Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Behind the Magic of Anti-Censorship Software

CmdrTaco posted more than 7 years ago | from the something-to-think-about dept.

Censorship 40

Regular Slashdot contributor Bennett Haselton writes in to say "The December 1st release of Psiphon has sparked renewed interest in the various software programs that can help circumvent Internet censorship in China, Iran, and other censored countries. (Some of this interest undoubtedly being motivated by the fact that many of these programs also work for getting around blocking software at work or school.) Have you ever wanted to understand the science behind these programs, the way that mathematicians and codebreakers understand the magic behind PGP? If you loved the mental workout of reading "Applied Cryptography", have you ever wanted a tutorial to do the same for Psiphon and Tor and other anti-censorship programs?" The rest of his editorial follows.

Well, here's a primer, but you might be disappointed. Like making the Statue of Liberty disappear, it doesn't sound very cool once you know how it's done; the truth is that most anti-censorship programs, including mine, only work because the censors are not trying very hard.

(Note that I am going to be talking about ways that certain anti-censorship programs can be defeated. I don't believe that this is giving much help to censors, because these are obvious weaknesses that would occur to anyone who knows how the programs work. For reasons I'll get into at the end, I don't think these weaknesses actually make much difference.)

Basically, all anti-censorship programs fall into two categories: those that require you to have a helper outside of the censored country, and those that don't.

Take Psiphon. To use Psiphon, someone in a non-censored country has to install it on their home computer, which turns their computer into a Web server with an interface similar to Anonymouse.org, where you type in the URL of the page you want to view and it fetches it for you. The difference, of course, is that Anonymouse.org is widely known and blocked by any self-respecting Internet filtering system, while your newly created Psiphon URL pointing to your home computer is not blocked anywhere, yet. So if you set up a Psiphon URL on your computer in the U.S. and e-mail it to your friend in China, your friend can use it to surf wherever they want. (Note that this also has the desirable property that the person in China doesn't have to install any software, so they can use the URL even from a cybercafe computer with restricted user permissions.) The hurdle, of course, is that the person in China has to have a contact outside the country to help them. This is not a huge barrier for many Chinese, but it still means the program doesn't have the instant gratification property of something that you turn on and it just works.

Peacefire, by the way, had released the Circumventor program in 2003 which did essentially the same thing. (And the Circumventor was itself really just a wizard for installing a Web server with James Marshall's CGIProxy script, which deserves most of the credit, although the Circumventor did help bring it "to the masses", since most users don't have the ability to set up an SSL-enabled Web server themselves.) Psiphon made some improvements, namely:

  • Ability to create password-protected accounts to restrict the URL to certain users.
  • Smaller download (although it may not matter much since only broadband users would be installing it anyway).
  • Ability to run on Linux. (Circumventor only works on Windows, although you can install CGIProxy on a Linux webserver if you know how.)
Circumventor has some of its own advantages, although they're the kind that could easily be incorporated into Psiphon soon:
  • A wizard to help users forward incoming connections on their router and enter exceptions in software firewalls to make the software work. (If they want to. No tweaking people's firewall settings without asking them!)
  • Slightly harder to block, due to some strategies such as using a different SSL certificate for each install (Psiphon uses the same one each time).

And both programs fall victim to the same attacks, although as far as I know, none of these have been implemented in practice:

  • Blocking sites whose SSL certificates do not match the site hostname (easier for a censoring proxy server like the ones used in the Middle East, than for an IP firewall like the Great Firewall of China).
  • Blocking outgoing Web connections to residential IP address ranges like Comcast.

But basically, they're the same program -- so the difference in press coverage has been illustrative of how much context matters to reporters. Psiphon is the "politically correct" version -- they've played down the fact that it can be used to get around blocking software in schools and played up the fact that it can be used to beat the censors in China and Iran, and the press coverage has focused exclusively on that human rights aspect. The Circumventor was also written to help foreign victims of censorship, and articles have been written about its uses for that purpose, but I've also been unapologetically promoting its use to get around blocking software at home and in school, as part of an advocacy for greater civil rights for people under 18. (Also because the more installations there are in the U.S., the more it helps users abroad.) As a result, some of the TV news pieces about it have used such ominous music and lighting that they practically looked like recycled footage from "To Catch a Predator". Of course, Psiphon can be used for exactly the same thing. (I also emailed some of the reporters who recently wrote about Psiphon, to tell them about Circumventor; so far, I haven't heard back from any of them, but I doubt they're being politically correct this time, I think they're just not thrilled that C-Net scooped them by three years and seven months.)

So, Psiphon and Circumventor fall in the first category -- programs that only work if you've got a contact outside the censored country to help you. In the second category is Tor, which was originally written to provide mathematically secure anonymity, but had the nice property that it could be used to get around the Great Firewall of China as well. With your browser in China using Tor as a proxy, packets are routed to other Tor nodes outside the country, which connect you with any blocked Web site that you want to see. Best of all, you just install it on a machine in China, and presto, it works, no nagging your expat cousin in the U.S. to install something on their computer to help you. Dynamic Internet Technologies, run by Chinese dissident Bill Xia in North Carolina, runs another service that works "out of the box" -- you send an instant-message to one of the DIT screen names, and it replies with a list of currently running Web proxies. (Bill has asked me not to publicize the actual screen names that perform this service, because it's intended only for Chinese users. I think that's a case of "security through obscurity", but I respect his wishes.)

Unfortunately, all such "instant gratification" solutions have the same basic weakness, which by a simple argument can be extended even to hypothetical future programs in the same category. In the case of a program like Tor, the censor only has to install the software, look at what IP addresses the software connects to when it bootstraps itself, and add those IP addresses to the blacklist. Even if the software chooses at random from multiple IP addresses to bootstrap to, the censor can still obtain all of them by repeatedly re-installing the software (possibly wiping the machine each time so the software can't tell that it's been installed before). No matter how you slice it, if Alice the legitimate user and Bob the censor download the program on the same day, Bob can make the program not work for Alice if he updates the blacklist quickly enough. He doesn't even have to reverse-engineer the software, he just has to use a network sniffer to see where it connects to. (For DIT's proxy-by-instant-message system, the censor can instant-message the screen name repeatedly, from different accounts, until they've collected and blocked all the available proxies; this would be analogous to re-installing Tor repeatedly and seeing what IPs it connects to.)

Peacefire has produced other approach which is a simple, obvious idea, and it was quite by accident that we found out it slips through the cracks of the seemingly "unsolvable" problem with instant-gratification outlined above. Like the other solutions, it works only as long as the censors are fairly lazy, but they are, and it does. About 30,000 people have signed up through a form on our site to be notified each time we create a new Circumventor site and mail it out, every 3 or 4 days. Agents of the blocking companies have joined the list too, of course, but we mail different sites to different subsets of the list. Now, an attack analogous to the attacks listed in the previous paragraph, would be for the censors to join under many different accounts, and then block any site that gets mailed to any of those accounts. But the catch is that when an address joins the list, a new site doesn't get mailed to that address until some random time in the future. So the censor has to check all of the fake Hotmail accounts that they've created, over and over, if they want to block all of the new sites as soon as they're released. Hardly impossible, but the censor can no longer use the instantaneous approach of: (1) enter the system / join the list / install the software; (2) see where it connects to and block those points of access; (3) repeat. (If we instantly e-mailed a randomly selected site to each new signup, then this attack would work.) By going from instant gratification to almost-instant-gratification, you change one of the conditions for the theorem stated in the previous paragraph, so that it no longer holds true. Still, like Tor and the DIT system, it could be blocked with a moderate amount of effort.

The Tor protocol, by the way, has been the subject of a great deal of sophisticated mathematical analysis, really brainy stuff that is beyond the scope of this article. But it's important to understand that that analysis focuses on the security of the Tor protocol for achieving anonymity. For anonymity, the protocol is very strong; for routing around censorship, it's fairly straightforward to defeat. That's not at all a criticism of the Tor developers; Tor was designed to achieve anonymity, and just turned out to work for beating censorship as well -- but only, of course, as long as the censors aren't making much effort to block it.

Which all leads to the obvious question: Why have the censors not bothered?

Nobody knows for sure, but I fear the answer is that the Chinese government and other censors know that the greatest weapon in their arsenal is not IP blocking, or keyword filtering, or even the threat of arrest. It's just apathy. The Chinese censors know what we anti-censorware developers in the free world keep forgetting: that most Chinese are not liberty-minded Jeffersonians chomping at the bit under the oppressive yoke of their government and waiting to be freed by circumvention software. As Michael Chase and James Mulvenon of the RAND Corporation put it in their report on Internet usage by Chinese dissidents, You've Got Dissent!: "[A]lthough some peer-to-peer applications... are designed specifically to combat censorship on the Internet and address privacy concerns, most Chinese Internet users are undoubtedly more interested in using peer-to-peer applications for entertainment purposes such as downloading MP3 music files." The censors know what Netscape knew when they fought tooth and nail against Microsoft including Internet Explorer on the desktop of every Windows machine: defaults matter. It doesn't matter that users can go to Netscape's site and download their browser, and it doesn't matter that users can access a banned site by installing a cool p2p program. Most people just don't.

When I first started working on the Circumventor, I assumed that since the Chinese Internet censorship bureau reportedly employed about 30,000 people, surely if they were already spending that much effort and money, they'd throw plenty of resources at defeating any new anti-censorship program, so the Circumventor would have to be able to withstand any such attack. But I was wrong. According to the RAND corporation paper, the censors have been quite busy, for example, policing political forums for dissident postings that other users might casually run into. But they apparently assume -- correctly, it seems -- that content doesn't pose much of a threat if users have to go out of their way and download a program to access it. And if the user has to have a friend outside the country to help them, then forget it.

This is not to downplay the enormous good that programs like Tor, Circumventor and Psiphon can do in bringing free speech to the people in censored countries who want it. But it's easy to forget that those often do not comprise a large part of the population.

One of the biggest disappointments for me came in May 2005 when I was looking for ways to get around the word filter on MSN China's blogging service. Microsoft, apparently acting on public relations advice from Lex Luthor, had decided to filter the words "freedom", "democracy", and "Taiwan independence" from the titles of blogs on MSN China. (I know, I know, they have to comply with Chinese laws to do business there. But I don't think the Chinese have actually outlawed the word "democracy".) Eventually I did find a loophole, so I searched on MSN for some Chinese blogs published by expatriates to ask them to help test the workaround for me. With a few exceptions, most of the bloggers were rather hostile, saying that they supported their government's efforts to censor the Internet and to stamp out Falun Gong as a dangerous "cult". (These were expats living in the U.S., so presumably they were not worried about the Chinese government sending a tank across the Pacific to run them over if they criticized the ruling party. Even if they thought they had to watch what they said because they might someday return to China, or because they still had family there, surely it would have been easier just to ignore me; the hostility that I encountered sounded genuine.) The moral is, no matter how much your movement believes in its efforts to help oppressed people, you can't just assume you'll be greeted as liberators (ahem).

So now you know most of what there is to know about the state of the art in anti-censorship software. It's just that there is less to understand than the hype originally suggests -- the programs aren't really secure, but they work because the censors aren't really trying. And there aren't any cool mathematical formulas that you can impress your friends with -- for that, you'll still have to go back to Applied Cryptography. It's a lot less impressive to be the Bruce Schneier of circumvention algorithms than it is to be the real Bruce Schneier.

cancel ×

40 comments

Sorry! There are no comments related to the filter you selected.

RTFS anyone? (-1, Offtopic)

4D6963 (933028) | more than 7 years ago | (#17313170)

Nobody usually reads the article, but now with such a summary, who's gonna read anything past the title?

Re:RTFS anyone? (-1, Offtopic)

4D6963 (933028) | more than 7 years ago | (#17313248)

Oh by the way if anyone could make a summary of the summary, I'd greatly appreciate it.

Re:RTFS anyone? (0, Offtopic)

arachnoprobe (945081) | more than 7 years ago | (#17313280)

In the time it took you to write those two posts, you could have read it. :)

Re:RTFS anyone? (1)

4D6963 (933028) | more than 7 years ago | (#17319712)

Anyways damn, one really has to wait for a few hours to start not-so-on-topic discussions, mainly if it's in the two first posts :)

Re:RTFS anyone? (0)

Anonymous Coward | more than 7 years ago | (#17313540)

Oh by the way if anyone could make a summary of the summary, I'd greatly appreciate it.

1) These applications are trivial to design and develop.

2) They're notable only for the developer's skill at getting himself media attention.

3) This "summary", which I don't recall anyone clamoring for, is a perfect example of #2.

Re:RTFS anyone? (1)

Iberian (533067) | more than 7 years ago | (#17313298)

I did! Said something about China and censorship which of course means the following.

China is bad

Censorship is evil

USA is evil and worse than China

Slashdotting 101: Find the editors buzz words; Post appilicable rant; and ummm thats it.

Re:RTFS anyone? (1)

endianx (1006895) | more than 7 years ago | (#17313356)

The article is blocked for me here at work as "Proxy Avoidance". I find long summaries useful in such cases.

Re:RTFS anyone? (1)

another_fanboy (987962) | more than 7 years ago | (#17315890)

Nobody usually reads the article, but now with such a summary, who's gonna read anything past the title?
Does this mean they will start censoring the summaries as well as the articles?

Another option: JAP (1)

elmar1234 (1042200) | more than 7 years ago | (#17317696)

Too bad nobody mentioned JAP yet. It's similar to TOR, except it uses pre-defined anonymizing proxies rather than random nodes (so you know exactly who you're trusting). It will also circumvent censorship, and it's pretty much unblockable. Every client has an option built in to share his bandwidth for people who are behind censoring firewalls, esentiallly becoming another public proxy. This means that if you need to get around censorship, you can have JAP (the client program) automatically supply you with a fresh, unblocked proxy address. Check it out at http://anon.inf.tu-dresden.de/index_en.html [tu-dresden.de] Psiphon gets publicity like crazy, but it actually doesn't do much besides being a simple proxy. Especially, it doesn't solve the main problem of how to find an unblocked IP to use. While JAP doesn't have slick marketing (new website coming soon, I hope), the technology is great, please take a moment to check it out. Elmar (Disclosure: I am currently one of developers of JAP, as part of my Master's thesis)

Censor Yourself (4, Insightful)

KermodeBear (738243) | more than 7 years ago | (#17313276)

the truth is that most anti-censorship programs, including mine, only work because the censors are not trying very hard.
Well, in that case, I recommend that you 'censor' yourself. Seriously. Apply some techniques that would make your software fail, then see what you can do to work around them. Then, if (when) China and other censorship countries decide to step up and do something you're already a few steps ahead of them.

Slashdot HYPOCRISY by PROUD ANONYMOUS! (-1, Troll)

Anonymous Coward | more than 7 years ago | (#17316424)

Hi,

Just wanted to say is perplexing the hypocrisy of Slashdot by calling people that don't create an account ANONYMOUS COWARD!!! All the talk about poor people in China and other repressive countries torturing internet users and instigating/advocating the use of anonymous software and call Slashdot users COWARDS. What kinda sheeit is this??!!

Please Slashdot if you can EXPLAIN this to me it would be really interesting, because calling Anonymous Coward to users without an account is an insult!!!

F.Y.S.A.S.O.B.P.O.S by F@#$ING PROUD ANONYMOUS!!!

Re:Slashdot HYPOCRISY by PROUD ANONYMOUS! (1)

Grimbleton (1034446) | more than 7 years ago | (#17319292)

Well, see, a lot of times people post without an account because they're afraid to let people know it's them holding that opinion. Thusly, it's easy to draw the conclusion that people posting anonymously = coward. Plus, it's free. Grow a pair and register.

Re:Slashdot HYPOCRISY by PROUD ANONYMOUS! (0)

Anonymous Coward | more than 7 years ago | (#17322904)

It seems Mr. Li didn't register his blog license.

Re:Censor Yourself (1)

thinkfat (789883) | more than 7 years ago | (#17322856)

Schneiers' Law applies.

Describing Tor as anti censorship software (2, Interesting)

Timesprout (579035) | more than 7 years ago | (#17313278)

is a tad disingenuous now isn't it.

Re:Describing Tor as anti censorship software (2, Insightful)

giorgiofr (887762) | more than 7 years ago | (#17313398)

Why? Tor was created to grant perfect anonimity. That would seem to be a prerequisite for anti censorship software, wouldn't it.

Speaking of censorship... (0)

Anonymous Coward | more than 7 years ago | (#17313500)

Why isn't there an option to only read -1 posts? I can't take the censorship on this site anymore.

Re:Speaking of censorship... (4, Interesting)

4D6963 (933028) | more than 7 years ago | (#17313634)

Why isn't there an option to only read -1 posts? I can't take the censorship on this site anymore.

In Preferences>Comments set +6 to all the down-mods.

Re:Speaking of censorship... (1)

Kjella (173770) | more than 7 years ago | (#17315704)

In Preferences>Comments set +6 to all the down-mods.

Anonymous Cowards (no, not you but GP) don't have account preferences. I drop to -1 every time I get mod points, but don't see why anyone would regularly do it though. Despite some cases of "I don't like you so I'll mod you down" at least 95% deserve to be there.

Re:Speaking of censorship... (1)

4D6963 (933028) | more than 7 years ago | (#17319564)

Oh yeah that's right, well, didn't pay attention. If he really wants any option to see only -1's he'll log in no matter what.

By the way, I think your signature explains extremely well the nuance between the two licenses, makes me wonder why I've always chose the GPL license over the BSD/MIT one when submitting SourceForge projects.

mod 0p (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17313560)

1. Therefore thEre future. The hand or chair, return Of a solid dose and distraction *BSD is dying It is very own shitter, to The original turd-suckingly be in a scene and

Sounds almost like a p2p proxying system. (2, Interesting)

wiredog (43288) | more than 7 years ago | (#17313572)

Which is what Skype does. Have you considered leveraging p2p algorithms such as bittorrent for this application?

Of course, you still need a 'supernode',which can be blocked, that the censored can connect to in order to get the list of proxies. Hmmm.

Need multiple paths to get to the supernodes. Maybe sending IP addresses via e-mail, IM, and other means? Which require some savvy on the part of the censored to use.

Tough problem.

Re:Sounds almost like a p2p proxying system. (3, Informative)

Sancho (17056) | more than 7 years ago | (#17313792)

They already talked about using IM to spread IP addresses. Ultimately, the problem is that there is no way to distinguish the 'good guys' from the 'bad guys'. Otherwise, you could just never send the IP information to the 'bad guys'.

The brute-force solution to the problem is to get everyone using anonymizing software like this, so that the options are to block all outside access (i.e. China blocks international IPs altogether) or to effectively let everyone have access to all the information.

Of course, the difficulty of doing this is extreme. Microsoft could pull it off by putting Tor into all of its products, but few other companies have any shot of getting anonymizing software on their computers. Of course, the anonymization itself has disadvantages: logging becomes useless (where'd that attack come from? A Tor exit node!), laws regarding the Internet become useless... effectively, the Internet becomes even more like the wild west, only you can't even have vigilante justice.

It's a tough problem to solve, indeed.

Re:Sounds almost like a p2p proxying system. (1)

Akdor 1154 (910963) | more than 7 years ago | (#17317906)

The problem seems to be getting the outside servers anonymous yet still accessible - but why not make the outside servers the ones that contact the inside clients, instead of the other way round?

Sure, it could open the way for easy detection of people on the inside, but there's more than one way to skin a cat.

Re:Sounds almost like a p2p proxying system. (1)

Sancho (17056) | more than 7 years ago | (#17320264)

That's going to be a neat trick. How are the servers going to find new clients?

Re:Sounds almost like a p2p proxying system. (1)

presentt (863462) | more than 7 years ago | (#17320588)

Akdor 1154:

but why not make the outside servers the ones that contact the inside clients, instead of the other way round? Sure, it could open the way for easy detection of people on the inside, but there's more than one way to skin a cat.

What if the connections were encrypted? The outside client would send an encrypted "ping" sort of deal that inside clients wait for, and when received, the client establishes a connection. Then there is no list of outside servers that can be sent via IM or email, and received by the censor. If the censor sets up a client, then the outside server could turn the tables and stop pinging the censor's client. It takes the control away from the censor.

Although I'm sure there's something wrong with this idea, or it would have been implemented by now.

Re:Sounds almost like a p2p proxying system. (3, Informative)

daranz (914716) | more than 7 years ago | (#17313866)

Tor *IS* a peer-to-peer proxying system [eff.org] , that makes it extremely difficult to trace traffic back to a source. The anonymizing is its primary purpose, although it achieves that by implementing a network of p2p nodes. Like the article said, its ability to circumvent censoring firewalls is a secondary feature, more of a side effect (see this FAQ entry [noreply.org] ).

Also, AFAIK, Skype does not actually route the voip traffic over proxies.

The trouble is.... (3, Interesting)

Kjella (173770) | more than 7 years ago | (#17313760)

...if you're an opressive government, you can simply assume that whoever is using an anonymous network is trying to pull something dirty, due process and innocent until proven guilty be damned. The whole article focuses on blocking in the future - what about logging the past? Look up the Great Firewall's logs of who's connected to that server, and you've got a bunch of people to flag/arrest. The only real cure is popularity - you didn't visit the network to be anonymous, you visited it because that's where all the mp3s/divx/warez/pr0n/whatever is. Sorta like Internet ;)

Re:The trouble is.... (0)

Anonymous Coward | more than 7 years ago | (#17315902)

"...if you're an opressive government"

The truth is all forms of government are in some way oppressive, though not necessarily overtly. I have first hand experience with this.

Economic oppression is just as oppressive as actual physical or political oppression. Since economic power is the parent of political power. Without economic power there is no political power beyond brute force available to individuals.

Take for instance those on disability in any modern 1st world country, they don't even get enough to afford rent and food and are forced to shack up to simply survive. They get a measly $969 a month, next they say if you have over $5000 in savings you aren't eligable for disability payments. If that's not economically oppressive I'm not sure what is.

Re:The trouble is.... (1)

Damastus the WizLiz (935648) | more than 7 years ago | (#17316610)

I know many working people that would love to be getting 969 a month. hell, at my last job I took home 300 every two weeks and that was working full time.

Irony department (3, Funny)

Anonymous Coward | more than 7 years ago | (#17313988)

Ha, thanks for posting the editorial. I was unable to get to the website however, as it was blocked by my companies web blocking thingy

Ytromll (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17314028)

Point of view... (3, Insightful)

cuby (832037) | more than 7 years ago | (#17314466)

A friend of mine is living in China and he keeps telling me that the average urban chinese is a lot like a western person. Simply doesn't care about politics.
Those that use these programs already appreciate the value of democracy. This is one of those matters where technology won't make a difference. Freedom must be pushed from the inside by example, by those who believe in it, even if it is extremely painful.

In Portugal, my country, we had a dictatorship during almost 50 years, and it was not outside influence that finally broke it. At some point a critical mass of will for change and for freedom was achieved and a revolution was made. In Spain, in a similar scenario, it was the death of Franco that allowed the ascent to the power of a more democratic government.
More over, different cultures see democracy through a different perspective, some give it the up most value, others see it as the way to get a corrupt pro western leadership, as in islamic public opinion. Others value more stability over freedom... In China, the current communist regime provided the greatest war free period in centuries.

To be successfully achieved and perpetuated, democracy must be actively wanted by the citizens.

Re:Point of view... (offtopic?) (1)

NekoYasha (1040568) | more than 7 years ago | (#17318840)

Freedom must be pushed from the inside by example, by those who believe in it, even if it is extremely painful.

In Portugal, my country, we had a dictatorship during almost 50 years, and it was not outside influence that finally broke it.

It's not just freedom of speech in the politicial sense. They would not even accept "free beer" let alone "free speech".

I tried very hard to push awareness of F/OSS to my colleagues, teachers and parents. (I'm a grade Senior Three, equiv. to grade 12 in the US). But none of them saw them interesting. I'm perhaps the only one in my class to use Firefox and Linux (Psst. I'm also a Microsoft fanboy).

Yeah, freedom must be pushed from the inside. But then it's not a matter of days. Be patient. But keep pushing.

Psiphon looks good... (3, Informative)

alexandre (53) | more than 7 years ago | (#17315240)

...and here are some more softwares and guides related to privacy, pseudo/ano-nymity and security:

tor.eff.org [eff.org] onion routing anonymizer
www.i2p.net [i2p.net] secure/anonymous interactive network
freenetproject.org [freenetproject.org] secure/anonymous distributed file system
www.turtle4privacy.org [turtle4privacy.org] f2f peer network
gnunet.org [gnunet.org] secure p2p infrastructure
www.cspace.in [cspace.in] secure p2p infrastructure
www.openswan.org [openswan.org] VPN with opportunistic encryption
silcnet.org [silcnet.org] secure internet live chat
ihu.sourceforge.net [sourceforge.net] p2p VoIP with crypto

wiki.noreply.org [noreply.org] How to give anonymous talks
azureus.sourceforge.net [sourceforge.net] azureus over p2p
cryptnet.net [cryptnet.net] guerrilla software development how to

Re:Psiphon looks good... (2, Interesting)

r_naked (150044) | more than 7 years ago | (#17320656)

Just to add to your list: anoNet [anonet.org]

Unlike the others you listed, anoNet is a full IP network built using standard OSS tools (OpenVPN [openvpn.net] and Quagga [quagga.net] being the heart of the network).

It is far from a perfect at giving absolute anonymity at the software level, it requires you to use some common sense. On the plus side, *you* get to decide who you trust and how much you trust them. Like TOR, the more people that are a part of anoNet, the more anonymous the network becomes. Think of the network in terms of old school BBSs.

If you are looking to join a network and just find loads of warez/porn/etc. anoNet is probably not for you. There is nothing to stop someone from hosting a warez site, and inside the network you are pretty darn safe. The reason you won't just find a huge stash is the fact that the network was built by people that believe in their privacy / right to free speech above all else. We are a bunch of network admins / Unix admins / programmers. Obviously we have no reason to pirate software since *nix is our OS of choice.

anoNet is what we call a Democratic Anarchy. There is a nice page on our wiki (inside the network) on what that means, but it is way too much to define here. Bottom line there is no kiddie porn, there will be no kiddie porn and don't bother connecting if you want to debate how not allowing kiddie porn is censorship. We picked a line, that line was kiddie porn and we stick to it.

Windows users are more than welcome. Because there is no BGP implementation for Windows, Windows users can't "natively" be routers, they can get a static IP (or a whole subnet) however. We have a coLinux [sf.net] image that can get you up and running if you really wanted to be a router.

Lastly, we are willing to help you learn. I can't express that enough. If you want to learn about networking or any other aspect of the network, we are all willing to help if you are genuinely interested. If you just want to setup a node and be a part of the network, that is fine also.

Anyway, hope this post tickled the imaginations of at least a few people. If you decide to connect, use a pseudonym that you have never used anywhere else.

Re:Psiphon looks good... (1)

alexandre (53) | more than 7 years ago | (#17322590)

Thanks for this information, i added anoNet to my list :)

For the record, everything i listed _is_ FOSS...

But, uhm, while being an interesting project i don't understand how anoNet differs from standard VPN + routing between friends?
What advantages would this have over I2P which adds pseudonym's for examples...
Or FreeNet with anonymous storage?
Or Waste which does the same as what i understand from anoNet but in a simpler way with added search capacity?
Or OpenSwan with opportunistic encryption?

I probably missed the point :-)
Anyway, cheers and long live all the darknets! ;-)

Re:Psiphon looks good... (1)

r_naked (150044) | more than 7 years ago | (#17325590)

Sorry for the confusion concerning our use of FOSS. I didn't mean to imply that the other networks that you mentioned weren't FOSS software. What I was trying to get across was that we use standard FOSS tools as opposed to writing something custom.

Now to address your points:

But, uhm, while being an interesting project i don't understand how anoNet differs from standard VPN + routing between friends?


You are correct, there isn't much different other than the fact that you don't need to be invited to join anoNet. We have a public page and an open client port. Some people are worried that the machine running the client port could log all the IPs that connect to it. To that I have to say they are correct, but we don't. That would go against everything we stand for. The idea is that you use the client port to gain entry and when you feel comfortable peering with someone, you get off the client port and then the person running it (if they WERE logging IPs) wouldn't know who you peered with. As a side note, I could point out that anyone running a TOR server as their IP available on the TOR dir servers. Also, with I2P, the server that hold the master node list could log all the IPs.

Moving on...

What advantages would this have over I2P which adds pseudonym's for examples...


I2P has the advantage of being a plug and play solution. But with that you lose the ability to optimize the network. Also, it isn't an IP network, so you can't run any application unmodified. With anoNet, once you are in and have a subnet you can run any TCP or UDP application just as if you were on the Internet. You get a 1/8 IP (or /24 subnet) to host whatever services you like.

Or FreeNet with anonymous storage?


With Freenet .7 ALL you get is anonymous storage. Inside anoNet we have open ftp servers, and are looking into some of the distributed file systems out there.

Or Waste which does the same as what i understand from anoNet but in a simpler way with added search capacity?


Waste is a simple encrypted file sharing system and again requires you to build your list of "friends". As for searching, anoNet has a normal spidering search engine and a specialized search engine for searching files.

Or OpenSwan with opportunistic encryption?


Most of the people on anoNet use OpenVPN because of its ease of use and the fact that it uses TLS (AES-256). There is nothing to stop you from using OpenSwan (ipsec) to connect to another node if that other node was willing to use ipsec for the tunnel instead of OpenVPN. We do have some Cisco routers that are connected with ipsec.

I probably missed the point :-)
Anyway, cheers and long live all the darknets! ;-)


I wouldn't say you missed the point entirely, but there is a LOT more to anoNet than just anonymous file sharing. Also, we wouldn't consider ourselves a "darknet", more of a "greynet". I like the term greynet since we are open to new people without them having to be invited.

Hope that helped.

Well, I'm dissapointed... (1)

d3ac0n (715594) | more than 7 years ago | (#17316450)

For a minute I though we were going to get a neat technical article on how they remove those "pixillated" areas on Hentai and Japanese Pr0n. What a letdown...

The funniest assumption (2, Interesting)

piotru (124109) | more than 7 years ago | (#17321840)

The funniest assumption is that: what we access with (for example) Google is not censored (or at least not manipulated) within the "Free World" countries.
One way of manipulating is analogue to chemical "competitive inhibition" - the inhibitor is present in concentration high enough, that virtually any access of the substrate to enzyme's catalytic center becomes impossible.
In real life this may be achieved by saturating the attention with propaganda.
For example: I have tried to find the site of organizers of "Review of the Holocaust: Global Vision" conference to see firsthand what the controversy was all about.
My keywords on Google hit the target ideally - all links to articles condemning the conference, all of then permutating the same ideas, not a single link to source.
(BTW, the actual site is http://www.ipis.ir/English/meetings_roundtables_co nferences.htm# [www.ipis.ir] )
I had to reach the site manually, step-by-step from the Iranian Government's webpage.
I have serious trouble believing this was coincidence.
Think of it, "free" citizens before giving a go to a new war. Think...
How many times per day we rely on Google?
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>