more slashdot at work, oh no just a spreadsheet :)
    a lot of work? perhaps, but who would catch you?
  • solution (Score:3, Funny)

    by igottheloot ( 573080 ) on Tuesday August 20, 2002 @10:38AM (#4105065)
    here's a solution, parse censored websites as haikus!

    how come when chinese
    build wall damn mongolians
    try to knock it down
  • Having mixed feelings? Everyone hates censoring, unless it suits us [slashdot.org], right?
    Or is it that we completely support censoring? Or completely against it?
    Can there be a middle ground??
    • Hi, i'm sorry, has your head fallen off today? The issues at hand are safety, privacy, and censorship. The RIAA is suing our common carriers to CENSOR listen4ever.com. The RIAA and MPAA have made public their decisions to ATTACK YOUR COMPUTER if they _SUSPECT_ you of having "illegal" media. Here, we are discussing methods for getting around certain filters. RTFA -- and then move to china and see how you feel. This is about getting information _you_ want. The RIAA deal isn't about censorship -- the article YOU quoted is an ISP protecting its subscribers from the RIAA's previously declared attacks.
    • /. is not censored. It is edited. You can still read all of the posts.
  • Obvious Question (Score:2, Insightful)

    by Mirk ( 184717 )
    I Am Not ANAL, but --

    Does this sort of use of circumvention measures constitute breaking the DMCA?

    • IANAL - UORAL

      Which are used to protect copyrighted content.

      Generally, they have to be able to argue that you broke a copy protection system, even lame copy-protection systems (Adobe's ROT13 for EBooks), or copy-protection systems that do little to prevent copying (DVD-CSS), but rather limit playback and conversion to other formats.

      I can understand why one would think the DMCA's anti-circumvention section applies too all forms of circumvention giving the way the law has been abused (Threatening Academics with Lawsuits), but it really only applies to copy protection systems.

  • "using covert communication and steganographic techniques"
    Good idea, but IMHO it will be expensive to implement, and then the question is who would really want it. Of course dont expect your office people to install it. Maybe certain organizations want it... and then also what garuntee is that it wont be made illegal under some god awful bill.
    Till now it has been true that technology has always been a step ahead of censorship, but with the current state of laws, this wont be true for long.

    I am positive that by the time a proper implemention comes out somebody will table the bill to ban it, then we will all cry hoarse in slashdot. The story will make to /. hof...
    Paranoia? Not exactly.. censorship is here to stay... and it is getting bigger.
  • If I understand this correctly a public server (probably a public web site) needs to host the Infranet server bit to fetch the actual site the user wants.

    What's stopping the 'censor' blocking access to servers that are known to run Infranet? If the user / client software can find out which servers support it, the censor can.

    Maybe I'm missing something, but it seems pretty flawed to me.

    • Read the paper dearie....specifically....
      http://www.usenix.org/publications/library/proceed ings/sec02/feamster/feamster_html/figures/sys-arch .png
      it requests a SEEMINGLY INNOCUOUS website -- the data comes in via modulation in the http stream.....they only get ~1kb per http request. (from the article). its highly inefficient -- but it works.
    • "What's stopping the 'censor' blocking access to servers that are known to run Infranet?"

      Well, I guess the plan to enable it by default on Apache installations is one thing stopping that...
  • Proxy Avoidance (Score:5, Interesting)

    by irregular_hero ( 444800 ) on Tuesday August 20, 2002 @10:55AM (#4105204)
    I have quite a bit of experience with a few of the "censor" systems that exist due to my work in Infosec at the corporate level. I have to say that, based on my reading of the whitepaper, I'm uncertain that this will be a sufficient way to bypass most of the censorware that is widely deployed on (at least) corporate network gateways.

    The problem here is that the "Infranet" software must talk to the responder directly in order for its steganographic stream to be understood. In the parlance of at least one censorware product, this type of thing would be classified as a "Proxy Avoidance System" and be blocked accordingly. This might be effective against keyword blocking due to the nature of the information being transmitted, but if used as a straight proxy bypass, most censorware products would only need to know where the responders are.

    This method would be more difficult to detect than a straight proxy-through, but it still doesn't account for the fact that the "responders" must be known in some way to the transmitter. If a series of public responders is set up, it would only be a matter of time before those sites would be sewed up tighter than a drum by most "reputable" censorware companies' research teams.

    As it is, it's not terribly difficult to bypass censorware if you have the ability to put something up on the outside to bounce off of. Nearly all of the production censorware that I see does absolutely nothing with HTTPS -- and the lax security of most firewall policies doesn't restrict the destination port of a standard HTTP/1.1 CONNECT request. With that available, give me any SSH server on the outside and I can get an encrypted session running to a proxy in a matter of minutes.

    Come to think of it, I've never heard the people complaining about censorware's _limitations_, only about the limits that it places on them. The truth is that every one of them is imminently bypassable already. Why bother with steganographic communications unless you live in a place where even initiating encrypted communications would put you in the pokey?


  • Isn't there already something from a recent "Hacker Convention" (or something sounding more omninous) that can aid the user to circumvate state censorships ?

    Sorry I don't remember exactly which "convention" is it, nor the name of the "stuff" (mebbe a program, mebbe a suggestion or an on-going project).

    If anyone has more info, please post it here. Thanks !

  • 1. Freenet (progressing at glacial speed) at www.freenetproject.org but very active with anonymous IRC, Frost (like Usenet), Freesites, etc.

    2. Gnunet www.gnu.org

    3. and finally cDc is coming out with an anonymous P2P network sometime this month. (at least they claim)
  • First we just had the internet, then came intranets and extranets, now we have something called an infranet? Christ, what's next? endonet? perinet? epinet? ultranet? hypernet? Just not satisfied until we've used all the greek prefixes, are we?
  • Among those not mentioned (to my knowledge) are:

    Peekabooty (http://sourceforge.net/projects/peekabooty/)

    JAP - Just another proxy (web page is down, but you may be able to find the app out there)

    Both of these apps create a local proxy which to my understanding fits the specs of the MIT project. My feeling is the more the merrier, as long as no spyware is added.
  • by Anonymous Coward
    While it may be difficult to detect steganographic content in an image file, it is not that hard for a content filter to effectivly eliminate all steganographic content. In the case of China, all they need to do is apply their own steganographic data to each inbound image file.

    Or, they could hold a copy of each image file the first time it is requested. Then, whenever the image is requested again they could compare the two. If the image files are not identical, then that is a clear sign of steganography, and they could then persue furthor investigation.

    Come to think of it, the U.S. could do the same thing. I wonder if they are. It would certainly be an interesting way of feriting out potentuial terrists. Assuming that terrorists actualy use steganography.
    • This doesn't invalidate your point (although it does make filtering harder) but steganography doesn't have to hide the data in a picture. You can hide data in a sound file, in a text stream, a binary download, or any other data stream in which what you pull down is not absolutely rigorously patterned.

      Steganography most commonly uses pictures right now since they're large and easy to hide data in, but it doesn't have to.
    • that is absurd. assuming that everyone that uses steganography is a terrorist is akin to assuming everyone who uses ssh is a cracker.

  • ThinkCrime (Score:4, Interesting)

    by oldstrat ( 87076 ) on Tuesday August 20, 2002 @12:19PM (#4105872) Journal
    There are some terms that need to be avoided and or discarded if we are to succeed at returning freedom to the Internet (and elsewhere).
    First to go is the beloved and maligned 'hacker', we lost on that one, it's gone no matter what effort is used to returned the word to it's productive and wholesome origin. Using hacker is going to throw red flags in too many places to make it worth the risk of losing a fight that is about a lot more than words.
    Lets substitute something harmless, instead of hack and hacker, make it repair and repairer.

    other words some of the used in the infranet website are;
    censor/ed, change to impair/ed
    circumvention, to repair (don't used 'fix')
    covert, to reliable.
    Maybe some of you can see where I am headed.
    The title for the Talks would change from:
    Infranet:Circumventing Web Censorship and Surveillance to,
    Infranet:Repairing Web Impairment and Data Leakage

    For those who didn't get it yet, here is the point.
    Our inside terms have spilled to the outside and been manipulated to the darkest of interpretations.
    The inside terms have then been used to propagandise the public into accepting them, and then it gets codified into law.
    Lets get out of our terms and sic the thought police on themselves by being more descriptive, and not letting them play us with our own words.
  • The key to success for a scheme like this would be for responder websites to be not just inocuous, but also very popular in their own right. Since by design you have to block ALL traffic from the responder to stop the Infranet traffic, you'd get a huge outcry from the user base. Plus these sites have very dynamic content, so seeing the same URL come across with different content would not in itself be suspicious.

    In the case of corporate proxy filtering, news and financial sites like CNN and the Wall Street Journal would be useful. In the case of foreign country censorship, you'd have to use non-news sites because objective reporting is exactly what they're trying to block.
  • As far as I'm concerned censors need to be lined up and mass exacuted.. Damn it I going to get myself shot at again. Ok.. Forget what I just wrote!

The Tao is like a glob pattern: used but never used up. It is like the extern void: filled with infinite possibilities.

Working...