Comments: Reports You Won't See - A Survey Of Censorware Cryptography

write it... publish it... then run. It will be exciting and we're bound to get you legal protection if you need it. Think of it as adventure tourism of a sort. (all of this is moot if you have young kids...)


Posted by joe at November 17, 2004 08:13 PM

Run where? Who is the "we" which is supposedly bound to get me legal protection? Especially given how little support I've gotten since literally day one of my censorwarware decryption work.

Posted by Seth Finkelstein at November 18, 2004 09:54 AM

Publishing rather abstract algorithms without actually naming the companies could do the trick, couldn't it? Most of them wouldn't be able to find out which algorithm in the description is theirs.

Why are the filter list decryptable at all? If I would write such a beast, I'd use cryptographic hash functions and a wide range of URL normalization functions. In this case, the only effective way to recover the list would be your own extensive URL list.

Posted by Florian Weimer at November 18, 2004 05:59 PM

Without details, it's both less interesting, and almost impossible to peer-review.

The hashing point is in fact a potential aspect of the discussion. There's aspects of some censorware internal architecture where it isn't clear if something is designed that way because there's a complex implementation trade-off, or they're just dumb. It's not like I can have a design review chat with the people working on it :-).

Posted by Seth Finkelstein at November 18, 2004 06:36 PM