Computer science researchers at the University of Michigan and the University of Waterloo in Canada have come up with a radical new approach to beating internet censorship.
While current schemes get around site blocks by routing users through outside servers called proxies, the censor sooner or later finds and blocks the proxy, too.
But the new Telex system would essentially turn the whole web into a proxy server, making it virtually impossible for a censoring government to block individual sites.
The researchers are at the proof-of-concept stage, and have created a test system in their lab. They’ve tested it with a client in Beijing who was able to stream YouTube videos even though the site is blocked there.
“This has the potential to shift the arms race regarding censorship to be in favor of free and open communication,” says J Alex Halderman, assistant professor of computer science and engineering at UM.
“The internet has the ability to catalyze change by empowering people through information and communication services. Repressive governments have responded by aggressively filtering it. If we can find ways to keep those channels open, we can give more people the ability to take part in free speech and access to information.”
Under the new system, users would need to install Telex software – maybe downloading it from an intermittently available website or borrowing a copy from a friend.
And ISPs outside the censoring nation would need to deploy equipment dubbed Telex stations.
Users wanting to visit a blacklisted site would establish a secure connection to an HTTPS website, which could be any password-protected site that isn’t blocked. This is a decoy connection.
The Telex software marks the connection as a Telex request by inserting a secret-coded tag into the page headers. The tag utilizes a cryptographic technique called public-key steganography.
“Steganography is hiding the fact that you’re sending a message at all,” says Halderman. “We’re able to hide it in the cryptographic protocol so that you can’t even tell that the message is there.”
The user’s request passes through routers at various ISPs, some of which would be Telex stations. These stations would hold a private key that lets them recognize tagged connections from Telex clients, and would divert the connections so that the user could get to any site on the internet.
Under this system, though, large segments of the internet would need to be involved through participating ISPs.
“The problem with any one company doing this, for example, is they become a target. It’s a collective action problem,” says Halderman.
“You want to do it on a wide scale that makes connecting to the internet almost an all or nothing proposition for the repressive state.”