Telex: a new tool to crush censorship?

In recent weeks there’s been a big buzz about a new anti-web censorship system called Telex developed mainly by a team of scientists from the University of Michigan.

Unlike proxies and VPNs which are easily blocked by censors, Telex buries the anti-censorship machinery into the web itself (ISPs in the Internet unblocked world would need to install Telex systems). The team says it will be “easy to distribute and very difficult to detect and block.”

For those of us living in China, Telex seems like a dream come true.

We contacted Eric Wustrow at the University of Michigan to ask him how it works and when we could start using it.

UNCUT: Say I’m in Beijing, how would I go about using Telex to access blocked content?

Eric: Someone that wants to use Telex would first have to get the Telex-client software available on our website. They could use an existing intermittent proxy, or get a copy from a trusted friend. They would then install the software on their own computer, and use it as an HTTP proxy for their browser. We have instructions on how to install and use the software on our website.

We want to remind people that our software is only a prototype demonstration, and shouldn’t be used by users that may face punishment for subverting their government’s censors.

[At the time of writing this post, China had not blocked the Telex website.]

UNCUT: Do you have a diagram to show how it would work in practice?

Eric:

UNCUT: What are the main obstacles to making Telex a) work and b) widely available?’

Eric: One of the biggest obstacles is getting ISPs to deploy Telex. We have to determine what incentives would be needed to have Telex installed at the right locations. Combined with this, we must consider which ISPs or locations would be best for giving Telex wide availability.

UNCUT: Say it does become widely available. What could China do block it?

Our demonstration prototype could be easily blocked by banning access to notblocked.telex.cc. For a real deployment however, it would be substantially more difficult for China or any censor to block without overblocking legitimate websites.

UNCUT: Feasibly, when could this be available?

Eric: As we’ve said, the demonstration prototype is currently available for researchers. We are in the process of contacting ISPs that might be interested in deploying Telex as an experiment, but currently don’t have any time estimates on when it will be ready for public use.

Australian internet providers employ censors

Australian service providers, including Telstra and Optus, will voluntarily block websites deemed by the government as showing and disseminating child pornography. Those who attempt to access the blacklisted sites will be redirected to the site of the International Criminal Police Organisation. Wikileaks revealed that on the blacklist are some gay and straight porn sites, fringe religious groups, and Wikipedia sites.

US will prosecute Brits who pirate US-based media

The US’s Immigration and Customs Enforcement agency (ICE) is shutting down websites based abroad that break US copyrights and and prosecuting their owners. Even if the server is not based in the US, so long as the website’s address ends in .com or .net, it can be closed down or targeted for prosecution because their connections run through Verisign, a company based in Virginia. British student, Richard O’Dwyer, ran the website TVShack, which gave links to other sites that offered pirated downloads. He now faces extradition to and prosecution in the US.

Ahead of Party anniversary, China poisons the internet

Today, 1 July, is the Communist Party’s 90th birthday. In celebration, Chinese web censors have been working feverishly to tighten their control of the internet.

Those of us who try to sidestep the Great Firewall with a VPN, a service that allows users to bypass regional filters by taking the connection to a different location – best described as a “tunnel” that allows access to the unfettered web – have been noticing that many services are increasingly unreachable.

My VPN service went AWOL on 28 June.

VPN companies say that China is using a new tactic – DNS poisoning – a more insidious method that requires VPN customers to re-download and reinstall software if they want to continue their access.

From my VPN service provider (name withheld):

“For the upcoming 90-year anniversary of the Communist Party of China (CPC) China has chosen a different approach: DNS-poisoning. This means that any VPN server or website that ends with “NAME OF VPN PROVIDER.COM” will be unreachable from China. The only way to solve this is by changing our domain name.”

Index on Censorship asked BestVPN, a VPN review website, to explain how DNS poisoning works and what lies in store for the cat and mouse game between Chinese web censors and VPN service providers. The webmaster who replied to these questions asked not to be named.

What is DNS poisoning?

Great Firewall (GFW) authorities have taken another rather ‘cheap’ measure to block the filtered sites i.e. DNS poisoning.

DNS is a system which translates your normal website addresses like youtube.com, facebook.com into numerical figures to send it to particular address in order to retrieve the information.

For example, as we cannot remember IP addresses like 12.32.12.43, therefore, we are normally given domain names like youtube.com to remember easily.

When we type a particular domain name in our address bar DNS translates it into an IP address and sends your request to a particular address to retrieve the information.

Now what the GFW authorities have done is that they have poisoned DNS, and the request you send by typing a particular URL (blocked URL) in your address bar, returns with fake or malicious content.

GFW authorities are doing this by ordering their ISPs [internet service providers] to take part in this and block/poison what is prohibited by them.

What do you recommend web users do in China if they find their VPN broken‘?

Well, there is nothing much visitors can do in China if their VPN service domain has been poisoned.

The only choice in my knowledge is for the VPN service provider to change their domain name.

In the past, several VPN service providers’ domain names were blocked in China by blocking their server IP addresses.

The providers changed their IP addresses and China again blocked it, and it went on until the GFW of China came up with DNS poisoning.

It is obviously not that easy [to change a domain name] as it has taken them years to build a website and a brand around one domain name.

If a VPN provider’s domain has been poisoned, you may face huge disruptions in services, until the domain name has been changed or de-poisoned.

Are there many more tools that China can use to cripple VPN?

Yes, China can do more and more, and up till now it has truly been a cat and mouse game.

We have seen China blocking VPN services and several other websites and we have seen VPN services breaking the GFW.

There are just as many ways to cripple VPN services in China, as there are to cripple the GFW.

There is nothing on the internet that cannot be decoded.

The one who suffers is the VPN user in China.