Tor's New Anti-Censorship Team: Defending The Open Internet

by phw | June 24, 2019

Photo by John Matychuk on Unsplash

At the non-profit organization level, the Tor Project consists of several teams. The network team works on part of the back-end: the program called tor, network simulators, onion services, etc.; the metrics team collects and publishes Tor network metrics; the applications team maintains Tor Browser and other user-facing applications; the UX team improves user experience across all projects; the community team fosters a healthy community around Tor; OONI maintains a global observation network for detecting censorship, surveillance, and traffic manipulation on the internet; the communications team gets our message out to the world; and the fundraising team rallies people to financially support our vision so we can keep Tor strong for millions around the world.

All of our teams share a common vision: for people around the world to enjoy privacy and freedom online. As censorship has increased around the world and internet freedom has declined, we realized we needed to step up our game to outpace the censors preventing people from enjoying the human right to freedom of expression and access to information on the internet.

Universal Declaration of Human Rights - Article 19 - The Tor Project

In February, we created a brand new anti-censorship team. This team consists of two software engineers with research backgrounds and a project manager, but there are many other people who contribute to the team’s work—by adding valuable code, insight into past work, infrastructure, and resources. The goal of the anti-censorship team is to understand network censorship and build technology to circumvent it so the Tor network can be accessible to everyone.

To kick things off, we've released a technical report called "Addressing Denial of Service Attacks on Free and Open Communication on the Internet." This report, part of the first project the team engaged in, provides a comprehensive overview of the state of our anti-censorship roadmap. The report outlines recent improvements and open challenges around BridgeDB, GetTor, snowflake, pluggable transports, censorship analysis, and censorship-related user experience.

Are you interested in following the anti-censorship team's work or joining the team? Then check out our wiki page. It has all details regarding our weekly IRC meeting, our public mailing list, and the software projects we maintain.

We are determined to make privacy and freedom online accessible to all, and we hope you’ll join us. If you’re unable to volunteer, your donation can help us tackle this critical challenge.

Comments

Please note that the comment area below has been archived.

Free Beer (not verified) said:

June 26, 2019

Permalink

Good work, guys.

Under 4.5 Enable Tor Browser to use other circumvention tools, my modest contribution is that video demonstration I mentioned on the mailing list re using ShadowsocksR as a proxy. ShadowsocksR, V2Ray, and Trojan would also fit under the requirements for 6.2 HTTPS proxy: “As a measure against active probing attacks, an HTTPS proxy can run a web server alongside the proxy. When the proper credentials are not presented, the web server serves innocuous content.”

Under 4.6.1, I agree that it would be really interesting to know if China and countries in the Middle East can really detect obfs4 or if a private bridge would escape censorship.

Also agree under 4.6.2 that ESNI, when combined with DNS over HTTPS, looks like it could change the whole censorship circumvention landscape.

Under 4.6.1, I agree that it would be really interesting to know if China and countries in the Middle East can really detect obfs4 or if a private bridge would escape censorship.

As of June 2019, the GFW is currently not blocking obfs4. A private obfs4 bridge lets you bootstrap a Tor connection in China.

Cryptocurrent (not verified) said:

June 27, 2019

Permalink

I wonder whether this could be worth looking into as a possible future direction for "NexTor" censorship-circumvention and reliabile-access projects?

wired.com
The Cypherpunks Tapping Bitcoin via Ham Radio
Gregory Barber
27 Jun 2019

>... If the internet goes down, how else will you access your cache?
> ...
> Bitcoin’s celestial coverage comes from Blockstream, a blockchain software company. To be clear, Blockstream isn’t launching satellites itself; it rents a small portion of the bandwidth on commercial satellites, which are mainly used for TV. The data is beamed up with enough bandwidth to ensure the blockchain stays up to date. Users can also send along messages, paid through the Lightning Network, a technology that allows small bitcoin payments. The satellites broadcast the signals back down to whoever might be listening.
> ...
> GoTenna, a startup known for making communication devices used in natural disasters, thinks it has an answer to the send-and-receive problem of satellites: radio mesh networks, which work by relaying information over short distances from person to person. The company, which mainly deals with text messages, started supporting bitcoin transactions last year, and it recently partnered with Blockstream to let people use GoTenna’s device to rebroadcast the satellite data they receive.

(I have no ties to Blockstream or GoTenna.)

Just what cryptocurrency needs, commercial gatekeepers. [/sarcasm]

As for ham radio, the network is self-policing, encryption on its frequencies is technically illegal, and allowing it is controversial among amateur radio operators.

> As for ham radio, the network is self-policing, encryption on its frequencies is technically illegal, and allowing it is controversial among amateur radio operators.

The article is actually talking about community constructed wireless mesh networks in which devices make short range transmissions, and certain satellite communications, not ham radio. The latter is indeed regulated since the early twentieth century but AFAIK none of the satellite or WiFi mesh transmissions the article mentions is illegal anywhere in the world. It is no doubt true that it would be wise to be aware of transmission power thresholds in your nation of residence, but AFAIK wireless mesh transmissions are not likely to approach those legal limits.

You make a good point about the wisdom of avoiding becoming committed to a commercial product, but I see no reason why Tor Project could not in principle work with NGO partners to develop an open source "free as in beer" community WiFi mesh project. Be bold! Dream big! After all, why should the tech entrepreneurs be allowed to claim a monopoly on such injunctions? Our dreams could be and by rights ought to be bigger and stronger than any of theirs, which are limited by the profit-hungry motivation. We should look upon the NGOs lack of any need to attempt to earn huge stock dividends for wealthy and insatiate investors as a strength, not a weakness.

Anonymous (not verified) said:

June 27, 2019

Permalink

The current regime in Russia can always be relied upon to remind us daily why we all desperately need means to evade censorship:

techdirt.com
Russian Government Demands All Foreign Press Outlets Register For The Privilege Of Delivering News To Russia
Free Speech
from the get-in-the-sea,-Putin dept
Tim Cushing
26 Jun 2019

> The Russian government sure loves its registration. If anyone wants to do anything involving the written (and/or broadcasted) word in Russia, the government wants to know who you are. That makes it easier to find you should you displease the Russian government and/or its bear-riding autocrat.

If the Russian government were the only offender, our task would no doubt be easier. But nowadays it seems that pretty much every government is attempting to censor this, that, and the other, each in its own way according to the needs of its own political/financial elite.

I seem to have lost the link, but another recent story concerned an automated takedown demand system being fielded by the government of India, which apparently is not very accurate, so that at least one US polysci graduate student who wrote about political developments in Europe, without even mentioning India at all, had his account revoked owing to a complaint from IN (which of course twitter.com and facebook.com complied with unquestioningly) that he was endangering Indian national interests with his posts/tweets.

So something to add the long list of why censorship regimes are terrible: they are not even close to being even minimally accurate even by the amoral standards of the governments which create and use them.

Another thought: if every government is censoring as much as it can, each in its own way, perhaps we should think about anti-censorship, not as connecting users in country A to "the truth", but to connecting users in country A to the propaganda punted by country anti-A. Maybe We the People have lost access to "the truth", if we ever had it, but perhaps we can at least hope to balance one nations lies against another the lies told by an "adversary nation". Perhaps if we read enough lies from mutual enemies we can attempt to triangulate "the truth"?

I hope it's not really that bad of course, but with experience I've become less and less happy with the supposedly "benign" efforts of USG funded groups such as Radio Free Europe and Radio Free Asia, which "shape" the news in ways friendly to "US national interests".

One happy thought is that the closest approximation to "the truth" is clearly internal documents from country A (or anti-A) which were intended to be read only by "the authorities". Thus, wikileaks.org and other groups which publish leaked documents may, even yet in this awful age, offer ordinary citizens a handle on what their governments are really doing in their name to harm their individual interests and those of every other ordinary citizen on this beleaguered little blue marble which humans share with so many other life forms which human creations are in the process of killing because "leaders" like MBS and DJT don't give a damn about anyone or anything other than themselves.

It's worth bearing in mind that censorship is the opposite of transparency.

Putin recently said something very revealing of the authoritarian mentality, at some "world leader" meetup. A reporter asked him what he planned to say in his planned meeting with Drump. Putin replied "none of your business".

A reliable indication that some government is authoritarian is that the head of state insists that government business is not the public's business [sic], and certainly not the business of reporters to explain to The People [sic].

Unfortunately, this attitude is not limited to the government of Russia.

Anonymous (not verified) said:

June 27, 2019

Permalink

If you guys ever feel a need to revive the spirit of resistance to all oppressors everywhere, try listening to one of Beethoven's overtures. Beethoven was consistently attracted to stories about strong women using their smarts to fight for individual or human rights, and his overtures capture the revolutionary spirit of his youth. (The story of his profound disillusionment when Napoleon crowned himself Emperor is well known. But he never gave up on People Power.)

Anonymous (not verified) said:

June 28, 2019

Permalink

Did that DoS report reveal vulnerabilities and actually contribute to the attacks on onion services in recent weeks?

masterofnone (not verified) said:

June 30, 2019

Permalink

Not up to speed yet. 1st and 2nd amendment of u.s. Constitution is under threat, is just so unbelievable.what a wake up these past 2 years have been. But...you know I don't see it outside my door. Or am I not looking for something that may be obvious to someone else. my head still wants to be back in the sand.but , know I'm way past that. Truth sucks

Over the past five years there have been many stories in venues such as zdnet.com, wired.com and arstechnica.com on the manifold insecurities of DNS (how browsers find numerical IP addresses) and BGP (how people claim to own blocks of said numerical IP addresses). The government of China (and quite a few other "rogue governments", notably the governments of RU, US, IR) appear to have cynically exploiting all of these for cyberespionage and cyberwar. MITM attacks, improperly issued but genuine PKI certificates, BGP hijacking... it's a mess.

As I understand it, there is some reason to think that if websites migrated to using onions, some of these attacks would be thwarted. That seems very desirable but of course the predatory business model of the most popular sites (such as Facebook, Twitter, Youtube, and mainstream media sites) prevents them from doing what they obviously should do, but won't... until they are forced to do it. The billionare CEOs don't yet seem to realize that they should *ask* governments to force them (and their competitors) before The People rise up and do a little enforcement of their own, which would wind up being much worse for the billionaires than the scenario in which governments step in with some visibly effective regulations making Tor mandatory.

Onion domains can be brought down by a single machine that makes Denial Of Service (DOS) attack on that domain, and there isn't any real mitigation for that. Imagine bringing down Facebook/ Twitter/ Instagram from a single machine out there... these company's wouldn't be happy! Nor their costumers.

Until at least ONION network finds a way to make it extremely difficult and expensive to lunch and keep efficient DOS attacks it can't be main stream... commercial web sites can't accept such easy attack.

Someone suggest some "proof-of-work" kind of protocol that makes machine work hard to be able to get to onion domains, so that attacks from a single machine or even from many machines can not be so easy. While I don't know if these is the right solution or not, something needs to be done to address these huge problem.

sam smith (not verified) said:

July 01, 2019

Permalink

An open internet is what all humans should be working and supporting each day! because once people forget about this important feature, then corporations and controllers take advantage of restricting people what to say or to do online and offline!

I know a great tool to keep the internet open, and that is DeepOnion.

I love TOR. I am also glad deeponion has been contributing and promoting TOR as well.
Definitely alot of people are trading their privacy in for nothing. People need to stand up to governments that push to under pin us.

Anonymous (not verified) said:

July 01, 2019

Permalink

When discussing censorship-evasion tactics, we must always bear in mind that helping prospective readers to access dissident blogs, human rights organization websites, and opposition news sites will do no good unless a sufficient proportion of bloggers, human rights researchers and reporters are able to remain at large long enough to write their essays and to report the news.

For this reason, Tor products and trainings which can help to keep bloggers, human rights workers, and reporters safer are just as necessary as technical innovations in the ongoing arms race with the censors.

See

wired.com
The One Free Press Coalition Spotlights Journalists Under Attack
1 Jul 2019

Alex (not verified) said:

July 06, 2019

Permalink

I think in our digital century we need to care about privacy. For myself i chose "privacy tools" like TOR browser and privacy crypto like Monero, Zcash, DeepOnion etc.

Anonymous (not verified) said:

July 13, 2019

Permalink

Just as one example of why the world needs Tor as a censorship circumvention tool:

Here is a story which contains video of CN police using pepper spray to assault peaceful protesters in Hong Kong:

https://www.theguardian.com/world/2019/jul/13/dont-mess-with-us-the-spi…

No doubt the mainland CN goverment would prefer that Westerners (and certainly Chinese) not be able to see such videos, but because tech tools such as Tor exist, we can. And as they say, a video is worth a thousand words. In particular, everyone can experience how the long pent-up desire for freedom is suddenly emerging among huge numbers of ordinary citizens who are fed up with repression.