systems to circumvent Internet censorship
::
possible weaknesses
A wide variety of systems, including programs by the names of *Triangle
Boy*, *Peek-A-Booty*,
*Six/Four*, and *CGIProxy*,
have been proposed for circumventing Internet censorship in countries such as China and Saudi
Arabia, with no clear winner emerging as the single best anti-censorship solution.
One reason is that there hasn't been much discussion about how well these systems would hold
up in response to various types of attacks that could be mounted by the censors. The worst thing
that could happen would be for an anti-censorship system to be widely deployed, with volunteers
all over the world running software to assist in the effort and people in China and other censored
countries using the software every day to beat censorship, when suddenly the censors find a flaw
that can undermine and block the whole system. If the censors discover a technique to detect
circumvention traffic, then not only can the system be blocked and rendered obsolete, but if
the traffic can be traced back to individual users in the censored countries, the penalties imposed
on them could be severe.
Plus, if the traffic is detectable, the censors can also trace it to the sites outside their
country which are helping defeat Internet censorship, and add those sites to a permanent blacklist.
Even if those sites later upgrade to a more secure, undetectable version of the software, they
will still be blacklisted, and it may be prohibitive for them to move to a new location to get
around the blacklist.
So, it is a high priority to think of possible attacks against a system before the system is
deployed. This page is a collection of common attacks, weaknesses, and fallacies that must be
avoided. >from *List
of possible weaknesses in systems to circumvent Internet censorship by Bennett Haselton*
related context
> response
to “List of Possible Weaknesses in Systems to Circumvent Internet Censorship"
by Paul Baranowski. november 11, 2002
> the free network project:
freedom of communication. november 5, 2002
> the hacktivismo
declaration: assertions of liberty in support of an uncensored internet. july 18, 2002
> CodeCon 2002:
p2p and cripto programming. february 21, 2002
|