Search This Blog

Wednesday, May 20, 2020

Cypherpunk

From Wikipedia, the free encyclopedia

A cypherpunk is any activist advocating widespread use of strong cryptography and privacy-enhancing technologies as a route to social and political change. Originally communicating through the Cypherpunks electronic mailing list, informal groups aimed to achieve privacy and security through proactive use of cryptography. Cypherpunks have been engaged in an active movement since the late 1980s.

History

Before the mailing list

Until about the 1970s, cryptography was mainly practiced in secret by military or spy agencies. However, that changed when two publications brought it out of the closet into public awareness: the US government publication of the Data Encryption Standard (DES), a block cipher which became very widely used; and the first publicly available work on public-key cryptography, by Whitfield Diffie and Martin Hellman.

The technical roots of Cypherpunk ideas have been traced back to work by cryptographer David Chaum on topics such as anonymous digital cash and pseudonymous reputation systems, described in his paper "Security without Identification: Transaction Systems to Make Big Brother Obsolete" (1985).

In the late 1980s, these ideas coalesced into something like a movement.

Origin of the term, and the Cypherpunks mailing list

In late 1992, Eric Hughes, Timothy C. May and John Gilmore founded a small group that met monthly at Gilmore's company Cygnus Solutions in the San Francisco Bay Area, and was humorously termed cypherpunks by Jude Milhon at one of the first meetings - derived from cipher and cyberpunk. In November 2006, the word was added to the Oxford English Dictionary.

The Cypherpunks mailing list was started in 1992, and by 1994 had 700 subscribers. At its peak, it was a very active forum with technical discussion ranging over mathematics, cryptography, computer science, political and philosophical discussion, personal arguments and attacks, etc., with some spam thrown in. An email from John Gilmore reports an average of 30 messages a day from December 1, 1996 to March 1, 1999, and suggests that the number was probably higher earlier. The number of subscribers is estimated to have reached 2000 in the year 1997.

In early 1997, Jim Choate and Igor Chudov set up the Cypherpunks Distributed Remailer, a network of independent mailing list nodes intended to eliminate the single point of failure inherent in a centralized list architecture. At its peak, the Cypherpunks Distributed Remailer included at least seven nodes. By mid-2005, al-qaeda.net ran the only remaining node. In mid 2013, following a brief outage, the al-qaeda.net node's list software was changed from Majordomo to GNU Mailman and subsequently the node was renamed to cpunks.org. The CDR architecture is now defunct, though the list administrator stated in 2013 that he was exploring a way to integrate this functionality with the new mailing list software.

For a time, the cypherpunks mailing list was a popular tool with mailbombers, who would subscribe a victim to the mailing list in order to cause a deluge of messages to be sent to him or her. (This was usually done as a prank, in contrast to the style of terrorist referred to as a mailbomber.) This precipitated the mailing list sysop(s) to institute a reply-to-subscribe system. Approximately two hundred messages a day was typical for the mailing list, divided between personal arguments and attacks, political discussion, technical discussion, and early spam.

The cypherpunks mailing list had extensive discussions of the public policy issues related to cryptography and on the politics and philosophy of concepts such as anonymity, pseudonyms, reputation, and privacy. These discussions continue both on the remaining node and elsewhere as the list has become increasingly moribund. 

Events such as the GURPS Cyberpunk raid lent weight to the idea that private individuals needed to take steps to protect their privacy. In its heyday, the list discussed public policy issues related to cryptography, as well as more practical nuts-and-bolts mathematical, computational, technological, and cryptographic matters. The list had a range of viewpoints and there was probably no completely unanimous agreement on anything. The general attitude, though, definitely put personal privacy and personal liberty above all other considerations.

Early discussion of online privacy

The list was discussing questions about privacy, government monitoring, corporate control of information, and related issues in the early 1990s that did not become major topics for broader discussion until ten years or so later. Some list participants were more radical on these issues than almost anyone else. 

Those wishing to understand the context of the list might refer to the history of cryptography; in the early 1990s, the US government considered cryptography software a munition for export purposes. (PGP source code was published as a paper book to bypass these regulations and demonstrate their futility.) In 1992, a deal between NSA and SPA allowed export of cryptography based on 40-bit RC2 and RC4 which was considered relatively weak (and especially after SSL was created, there was many contests to break it). The US government had also tried to subvert cryptography through schemes such as Skipjack and key escrow. It was also not widely known that all communications were logged by government agencies (which would later be revealed during the NSA and AT&T scandals) though this was taken as an obvious axiom by list members.

The original cypherpunk mailing list, and the first list spin-off, coderpunks, were originally hosted on John Gilmore's toad.com, but after a falling out with the sysop over moderation, the list was migrated to several cross-linked mail-servers in what was called the "distributed mailing list." The coderpunks list, open by invitation only, existed for a time. Coderpunks took up more technical matters and had less discussion of public policy implications. There are several lists today that can trace their lineage directly to the original Cypherpunks list: the cryptography list (cryptography@metzdowd.com), the financial cryptography list (fc-announce@ifca.ai), and a small group of closed (invitation-only) lists as well. 

Toad.com continued to run with the existing subscriber list, those that didn't unsubscribe, and was mirrored on the new distributed mailing list, but messages from the distributed list didn't appear on toad.com. As the list faded in popularity, so too did it fade in the number of cross-linked subscription nodes. 

To some extent, the cryptography list acts as a successor to cypherpunks; it has many of the people and continues some of the same discussions. However, it is a moderated list, considerably less zany and somewhat more technical. A number of current systems in use trace to the mailing list, including Pretty Good Privacy, /dev/random in the Linux kernel (the actual code has been completely reimplemented several times since then) and today's anonymous remailers.

Main principles

The basic ideas can be found in A Cypherpunk's Manifesto (Eric Hughes, 1993): "Privacy is necessary for an open society in the electronic age. ... We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy ... We must defend our own privacy if we expect to have any. ... Cypherpunks write code. We know that someone has to write software to defend privacy, and ... we're going to write it."

Some are or were quite senior people at major hi-tech companies and others are well-known researchers.

The first mass media discussion of cypherpunks was in a 1993 Wired article by Steven Levy titled Crypto Rebels:
The people in this room hope for a world where an individual's informational footprints -- everything from an opinion on abortion to the medical record of an actual abortion -- can be traced only if the individual involved chooses to reveal them; a world where coherent messages shoot around the globe by network and microwave, but intruders and feds trying to pluck them out of the vapor find only gibberish; a world where the tools of prying are transformed into the instruments of privacy. There is only one way this vision will materialize, and that is by widespread use of cryptography. Is this technologically possible? Definitely. The obstacles are political -- some of the most powerful forces in government are devoted to the control of these tools. In short, there is a war going on between those who would liberate crypto and those who would suppress it. The seemingly innocuous bunch strewn around this conference room represents the vanguard of the pro-crypto forces. Though the battleground seems remote, the stakes are not: The outcome of this struggle may determine the amount of freedom our society will grant us in the 21st century. To the Cypherpunks, freedom is an issue worth some risk.
The three masked men on the cover of that edition of Wired were prominent cypherpunks Tim May, Eric Hughes and John Gilmore.

Later, Levy wrote a book, Crypto: How the Code Rebels Beat the Government – Saving Privacy in the Digital Age, covering the crypto wars of the 1990s in detail. "Code Rebels" in the title is almost synonymous with cypherpunks.

The term cypherpunk is mildly ambiguous. In most contexts it means anyone advocating cryptography as a tool for social change, social impact and expression. However, it can also be used to mean a participant in the Cypherpunks electronic mailing list described below. The two meanings obviously overlap, but they are by no means synonymous.

Documents exemplifying cypherpunk ideas include Timothy C. May's The Crypto Anarchist Manifesto (1992) and The Cyphernomicon (1994), A Cypherpunk's Manifesto.

Privacy of communications

A very basic cypherpunk issue is privacy in communications and data retention. John Gilmore said he wanted "a guarantee -- with physics and mathematics, not with laws -- that we can give ourselves real privacy of personal communications."

Such guarantees require strong cryptography, so cypherpunks are fundamentally opposed to government policies attempting to control the usage or export of cryptography, which remained an issue throughout the late 1990s. The Cypherpunk Manifesto stated "Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act."

This was a central issue for many cypherpunks. Most were passionately opposed to various government attempts to limit cryptography — export laws, promotion of limited key length ciphers, and especially escrowed encryption.

Anonymity and pseudonyms

The questions of anonymity, pseudonymity and reputation were also extensively discussed. 

Arguably, the possibility of anonymous speech and publication is vital for an open society and genuine freedom of speech — this is the position of most cypherpunks. That the Federalist Papers were originally published under a pseudonym is a commonly-cited example.

Censorship and monitoring

In general, cypherpunks opposed the censorship and monitoring from government and police. 

In particular, the US government's Clipper chip scheme for escrowed encryption of telephone conversations (encryption supposedly secure against most attackers, but breakable by government) was seen as anathema by many on the list. This was an issue that provoked strong opposition and brought many new recruits to the cypherpunk ranks. List participant Matt Blaze found a serious flaw in the scheme, helping to hasten its demise.

Steven Schear first suggested the warrant canary in 2002 to thwart the secrecy provisions of court orders and national security letters. As of 2013, warrant canaries are gaining commercial acceptance.

Hiding the act of hiding

An important set of discussions concerns the use of cryptography in the presence of oppressive authorities. As a result, Cypherpunks have discussed and improved steganographic methods that hide the use of crypto itself, or that allow interrogators to believe that they have forcibly extracted hidden information from a subject. For instance, Rubberhose was a tool that partitioned and intermixed secret data on a drive with fake secret data, each of which accessed via a different password. Interrogators, having extracted a password, are led to believe that they have indeed unlocked the desired secrets, whereas in reality the actual data is still hidden. In other words, even its presence is hidden. Likewise, cypherpunks have also discussed under what conditions encryption may be used without being noticed by network monitoring systems installed by oppressive regimes.

Activities

As the Manifesto says, "Cypherpunks write code"; the notion that good ideas need to be implemented, not just discussed, is very much part of the culture of the mailing list. John Gilmore, whose site hosted the original cypherpunks mailing list, wrote: "We are literally in a race between our ability to build and deploy technology, and their ability to build and deploy laws and treaties. Neither side is likely to back down or wise up until it has definitively lost the race."

Software projects

Anonymous remailers such as the Mixmaster Remailer were almost entirely a cypherpunk development. Among the other projects they have been involved in were PGP for email privacy, FreeS/WAN for opportunistic encryption of the whole net, Off-the-record messaging for privacy in Internet chat, and the Tor project for anonymous web surfing.

Hardware

In 1998, the Electronic Frontier Foundation, with assistance from the mailing list, built a $200,000 machine that could brute-force a Data Encryption Standard key in a few days. The project demonstrated that DES was, without question, insecure and obsolete, in sharp contrast to the US government's recommendation of the algorithm.

Expert panels

Cypherpunks also participated, along with other experts, in several reports on cryptographic matters.
One such paper was "Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security". It suggested 75 bits was the minimum key size to allow an existing cipher to be considered secure and kept in service. At the time, the Data Encryption Standard with 56-bit keys was still a US government standard, mandatory for some applications.

Other papers were critical analysis of government schemes. "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption", evaluated escrowed encryption proposals. Comments on the Carnivore System Technical Review. looked at an FBI scheme for monitoring email.

Cypherpunks provided significant input to the 1996 National Research Council report on encryption policy, Cryptography's Role In Securing the Information Society (CRISIS). This report, commissioned by the U.S. Congress in 1993, was developed via extensive hearings across the nation from all interested stakeholders, by a committee of talented people. It recommended a gradual relaxation of the existing U.S. government restrictions on encryption. Like many such study reports, its conclusions were largely ignored by policy-makers. Later events such as the final rulings in the cypherpunks lawsuits forced a more complete relaxation of the unconstitutional controls on encryption software.

Lawsuits

Cypherpunks have filed a number of lawsuits, mostly suits against the US government alleging that some government action is unconstitutional.

Phil Karn sued the State Department in 1994 over cryptography export controls after they ruled that, while the book Applied Cryptography could legally be exported, a floppy disk containing a verbatim copy of code printed in the book was legally a munition and required an export permit, which they refused to grant. Karn also appeared before both House and Senate committees looking at cryptography issues. 

Daniel J. Bernstein, supported by the EFF, also sued over the export restrictions, arguing that preventing publication of cryptographic source code is an unconstitutional restriction on freedom of speech. He won, effectively overturning the export law. See Bernstein v. United States for details.

Peter Junger also sued on similar grounds, and won. 

John Gilmore has sued US Attorneys General Ashcroft and Gonzales, arguing that the requirement to present identification documents before boarding a plane is unconstitutional. These suits have not been successful to date.

Civil disobedience

Cypherpunks encouraged civil disobedience, in particular US law on the export of cryptography. Until 1997, cryptographic code was legally a munition and fall until ITAR, and the key length restrictions in the EAR was not removed until 2000.

In 1995 Adam Back wrote a version of the RSA algorithm for public-key cryptography in three lines of Perl and suggested people use it as an email signature file: 

#!/bin/perl -sp0777i
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)

Vince Cate put up a web page that invited anyone to become an international arms trafficker; every time someone clicked on the form, an export-restricted item — originally PGP, later a copy of Back's program — would be mailed from a US server to one in Anguilla. This gained overwhelming attention. There was an option to add your name to a list of such traffickers.

Cypherpunk fiction

In Neal Stephenson's novel Cryptonomicon many characters are on the "Secret Admirers" mailing list. This is fairly obviously based on the cypherpunks list, and several well-known cypherpunks are mentioned in the acknowledgements. Much of the plot revolves around cypherpunk ideas; the leading characters are building a data haven which will allow anonymous financial transactions, and the book is full of cryptography. But, according to the author the book's title is — in spite of its similarity — not based on the Cyphernomicon, an online cypherpunk FAQ document.

Legacy

Cypherpunk achievements would later also be used on the Canadian e-wallet, the MintChip, and the creation of bitcoin. It was an inspiration for CryptoParty decades later to such an extent that the Cypherpunk Manifesto is quoted at the header of its Wiki, and Eric Hughes delivered the keynote address at the Amsterdam CryptoParty on 27 August 2012.

Notable cypherpunks

John Gilmore is one of the founders of the Cypherpunks mailing list, the Electronic Frontier Foundation, and Cygnus Solutions. He created the alt.* hierarchy in Usenet and is a major contributor to the GNU Project.
 
Julian Assange, a well-known cypherpunk who advocates for the use of cryptography to ensure privacy on the Internet
 
Cypherpunks list participants included many notable computer industry figures. Most were list regulars, although not all would call themselves "cypherpunks". The following is a list of noteworthy cypherpunks and their achievements:
* indicates someone mentioned in the acknowledgements of Stephenson's Cryptonomicon.

Crypto-anarchism

From Wikipedia, the free encyclopedia
 
Symbol used by Crypt-anarchists
 
Crypto-anarchism (or crypto-anarchy) is a form of anarchy accomplished through computer technology. Crypto-anarchists employ cryptographic software for confidentiality and security while sending and receiving information over computer networks, in an effort to protect their privacy, their political freedom, and their economic freedom.

By using cryptographic software, the association between the identity of a certain user or organization and the pseudonym they use is made difficult to find, unless the user reveals the association. It is difficult to say which country's laws will be ignored, as even the location of a certain participant is unknown. However, participants may in theory voluntarily create new laws using smart contracts or, if the user is pseudonymous, depend on online reputation.

Origin

In his 1988 "Crypto Anarchist Manifesto", Timothy C. May introduced the basic principles of crypto-anarchism, encrypted exchanges ensuring total anonymity, total freedom of speech, and total freedom to trade – with foreseeable hostility coming from States.

Terminology

"Crypto-" comes from the Ancient Greek κρυπτός kruptós, meaning "hidden" or "secret". Crypto-anarchism refers to anarchist politics founded on cryptographic methods, as well as a form of anarchism that operates in secret.

Motives

One motive of crypto-anarchists is to defend against surveillance of computer networks communication. Crypto-anarchists try to protect against government mass surveillance, such as PRISM, Tempora, telecommunications data retention, the NSA warrantless surveillance controversy, Room 641A, the FRA and so on. Crypto-anarchists consider the development and use of cryptography to be the main defense against such problems, as opposed to political action.

A second concern is evasion of censorship, particularly Internet censorship, on the grounds of freedom of expression. The programs used by crypto-anarchists often make it possible to both publish and read information off the internet or other computer networks anonymously. For example, Tor, I2P, Freenet and many similar networks allow for anonymous "hidden" webpages accessible only by users of these programs, while projects like Bitmessage allow for anonymous messaging system intended to be a substitute for email. This helps whistleblowers and political opposition in oppressive nations to spread their information. 

A third reason is to build and participate in counter economics, which includes development of viable alternatives to banking systems, and development of alternative financial systems which provide the user with options for greater privacy or anonymity. Cryptocurrencies such as Bitcoin and services like Silk Road and Black Market Reloaded made it possible to trade goods and services with little interference from the law. These are examples of centralized, and thus vulnerable, marketplaces, or tools. Similarly, web wallets employed by Bitcoin users are also centralized and vulnerable. Decentralized and distributed marketplaces and currency exchanges are more difficult to target by law enforcement agencies and may provide more security to its end-users. A decentralized and distributed marketplace in development is OpenBazaar.

The technical challenge in developing and maintaining these cryptographic systems is tremendous, which causes some programmers to be interested in joining such projects.

Cryptography and law

Crypto-anarchists argue that without encryption abilities, messages, personal information, and private life would be seriously damaged. They argue that a ban on cryptography is equal to the eradication of secrecy of correspondence. They argue that only a draconian police-state would criminalize cryptography. It is already illegal to use it in some countries, and export laws are restrictive in others. Citizens in the United Kingdom must, upon request, give keys for decryption of personal systems to authorities. Failing to do this can result in imprisonment for up to two years, without evidence of other criminal activity.

This legislative key-surrender tactic can be circumvented using automatic rekeying of secure channels through rapid generation of new, unrelated public and private keys at short intervals. Following rekeying, the old keys can be deleted, rendering previously used keys inaccessible to the end-user, and thus removing the user's ability to disclose the old key, even if they are willing to do so. Technologies enabling this sort of rapidly rekeyed encryption include public-key cryptography, hardware PRNGs, perfect forward secrecy, and opportunistic encryption. Many apps commonly in use today on mobile devices around the world employ such encryption. The only ways to stop this sort of cryptography is to ban it completely (any such ban would be unenforceable for any government that is not totalitarian, as it would result in massive invasions of privacy, such as blanket permission for physical searches of all computers at random intervals), or otherwise raise barriers to its practical use (be they technological or legal). Such barriers represent a difficulty and risk to the users of such cryptographic technology which would limit and potentially prevent its widespread adoption. Generally, it is the threat of prosecution which limits the use and proliferation of a technology more so than the ease-of-use of a technology in and of itself. 

Crypto-anarchism is an ideology that seeks to create and deploy information infrastructure that, by design, is unable to comply with authoritarian requests to break the participating individuals' secrecy of correspondence.

Plausible deniability

Crypto-anarchism relies heavily on plausible deniability to avoid censorship. Crypto-anarchists create this deniability by sending encrypted messages to interlinked proxies in computer networks. A payload of routing information is bundled with the message; the message is encrypted with each one of the proxies', and the receiver's, public keys. Each node can only decrypt its own part of the message, and only obtain the information intended for itself. That is, from which node it got the message, and to which node it should deliver the message. With only access to this information, it is thought to be very difficult for nodes in the network to know what information they are carrying or who is communicating with whom. Peers can protect their identities from each other's by using rendevouz onions or similar, digital signatures, etc. Who originally sent the information and who is the intended receiver is considered infeasible to detect, unless the peers themselves collaborate to reveal this information. See mix networks, onion routing and anonymous P2P for more information. 

Anonymizing communication protocols makes it difficult to know who is connected to any particular service or pseudonym. It is difficult to stop any potential criminal activity in the network without enforcing a ban on strong cryptography.

Deniable encryption and anonymizing networks can be used to avoid being detected while sharing illegal or sensitive information that users are too afraid to share without any protection of their identity. The information being shared could be anything from anti-state propaganda, whistleblowing, organization of narcotics distribution, illegal pornographic content, distribution of reports from political dissidents, anonymous monetary transactions, etc.

Anonymous trading

Untraceable, privately issued electronic money and anonymous Internet banking exists in these networks. In the past, this was handled only by centralized organizations. Digital Monetary Trust and Yodelbank were examples of two such anonymous banks that were later put offline by their creators. Ukash is an e-money network. Cash in amounts up to £500/€750 can be swapped for a 19-digit Ukash voucher in payment terminals and retail outlets.

Bitcoin is a currency generated and secured by peer-to-peer networked devices that maintain a communal record of all transactions within the system that can be used in a crypto-anarchic context. The idea behind bitcoin can be traced to The Crypto Anarchist Manifesto. There exist a large number of altcoins, some of which have opaque ledgers such that transactions between peers can be untraceable. Some altcoin currencies also act as decentralized autonomous organizations, or act as platforms for enabling such organizations.

Silk Road was the first anonymous crypto-market. It operated using the Tor network and all transactions used bitcoin. It was shut down by the FBI in 2013. Silkroad was quickly replaced by other cryptomarkets and today there are several competing markets operating in parallel.

OpenBazaar is an open source project developing a protocol for e-commerce transactions in a fully decentralized marketplace. It uses the cryptocurrency bitcoin and was inspired by a hackathon project called DarkMarket

Anonymous trading is easier to achieve for information services that can be provided over the Internet. Providing physical products is more difficult as the anonymity is more easily broken when crossing into the physical world: The vendor needs to know where to send the physical goods. Untraceable money makes it possible to ignore some of the laws of the physical world, as the laws cannot be enforced without knowing people's physical identities. For instance, tax on income for online services provided via the crypto-anarchists networks can be avoided if no government knows the identity of the service provider.

Assassination Market is a Tor-based market operated by a self-described crypto-anarchist going by the pseudonym Kuwabatake Sanjuro.

In The Cyphernomicon, Timothy C. May suggests that crypto-anarchism qualifies as a form of anarcho-capitalism:
What emerges from this is unclear, but I think it will be a form of anarcho-capitalist market system I call "crypto-anarchy."
Another quote in the cyphernomicon defines crypto-anarchism. Under the title "What is Crypto Anarchy?", May writes:
Some of us believe various forms of strong cryptography will cause the power of the state to decline, perhaps even collapse fairly abruptly. We believe the expansion into cyberspace, with secure communications, digital money, anonymity and pseudonymity, and other crypto-mediated interactions, will profoundly change the nature of economies and social interactions. Governments will have a hard time collecting taxes, regulating the behavior of individuals and corporations (small ones at least), and generally coercing folks when it can't even tell what _continent_ folks are on!

Internet censorship circumvention

From Wikipedia, the free encyclopedia
 
Internet censorship circumvention is the use of various methods and tools to bypass internet censorship.

Various techniques and methods are used to bypass Internet censorship, and have differing ease of use, speed, security, and risks. Some methods, such the use of alternate DNS servers, evade blocking by using an alternate address or address lookup system to access the site. Techniques using website mirrors or archive sites rely on other copies of the site being available at different locations. Additionally, there are solutions that rely on gaining access to an Internet connection that is not subject to filtering, often in a different jurisdiction not subject to the same censorship laws, using technologies such as proxying, Virtual Private Networks, or anonymization networks.

An arms race has developed between censors and developers of circumvention software, resulting in more sophisticated blocking techniques by censors and the development of harder-to-detect tools by researchers. Estimates of adoption of circumvention tools vary substantially and are disputed. Barriers to adoption can include usability issues, difficulty finding reliable and trustworthy information about circumvention, lack of desire to access censored content, and risks from breaking the law.

Circumvention methods

There are many methods available that may allow the circumvention of Internet filtering, which can widely vary in terms of implementation difficulty, effectiveness, and resistance to detection.

Alternate names and addresses

Filters may block specific domain names, either using DNS hijacking or URL filtering. Sites are sometimes accessible through alternate names and addresses that may not be blocked.

Some websites may offer the same content at multiple pages or domain names. For example, the English Wikipedia is available at https://en.wikipedia.org/, and there is also a mobile-formatted version at https://en.m.wikipedia.org/

If DNS resolution is disrupted but the site is not blocked in other ways, it may be possible to access a site directly through its IP address or modifying the host file. Using alternative DNS servers, or public recursive name servers (especially when used through an encrypted DNS client), may bypass DNS-based blocking.

Censors may block specific IP addresses. Depending on how the filtering is implemented, it may be possible to use different forms of the IP address, such as by specifing the address in a different base. For example, the following URLs all access the same site, although not all browsers will recognize all forms: http://208.80.152.2 (dotted decimal), http://3494942722 (decimal), http://0320.0120.0230.02 (dotted octal), http://0xd0509802 (hexadecimal), and http://0xd0.0x50.0x98.0x2 (dotted hexadecimal). 

Blockchain technology has made possible decentralized namespaces outside the control of a single entity. Decentralized namespaces enable censorship resistant domains. The BitDNS discussion began in 2010 with a desire to achieve names that are decentralized, secure and human readable. Blockchain domains name endings include .bit, .zil and .crypto. Like other technologies, blockchain DNS comes with its own flaws as well and the major one being that a visitor cannot simply type in an address and get a response. There are add-ons that need to be installed first on a browser for it to be able to access blockchain domains.

Mirrors, caches, and copies

Cached pages: Some search engines keep copies of previously indexed webpages, or cached pages, which are often hosted by search engines and may not be blocked. For example, Google allows the retrieval of cached pages by entering "cache:some-url" as a search request.

Mirror and archive sites: Copies of web sites or pages may be available at mirror or archive sites such as the Internet Archive's Wayback Machine or Archive.today

RSS aggregators: RSS aggregators such as Feedly may be able to receive and pass on RSS feeds that are blocked when accessed directly.

Alternative Platforms

Decentralised Hosting: Content creators may publish to an alternative platform which is willing to host ones content. Highly decentralised peer-to-peer file hosting platforms such as Freenet and RetroShare are among the most effective in contrast to centrally moderated platforms. Similarly, services which make use of BitTorrent such as ZeroNet are also resilient. YaCy also provides distributed search.

Anonymity Networks: The anonymity Tor Onion and I2P provides leads to more willingness to host content that would otherwise be censored. However the content is still hosted by a single entity which can be controlled.

Federated: Being semi-decentralised, federated platforms such as PeerTube and Matrix make it easier for users to find an instance where they are welcomed.

Providers with a different policy: Qwant indexes results Google has de-listed. However nothing by design keeps it so.

Proxying

Web proxies: Proxy websites are configured to allow users to load external web pages through the proxy server, permitting the user to load the page as if it is coming from the proxy server and not the (blocked) source. However, depending on how the proxy is configured, a censor may be able to determine the pages loaded and/or determine that the user is using a proxy server.

For example, the mobile Opera Mini browser uses a proxy-based approach employing encryption and compression in order to speed up downloads. This has the side effect of allowing it to circumvent several approaches to Internet censorship. In 2009 this led the government of China to ban all but a special Chinese versions of the browser.

Domain fronting: Circumvention software can implement a technique called domain fronting, where the destination of a connection is hidden by passing the initial requests through a content delivery network or other popular site which censors may be unwilling to block. This technique was used by messaging applications including Signal and Telegram. Tor's meek uses Microsoft's Azure cloud. However large cloud providers such as Amazon Web Services and Google Cloud no longer permit its use. Website owners can use a free account to use a Cloudflare domain for fronting.

SSH tunneling: By establishing an SSH tunnel, a user can forward all their traffic over an encrypted channel, so both outgoing requests for blocked sites and the response from those sites are hidden from the censors, for whom it appears as unreadable SSH traffic.

Virtual private network (VPN): Using a VPN, A user who experiences internet censorship can create a secure connection to a more permissive country, and browse the internet as if they were situated in that country. Some services are offered for a monthly fee; others are ad-supported. According to GlobalWebIndex, over 400 million people use virtual private networks to circumvent censorship or for increased level of privacy.

Tor: More advanced tools such as Tor route encrypted traffic through multiple servers to make the source and destination of traffic less traceable. It can in some cases be used to avoid censorship, especially when configured to use traffic obfuscation techniques.

Directions for Tor Pluggable Transports, which use traffic obfuscation techniques to increase censorship resistance.

Traffic obfuscation

A censor may be able to detect and block use of circumvention tools through Deep Packet Inspection. There are efforts to make circumvention tools less detectable by randomizing the traffic like Obfs4, attempting to mimic a whitelisted protocol such as Format Transforming Encryption, and Dust2, or tunneling traffic through a whitelisted site by using techniques including domain fronting or Meek. Tor and other circumvention tools have adopted multiple obfuscation techniques that users can use depending on the nature of their connection, which are sometimes called "Pluggable Transports." Torproject presents a list of Pluggable Transports on their site.

Sneakernets

A sneakernet is the transfer of electronic information, especially computer files, by physically carrying data on storage media from one place to another. A sneakernet can move data regardless of network restrictions simply by not using the network at all. One example of a widely adopted sneakernet network is El Paquete Semanal in Cuba.

Adoption of circumvention tools

Circumvention tools have seen spikes in adoption in response to high-profile blocking attempts, however, studies measuring adoption of circumvention tools in countries with persistent and widespread censorship report mixed results.

In response to persistent censorship

Measures and estimates of circumvention tool adoption have reported widely divergent results. A 2010 study by Harvard University researchers estimated that very few users use censorship circumvention tools—likely less than 3% of users even in countries that consistently implement widespread censorship. Other studies have reported substantially larger estimates, but have been disputed.

In China, anecdotal reports suggest that adoption of circumvention tools is particularly high in certain communities, such as universities, and a survey by Freedom House found that users generally did not find circumvention tools to be difficult to use. Market research firm GlobalWebIndex has reported that there are over 35 million Twitter users and 63 million Facebook users in China (both services are blocked). However, these estimates have been disputed; Facebook's advertising platform estimates 1 million users in China, and other reports of Twitter adoption estimate 10 million users. Other studies have pointed out that efforts block circumvention tools in China have reduced adoption of those tools; the Tor network previously had over 30,000 users connecting from China but as of 2014 had only approximately 3,000 Chinese users.

In Thailand, internet censorship has existed since 2002, and there is sporadic and inconsistent filtering. In a small-scale survey of 229 Thai internet users, a research group at the University of Washington found that 63% of surveyed users attempted to use circumvention tools, and 90% were successful in using those tools. Users often made on-the-spot decisions about use of circumvention tools based on limited or unreliable information, and had a variety of perceived threats, some more abstract and others more concrete based on personal experiences.

In response to blocking events

In response to the 2014 blocking of Twitter in Turkey, information about alternate DNS servers was widely shared, as using another DNS server such as Google Public DNS allowed users to access Twitter. The day after the block, the total number of posts made in Turkey was up 138%, according to Brandwatch, an internet measurement firm.

After an April 2018 ban on the Telegram messaging app in Iran, web searches for VPN and other circumvention software increased as much as 48x for some search terms, but there was evidence that users were downloading unsafe software. As many as a third of Iranian internet users used the Psiphon tool in the days immediately following the block, and in June 2018 as many as 3.5 million Iranian users continued to use the tool.

Anonymity, risks, and trust

Circumvention and anonymity are different. Circumvention systems are designed to bypass blocking, but they do not usually protect identities. Anonymous systems protect a user's identity. And while they can contribute to circumvention, that is not their primary function. It is important to understand that open public proxy sites do not provide anonymity and can view and record the location of computers making requests as well as the websites accessed.

In many jurisdictions accessing blocked content is a serious crime, particularly content that is considered child pornography, a threat to national security, or an incitement of violence. Thus it is important to understand the circumvention technologies and the protections they do or do not provide and to use only tools that are appropriate in a particular context. Great care must be taken to install, configure, and use circumvention tools properly. Individuals associated with high-profile rights organizations, dissident, protest, or reform groups should take extra precautions to protect their online identities.

Circumvention sites and tools should be provided and operated by trusted third parties located outside the censoring jurisdiction that do not collect identities and other personal information. Best are trusted family and friends personally known to the circumventor, but when family and friends are not available, sites and tools provided by individuals or organizations that are only known by their reputations or through the recommendations and endorsement of others may need to be used. Commercial circumvention services may provide anonymity while surfing the Internet, but could be compelled by law to make their records and users' personal information available to law enforcement.

Software

There are five general types of Internet censorship circumvention software:

CGI proxies use a script running on a web server to perform the proxying function. A CGI proxy client sends the requested url embedded within the data portion of an HTTP request to the CGI proxy server. The CGI proxy server pulls the ultimate destination information from the data embedded in the HTTP request, sends out its own HTTP request to the ultimate destination, and then returns the result to the proxy client. A CGI proxy tool's security can be trusted as far as the operator of the proxy server can be trusted. CGI proxy tools require no manual configuration of the browser or client software installation, but they do require that the user use an alternative, potentially confusing browser interface within the existing browser.

HTTP proxies send HTTP requests through an intermediate proxying server. A client connecting through an HTTP proxy sends exactly the same HTTP request to the proxy as it would send to the destination server unproxied. The HTTP proxy parses the HTTP request; sends its own HTTP request to the ultimate destination server; and then returns the response back to the proxy client. An HTTP proxy tool's security can be trusted as far as the operator of the proxy server can be trusted. HTTP proxy tools require either manual configuration of the browser or client side software that can configure the browser for the user. Once configured, an HTTP proxy tool allows the user transparently to use his normal browser interface.

Application proxies are similar to HTTP proxies, but support a wider range of online applications.

Peer-to-peer systems store content across a range of participating volunteer servers combined with technical techniques such as re-routing to reduce the amount of trust placed on volunteer servers or on social networks to establish trust relationships between server and client users. Peer-to-peer system can be trusted as far as the operators of the various servers can be trusted or to the extent that the architecture of the peer-to-peer system limits the amount of information available to any single server and the server operators can be trusted not to cooperate to combine the information they hold.
Re-routing systems send requests and responses through a series of proxying servers, encrypting the data again at each proxy, so that a given proxy knows at most either where the data came from or is going to, but not both. This decreases the amount of trust required of the individual proxy hosts.

Entropy (information theory)

From Wikipedia, the free encyclopedia https://en.wikipedia.org/wiki/Entropy_(information_theory) In info...