Fighting Censorship

Aravinth Manivannan | @realaravinth
batsense.net

Evolution of Censorship Cirbumvention Technologies

VPN
Tor
Distributed Web(dWeb)

What happens when you normally browse the web?

Workflow

Problems with this workflow

## Plaintext communications(without TLS)
              - Can see destination and message content

- [Wireshark](https://www.wireshark.org) traffic capture:
                <pre><code data-trim data-noescape data-line-numbers="10-12">
            POST /vtop/doLogin HTTP/1.1 Host: vtop2.vitap.ac.in:8070
            User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:87.0) Gecko/20100101
            Firefox/87.0 Accept: */* Accept-Language: en-US,en;q=0.5
            Accept-Encoding: gzip, deflate Content-Type:
            application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With:
            XMLHttpRequest Content-Length: 75 Origin:
            http://vtop2.vitap.ac.in:8070 DNT: 1 Connection: keep-alive Referer:
            http://vtop2.vitap.ac.in:8070/vtop/initialProcess Cookie:
            JSESSIONID=3DCBD471C01E21A5B678CA95DE95B48E; 
            loginUserType=vtopuser
            uname=ARAVINTH.19BCE7415@VITAP.AC.IN
            &passwd=passwordNOT&captchaCheck=4SFZ85HTTP/1.1
             </code></pre>

Metadata

What is it?

Metadata (or "data about data") is data that describes a piece of information, apart from the information itself.

What does it look like?


➜  guard git:(master) stat DEVELOPMENT.md
  File: DEVELOPMENT.md
  Size: 2631      	Blocks: 8          IO Block: 4096   regular file
Device: 10304h/66308d	Inode: 28196546    Links: 1
Access: (0644/-rw-r--r--)  Uid: ( 1000/aravinth)   Gid: ( 1000/aravinth)
Access: 2021-04-15 10:52:23.016926774 +0530
Modify: 2021-04-11 14:07:33.394090235 +0530
Change: 2021-04-11 14:07:33.394090235 +0530
 Birth: 2021-04-11 14:07:33.394090235 +0530

Why does it matter?

We kill people based on metadata
- David Cole, Former Director of NSA and CIA

What happens when you use VPN?

Workflow

Pros

Payload is encrypted
As far as attacker is concerned, user is accessing VPN server only

Traffic Analysis on a live VPN

Cons

Too much trust on single entity
Evil service provider; no way of knowing
Security breach has cascading effects
Easy fingerprinting

Tor

Terminology

Tor circuit: Single user session
Relay: A server on the Tor network
Guard relay: Entry point where client connects to
Middle relay: Relay between Guard and Exit relays
Exit relay: Relay that connects to the internet

Data Workflow

Encryption Workflow

E_guard(E_middle(E_exit(Data)))

Guard relay: Knows client's IP address
Middle relay: Doesn't know anything
Exit relay: Can read user data and user destination

Pros

Run by the community
Payload is encrypted thrice
No single point of failure like VPNs
Relays are chosen at random

Cons

Doesn't scale: Every user uses atleast three relays in a session
Tracking still possible

Attacks on Tor

Traffic Analysis on a live Relay

God's Eye View

What goes in must come out

Denial of Service Attacks

AIM: Find user's source and destination IP addresses

Run a bunch of Guard and Exit relays
Take down known Exit relays by DoS
See if payload size on Exit is same as payload size on Guard:
- Yes: source and destination is mapped
- No: repeat process until sucessful

Fighting Censorship

Evolution of Censorship Cirbumvention Technologies

What happens when you normally browse the web?

Workflow

Problems with this workflow

Metadata

What is it?

What does it look like?

Why does it matter?

What happens when you use VPN?

Workflow

Pros

Traffic Analysis on a live VPN

Cons

Tor

Terminology

Data Workflow

Encryption Workflow

Pros

Cons

Attacks on Tor

Traffic Analysis on a live Relay

God's Eye View

Denial of Service Attacks

IPFS: a fully distributed network

What does it do differently?