According to the researchers, "many anticensorship systems work by making an encrypted connection (called a “tunnel”) from the user's computer to a trusted proxy server located outside the censor's network." The result is a cat-and-mouse game between the censor and proxy servers that need to be blocked to enforce censorship. There is virtually no way for users to generally know the IP address and login information of proxy servers, while the same information path is kept secret from the censoring authority.
Telex, on the other hand, creates a proxy server without an IP address. The user simply needs the Telex app to access censored websites: "When the user wants to visit a blacklisted site, the client establishes an encrypted HTTPS connection to a non-blacklisted web server outside the censor’s network, which could be a normal site that the user regularly visits. Since the connection looks normal, the censor allows it, but this connection is only a decoy."
The client request is registered as a Telex request by using a cryptographic tag in the connection headers - and only Telex is able to recognize a tagged connection. "As the connection travels over the Internet en route to the non-blacklisted site, it passes through routers at various ISPs in the core of the network." The technology would require ISPs to deploy devices that hold a private key to decipher tagged HTTPS connections from Telex clients. The stations will then direct the connections to anticensorship services, such as proxy servers or Tor entry points, which clients can use to access blocked sites: "This creates an encrypted tunnel between the Telex user and Telex station at the ISP, redirecting connections to any site on the Internet," the researchers said.
The technology is very clever and we will learn more details about it at the upcoming Usenix Security Symposium in San Francisco. What makes it interesting is the fact that it focuses on a strategy of not being detected by the censor, which could potentially end the chase for proxy servers.
