Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Anticensorship in the Internet's Infrastructure

Frank Corrigan email at
Mon Jul 18 14:34:01 PDT 2011

Telex seems an interesting system, though I am puzzled whether the
insertion of a 'secret'  "cryptographic tag into the headers" could be
detected, as the FAQ says it "looks" random, rather than is..

"To create a Telex connection, the client replaces this number with what
we call a tag — essentially, an encrypted value that looks random until
it's decrypted."

Though as it is a proof-of-concept, could it go the same way as the
'vanish' concept, which I did manage to work with, but them development
ceased. Vanish <>


----- Original message -----
From: "Yosem Companys" <companys at>
To: "Liberation Technologies" <liberationtech at>
Date: Mon, 18 Jul 2011 08:25:47 -0700
Subject: [liberationtech] Anticensorship in the Internet's

Freedom to Tinker is hosted by Princeton's Center for Information
Policy <>, a research center that studies
technologies in public life. Here you'll find comment and analysis from
digital frontier, written by the Center's faculty, students, and

Anticensorship in the Internet's Infrastructure
By J. Alex Halderman <> -
on July 18th, 2011 at 6:30 am

I'm pleased to announce a research result that Eric
, Scott Wolchok <>, Ian
, and I <> have been working on for the past 18
months: Telex <>, a new approach to circumventing
state-level Internet censorship. Telex is markedly different from past
anticensorship efforts, and we believe it has the potential to shift the
balance of power in the censorship arms race.

What makes Telex different from previous approaches:

   - Telex operates in the *network infrastructure* — at any ISP between
   censor's network and non-blocked portions of the Internet — rather
   than at
   network end points. This approach, which we call “end-to-middle”
   can make the system robust against countermeasures (such as blocking)
   by the
   - Telex focuses on *avoiding detection* by the censor. That is, it
   a user to circumvent a censor without alerting the censor to the act
   circumvention. It complements anonymizing services like
Tor<> (which
   focus on hiding *with whom*the user is attempting to communicate
   of *that* that the user is attempting to have an anonymous
   rather than replacing them.
   - Telex employs a form of *deep-packet inspection* — a technology
   sometimes used to censor communication — and repurposes it to
   - Other systems require distributing secrets, such as encryption keys
   IP addresses, to individual users. If the censor discovers these
   secrets, it
   can block the system. With Telex, there are *no secrets* that need to
   communicated to users in advance, only the publicly available client
   - Telex can provide a *state-level response* to state-level
   We envision that friendly countries would create incentives for ISPs
   deploy Telex.

For more information, keep reading, or visit the *Telex
The Problem

Government Internet censors generally use firewalls in their network to
block traffic bound for certain destinations, or containing particular
content. For Telex, we assume that the censor government desires
to allow Internet access (for economic or political reasons) while still
preventing access to specifically blacklisted content and sites. That
Telex doesn't help in cases where a government pulls the plug on the
Internet entirely. We further assume that the censor allows access to at
least some secure HTTPS websites. This is a safe assumption, since
all HTTPS traffic would cut off practically every site that uses

Many anticensorship systems work by making an encrypted connection
(called a
“tunnel”) from the user's computer to a trusted proxy server located outside
the censor's network. This server relays requests to censored websites
returns the responses to the user over the encrypted tunnel. This
leads to a cat-and-mouse game, where the censor attempts to discover and
block the proxy servers. Users need to learn the address and login
information for a proxy server somehow, and it's very difficult to
this information to a large number of users without the censor also
 How Telex Works


Telex turns this approach on its head to create what is essentially a
server without an IP address. In fact, users don't need to know any
to connect. The user installs a Telex client app (perhaps by downloading
from an intermittently available website or by making a copy from a
When the user wants to visit a blacklisted site, the client establishes
encrypted HTTPS connection to a non-blacklisted web server outside the
censor’s network, which could be a normal site that the user regularly
visits. Since the connection looks normal, the censor allows it, but
connection is only a decoy.

The client secretly marks the connection as a Telex request by inserting
cryptographic tag into the headers. We construct this tag using a
called public-key steganography. This means anyone can tag a connection
using only publicly available information, but only the Telex service
a private key) can recognize that a connection has been tagged.

As the connection travels over the Internet en route to the
site, it passes through routers at various ISPs in the core of the
We envision that some of these ISPs would deploy equipment we call Telex
stations. These devices hold a private key that lets them recognize
connections from Telex clients and decrypt these HTTPS connections. The
stations then divert the connections to anti­censorship services, such
proxy servers or Tor entry points, which clients can use to access
sites. This creates an encrypted tunnel between the Telex user and Telex
station at the ISP, redirecting connections to any site on the Internet.

Telex doesn't require active participation from the censored websites,
*or* from
the non-censored sites that serve as the apparent connection
However, it does rely on ISPs to deploy Telex stations on network paths
between the censor's network and many popular Internet destinations.
Widespread ISP deployment might require incentives from governments.
 Development so Far

At this point, Telex is a concept rather than a production system. It's
from ready for real users, but we have developed proof-of-concept
for researchers to experiment with. So far, there's only one Telex
on a mock ISP that we're operating in our lab. Nevertheless, we have
using Telex for our daily web browsing for the past four months, and
pleased with the performance and stability. We've even tested it using a
client in Beijing and streamed HD YouTube videos, in spite of YouTube
censored there.

Telex illustrates how it is possible to shift the balance of power in
censorship arms race, by thinking big about the problem. We hope our
will inspire discussion and further research about the future of
anticensorship technology.

You can find more information and prototype software at the *Telex
*, or read our technical paper <>, which will
appear at Usenix Security 2011 <> in

liberationtech mailing list
liberationtech at

Should you need to change your subscription options, please go to:

If you would like to receive a daily digest, click "yes" (once you click
above) next to "would you like to receive list mail batched in a daily

You will need the user name and password you receive from the list
moderator in monthly reminders.

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on!/Liberationtech

More information about the liberationtech mailing list