January 26, 2003

Peacefire seeks volunteers to help work on anti-censorship technology

Date: Mon, 20 Jan 2003 03:26:03 -0800
From: Bennett Haselton <bennett[at-sign]peacefire.org>
Subject: volunteers to help work on anti-censorship technology

Happy New Year to everybody -- sorry it's been an unusually long time since the last Peacefire newsletter, but the good news is that there are big things coming in 2003. Peacefire has joined forces with Voice of America <http://www.ibb.gov/>, a federal agency that used to do pro-democracy radio broadcasts into communist Eastern Europe and Asia, and is currently still broadcasting into China while branching out into finding ways to defeat Internet censorship. They've contracted with us to help defeat the "Great Firewall of China", the firewalls put in place by the Chinese censors to block people in China from reading foreign Web sites that criticize the Chinese government. The technology could be extended to help people in other regions such as the Middle East where the Internet is heavily censored.

This is the kind of project that I hope many tech-savvy members will be able to help with, one way or another. Personally I think this may be one of the most important things I ever get to work on, if not the most important. To a lifelong puzzle-hobbyist, it's like a dream: working on a problem that's like a giant, open-ended puzzle that's never been completely solved, where the answer could help millions of people around the world. As for working on the problem itself, it requires some technical knowledge, but not a lot; I coach a high school math team and I've worked on some of these problems with the students in the math club. I could do that since there's nothing classified about the solutions to the problem that VOA has asked us to find, because our strategy is to assume the Chinese censors will be able to "take apart" the software and figure out how it works anyway, so we should publish all the details of how it will work, and encourage people to try and find ways to defeat the system. Only if the complete design is published and nobody can find any flaws that would enable the censors to attack it, then we go ahead with building it according to that design.

One of the first papers I put out as part of the project, was about the common pitfalls and problems with many existing "anti-censorship" systems: http://www.peacefire.org/circumventor/list-of-possible-weaknesses.html If you can follow most of the discussion on that page, you'd probably be able to help. It's less about technical knowledge, and more about looking at a given problem through new angles, so it's an ideal technical project for young people to contribute.

There are several existing anti-censorship projects out there, made by companies including SafeWeb, DynaWeb, and a self-described hacker coalition called Hacktivismo, all of which have contributed some valuable insights, but many of their designs fall prey to the attacks listed at the URL above. Also, none of the other groups working on this problem have published the details of how their proposed solutions work, so there may be other problems that haven't come to light yet. (If any of their programs ever came to represent a serious threat to the Chinese censors, the Chinese government would almost certainly "take it apart" to find out how it works and find any exploitable weaknesses, so keeping the design secret is really just delaying the inevitable. This is why our strategy is to publish the design in advance, and only proceed with it if no one is able to find a weakness in the design, even knowing all the details of how it works.)

One good question that nobody has asked me, but some people probably will, is why I would be asking people to contribute ideas for free, if VOA is paying me. I would say that even if you subtract all the hours per week that VOA has paid for at a normal programmer's salary, that still leaves a lot of hours every week that I'm working on the project, which could be considered "donated" time (not to mention all those years with Peacefire, which is how VOA heard about us in the first place :) ). In any case, it's up to each individual person whether they want to help. Besides, the most important part of the process is to have many reviewers look at the software design and try to find flaws that the censors could exploit, and that doesn't take any minimum time commitment.

As part of this project, Peacefire is probably going to move towards fewer consumer-reports-style pages about what blocking software really blocks, and more towards work on anti-censorship technology. We will still help to publicize the problems with blocking software, especially when the Supreme Court decides this year whether the "Children's Internet Protection Act" is constitutional, which requires blocking software to be installed on all computers used by children or adults, in any library that receives federal funding. But for the most part, most people who are paying any attention at all, have gotten the message that blocking software is sloppy and often politically motivated. Plus, many other research groups are now also doing studies on the problems with blocking software. On the other hand, developing secure anti-censorship technology is still something that no group has ever pulled off completely, and I think we're in a position to do it.

If you'd be interested in working on the design for an anti-censorship program, you might want to check out the URL above. Some other recommended reading on how the design has evolved so far, most of which is about pitfalls in existing systems, pitfalls that our design should avoid:

Problems with using a "distributed cloud" of circumvention points to defeat Internet censorship: http://www.peacefire.org/techpapers/distributed-cloud.html An attack that can be used to map out a peer-to-peer network of machines being used as circumventors: http://www.peacefire.org/circumventor/peer-to-peer-map-out-attack.html An attack that can be used against Anonymizer-type Web sites even if they encrypt page contents using HTTPS: http://www.peacefire.org/circumventor/fingerprinting-sites-downloaded-over-https.html

As you'll notice if you read those, all the stuff so far has my name on it. Let's do something about that :) If you'd be interested in contributing in any way, email me at bennett[at-sign]peacefire.org with some information about your background if you want (even though no background is necessary). We'll be setting up a separate mailing list to discuss the strategies for anti-censorship software, and anybody can contribute ideas for possible attacks against the anti-censorship that the censors might use -- so that we can be sure to take those into account when designing the system.

It's eerie, thinking about the political implications of something like this, the number of people it could possibly affect. This is the biggest project Peacefire has undertaken, but no individual person's contribution is too small. So contact me and check out the URLs if you're interested.

-Bennett

bennett[at-sign]peacefire.org 425 649 9024 http://www.peacefire.org

By Seth Finkelstein | posted in censorware | on January 26, 2003 11:56 PM (Infothought permalink)
Seth Finkelstein's Infothought blog (Wikipedia, Google, censorware, and an inside view of net-politics) - Syndicate site (subscribe, RSS)

Subscribe with Bloglines      Subscribe in NewsGator Online  Google Reader or Homepage