Skip to main content

Telex Software Circumvents Internet Censorship

According to the researchers, "many anticensorship systems work by making an encrypted connection (called a “tunnel”) from the user's computer to a trusted proxy server located outside the censor's network." The result is a cat-and-mouse game between the censor and proxy servers that need to be blocked to enforce censorship. There is virtually no way for users to generally know the IP address and login information of proxy servers, while the same information path is kept secret from the censoring authority.

Telex, on the other hand, creates a proxy server without an IP address. The user simply needs the Telex app to access censored websites: "When the user wants to visit a blacklisted site, the client establishes an encrypted HTTPS connection to a non-blacklisted web server outside the censor’s network, which could be a normal site that the user regularly visits. Since the connection looks normal, the censor allows it, but this connection is only a decoy."

The client request is registered as a Telex request by using a cryptographic tag in the connection headers - and only Telex is able to recognize a tagged connection. "As the connection travels over the Internet en route to the non-blacklisted site, it passes through routers at various ISPs in the core of the network." The technology would require ISPs to deploy devices that hold a private key to decipher tagged HTTPS connections from Telex clients. The stations will then direct the connections to anti­censorship services, such as proxy servers or Tor entry points, which clients can use to access blocked sites: "This creates an encrypted tunnel between the Telex user and Telex station at the ISP, redirecting connections to any site on the Internet," the researchers said.

The technology is very clever and we will learn more details about it at the upcoming Usenix Security Symposium in San Francisco. What makes it interesting is the fact that it focuses on a strategy of not being detected by the censor, which could potentially end the chase for proxy servers.

  • dogofwars
    I hope they would help those people that require it. It's really stupid that gouvernment do that, it does not really prevent anything.
    Reply
  • hoofhearted
    and only Telex is able to recognize a tagged connection
    ... until the censor gets hold of the Telex infrastructure
    Reply
  • christop
    Can they not just use tor.
    Reply
  • Supertrek32
    All the censor would have to do is block any content with the telex flag. Unless the flag is being encrypted in HTTPS, which would mean your traffic is being decrypted by the ISP - not exactly a good thing either.
    Reply
  • Silmarunya
    christopCan they not just use tor.
    TOR doesn't guarantee immunity. China for example has tracked users that hid their tracks with TOR. The problem is not so much TOR itself - that protocol is VERY difficult to break - but rather the possibility of intercepting a connection before it enters or after it leaves the onion thingy.
    Reply
  • argur
    @Silmarunya You mean like knowing data is being transferred, but not being able to see what it is? I dont know how TOR works, but is this the equiv of spotting and ending a TCP handshake?
    Reply
  • bustapr
    though it looks like a clever idea, its a fact that if pedos find this, they will use it for crap, so im not really happy about this.
    Reply
  • argur
    No more so than they abuse everything else though.
    Reply
  • nekoangel
    So essentially this requires the ISPs to go against the government in the case of government censorship. All comes down to how far out a user is allowed, sure it could work if say a person in China is allowed to go to websites based outside of China and ISPs outside have setup the system. If things hit the fan like they did in Lybia than its no go.

    For the US right now such a system would not mean much. Besides viewing content on websites like youtube and BBC with content that are region blocked in the US.
    Reply
  • K-zon
    Still says they need to uncrypt to connect cause to connect you are going through uncrypted points of use.

    not many places have encypts much anyways, but some do though, even say on some "normal" website use. Mainly if you sign-up for them, yes?

    May not make some sense, but think even then is partial for the time being, yes? Just in it is the content which is say relevent of the place of such use, otherwise most content isn't.

    Think the "arguement" ads to updates and patches, many websites start to have alot of encypt for normal use even when most the site isn't, yes? Or partial encypt of use. Without say loggin in, right?

    Most pages will say, if you continue to say, that the page is encypted or not. Places of downloads at times have this, for many reasons i think. Malware, Viruses, Spyware, Spam.

    Sounds like, they are trying to change these things the most, doesnt sometimes? When this is in mind, otherwise it sounds like they are trying to access things normal accessed but now encpyted and in lack of use due to it. Which one i wonder the most, right?

    Region blocking seems debatable with or without the issue/argument.

    Cause say then if content is placed within say just regional access, then of what that isnt, what is the issue? All things are not set to say regional restrictions which would make sense, to many points.

    But regions would probably vary for access to say of use at times, rather ISPs, or server providors. Yes?
    Reply