Follow Slashdot stories on Twitter


Forgot your password?
Censorship The Internet

50,000 Users Test New Anti-Censorship Tool TapDance ( 198

The CBC reports: What if circumventing censorship didn't rely on some app or service provider that would eventually get blocked but was built into the very core of the internet itself? What if the routers and servers that underpin the internet -- infrastructure so important that it would be impractical to block -- could also double as one big anti-censorship tool...? After six years in development, three research groups have joined forces to conduct real-world tests.
An anonymous reader writes: Earlier this week, Professor Eric Wustrow, from the University of Colorado at Boulder, presented An ISP-Scale Deployment of TapDance at the USENIX Workshop on Free and Open Communications on the Internet. TapDance is an anti-censorship, circumvention application based on "refraction networking" (formerly known as "decoy routing") that has been the subject of academic research for several years. Now, with integration with Psiphon, 50,000 users, a deployment that spans two ISPs, and an open source release, it seems to have graduated to the real world.
"In the long run, we absolutely do want to see refraction networking deployed at as many ISPs that are as deep in the network as possible," one of the paper's authors told the CBC. "We would love to be so deeply embedded in the core of the network that to block this tool of free communication would be cost-prohibitive for censors."
This discussion has been archived. No new comments can be posted.

50,000 Users Test New Anti-Censorship Tool TapDance

Comments Filter:
  • With Google, Facebook, Twitter and Cloudfare all deciding they get to be the worlds nannies this may just what the doctor ordered.

    • by Nutria ( 679911 )

      But how does this help when:

      1) Oppressive Regimes don't install this routers, and
      2) hosting & DNS servers and CDNs cancel your service?

      • by Anonymous Coward

        1) Oppressive Regimes don't install this routers

        Doesn't matter. This relies on friendly regimes installing the functionality. The redirect works whenever someone accesses any site that hosts the redirect capability. The censoring country can only stop the redirects by banning access to all servers that run it. If enough servers run the redirect capability, this is what TFA calls "prohibitive to block" since they'd have to cut off access to basically the internet itself.

        2) hosting & DNS servers and CDNs cancel your service?

        It doesn't help in this case at all. That's not its point.

        • by hsthompson69 ( 1674722 ) on Sunday August 20, 2017 @10:11PM (#55054587)

          Yeah, but something doesn't smell right - if friendly ISPs can recognize this protocol and aid and abet the bypassing of firewalls, then censoring entities can *also* recognize this protocol.

          Where's the method for preventing interception of the initial handshake?

          • TFA doesn't provide much technical info, but the papers it links to explain this in some detail.

            In a nutshell, crypto and steganography: using the public key of the system, the client hides a signal in a TLS connection, which the TapDance station can recognize because it knows the private key. If you don't know the private key, the TLS connection looks like an ordinary stream of encrypted TLS records. In fact, it is a valid TLS connection, so the server doesn't think anything is weird about it either.

            • Read the paper, but it wasn't terribly clear either - they seemed more interested in scalability than operations.

              Anyway, so the trick is you need to make sure that end users behind the firewall can get your public key...which, if they're doing DPI, they can filter out, so that someone has to send it via snail mail, or otherwise stego it somewhere. Difficult, but not impossible.

              I guess the other problem is if the censors shove you behind an encryption terminating firewall (i.e., they insist you instantiate

              • They had the Psiphon folks doing the operations side of things. There's a presumption that the users can get the Psiphon software through some mechanism, and install it on their computers. I guess the Psiphon bundle includes the public key, maybe hidden in some way, maybe not, but in any case if they've figured out some way to sneak the Psiphon bundle past the bad guys, sneaking the public key past the bad guys seems like it wouldn't be any harder.
                • Yeah, that makes sense.

                  I was thinking the other way they could implement would be with some port knocking sequence to the friendly ISP - that crap is hella hard to notice, even with DPI. I wish there were more useful implementations of it, but my bet is the deep state is intent on suppressing that kind of tech.

    • by Anonymous Coward

      You did not even read it did you? It is just a way for internet users to bypass (government) blocks. It does not solve the problem of denying people a forum to spout their ideas in the first place.

      And I doubt it will work as intended. The Chinese will just label it a "circumvention device" and punish anyone that will provide this infrastructure right from the start. In fact, they have already started by demanding all information of chinese users will be stored on servers in China. China will not hesitate to

    • Tor, I2P, vpngate. (Score:2, Interesting)

      by Anonymous Coward

      The technologies are already there.

      The former two need more development work, since many of the obfuscation formats for networks utilizing DPI have been fingerprinted sufficiently to kill connections/flag suspected users.

      The latter, vpngate, works out of the box and has rotating IP addresses and many 'volunteer' outproxies. Unlike Tor it works with both TCP and UDP, doesn't support port forwarding (limiting p2p apps running through it to client-only modes.)

      I2P supports both stream and datagram style packets

    • Except they aren't and this won't help.

    • So what will stop you from clicking on the link that downloads malware. Spyware, and other harmful material.

      Unfortunately the process to protect your network from bad actors is also the same technology to "protect" your government from alternative interpretations of history.

  • by Anonymous Coward

    See subject: It's what I believe in. No matter who you are/what your views are you have the right to speak (especially if you back it w/ fact. Not just "relative truths" but absolute hard fact). It's up to others to listen (or not) but if "a truncheon is used in lieu of conversation" we have a problem.


    P.S.=> A truly VERY serious problem that subverts 1 of this nation's fundamental values & rights... apk

    • by indi0144 ( 1264518 ) on Sunday August 20, 2017 @11:24PM (#55054805) Journal
      Correct me if Im wrong but weren't you, Americans, the ones that beat the crap out of the nazis and chest pounded over that fact for the next 60 years? And now you are getting all triggered because some wannabe nazi gets bitchlapped on the street? What the fuck happened to you America? How many RPMs do your grandparents are getting on their graves? How come you got so easily manipulable all for defending a $party that does not give a fuck about you.

      Is this karma for all the presidents you planted on "banana republics" that now you are going even lower in the cognitive dissonance regard?
      • by AmiMoJo ( 196126 )

        2015: Sorry snowflakes, there are no safe spaces in real life

        2017: Help I need somewhere safe to discuss my nationalist bullshit

  • Unaddressed question (Score:5, Interesting)

    by 93 Escort Wagon ( 326346 ) on Sunday August 20, 2017 @07:06PM (#55053991)

    As described in the article, it seems like this might be ripe for abuse as a hard-to-block DDOS tool. How would that be prevented?

  • They want an ISP-based system, but TFA does not makes clear that there are some ISP willing to implement the idea.

    One problem I foresee is that there seems to be no gain for a participating ISP, and most ISP are primarily driven by profit.

    • TFA (well, the second one, the USENIX paper) makes it clear that there are already two ISPs running this software.

      Not a tier-1 ISP, granted, but MERIT carries a pretty large chunk of the traffic in and out of the Midwest. It's a start.

  • by Gravis Zero ( 934156 ) on Sunday August 20, 2017 @08:18PM (#55054203)

    What they are failing to recognize is that repressive governments can dictate what people can and cannot run on a server within their own borders. You can argue they can use servers outside their borders but that's just likely to cause them to completely segment their chunk of the internet.

    The real-world result of this tool is going to be enabling individuals that were banned from various sites for ToS violations to continue spreading hate/spam on those sites.

    It's good in concept but the reality is the $5 wrench will win. []

  • Refraction networking certainly makes it very difficult but not impossible to intercept comms. Would it not be possible to 'mandate' the use of a govt-sponsored root certificate on browsers? They could then do man-in-the-middle decryption at the router level. This would require a massive effort, but then the Great Firewall is pretty massive.

  • FreeNet (Score:5, Interesting)

    by Anonymous Coward on Sunday August 20, 2017 @08:56PM (#55054311)

    How is this better than FreeNet?

  • this means that people like the KKK and white supremacists can finally avoid being censored?

    That's good, right?

    • this means that people like the KKK and white supremacists can finally avoid being censored?

      That's good, right?


      Because if you can censor the KKK, you can censor anyone. And those that support censorship are never satisfied.

      • by Jzanu ( 668651 )
        If the KKK and Nazis just wanted to talk then they wouldn't kill people or carry rifles like hand bags. As it is, they bring violence upon themselves, or mockery. I prefer to mock the little fake-ass imitation soldiers who are so stupid they can't even tie their own fucking shoes without pictorial instructions.
        • by sycodon ( 149926 )

          So far the Left has murdered 10 cops in cold blood and shot up a bunch of politicians.

          Your "Nazi" boogeymen haven't even showed up at their protests. Now we have one dead courtesy of the Nazis and you are getting your panties in a twist? I'd think someone who supports a group that has been so efficient at killing an injuring people over the last year would have a bit more fortitude.

          • by Jzanu ( 668651 )
            You are a stupid fucking idiot, I'm German so have nothing to do with US political bickering. My position is vehemently anti-Nazi though. I will destroy any Nazi or sympathizer who attacks anyone. That does include killing them in a war, and to prevent them killing others as part of a revolution. Otherwise they are stupid fucks who get treated like the clowns they really are inside.
            • by Mashiki ( 184564 )

              You're a fucking idiot then. There was more damage in and to Germany from antifa and their ilk in the last year, then there has been by actual nazi's in the last decade.

        • How much does Putin pay you to agitate against freedom of speech and undermine American values?

        • Then arrest those that commit crimes and let the rest speak. What exactly is your problem?

          • Honestly that was the point of my comment, but I fear Poe's Law got in my way.

            I just got torched for insisting that Google de-listing 'hate sites' is a dangerous slippery slope, prompting my post here.

  • Down under we're busy blocking more torrent sites - like that ever worked in stopping piracy... []
  • Finds new ways around social media censorship and SJW bans.
    If the activist big brands want to remake the www, the internet will just find new services and methods of moving new content and data around.
    The more social media and big search engines ban words, thoughts, authors, publications, politics, reviews, comments, users, blasphemy, history, whistleblowers, cryptography the more people seek new networks that support freedom of speech.
    The users now have the bandwidth to move text around globally.
  • TFA: "The user's circumvention software tags this innocuous request with a little extra data — basically a secret flag the censor can't see that says "Hey, I actually want this request to go somewhere else.""

    Secret flag? That sure sounds really a bullet proof method from the 80's. I'd like to know more details of it. It can't be fixed to anything, because investigating the packet payload is trivial and dropping all the unnecessary headers is also easy. Censors can see every byte you send, so hiding in

    • The protocol works by piggybacking a TLS connection to an unblocked host and hiding data in the ciphertext ("chosen ciphertext steganography"). This hidden data is separately encrypted with the ISP's public key and invisible to everyone else, camouflaged within the regular ciphertext which also looks like random noise to anyone without the key. All the censors see is a standard TLS connection to a perfectly normal and uncontroversial web site. An active MitM interception (with TLS proxy certificates install

After all is said and done, a hell of a lot more is said than done.