Many governments around the world imply different restrictions on their citizens' internet usage. Fighting such censorship is an essential and often tricky task. Usually, popular circumvention tools can't provide high reliability and long-term efficiency. In turn, more complex solutions lack user-friendly interfaces and performance, and do not keep the quality of web surfing at an acceptable level.

A group of US researchers from the University of Illinois Urbana-Champaign has come up with a new circumvention method, based on a proxy technology combined with an interesting approach to user segmentation. It allows the revealing of the censoring authority agents trying to mimic regular users to find out the IP addresses of proxy servers in order to block them. Here are the main points of this experiment.

The trust-based approach to trust calculation

Scientists have developed a tool called Salmon, which is a collection of proxy servers run by volunteers from internet censorship-free countries. To secure the volunteers and their servers from the blocks that censors might want to apply, the system uses a unique algorithm of trust levels assigned to users.

The main idea behind the method is that censors might have agents that use the circumvention system in the same way that regular users do in order to find out the IP addresses of proxy servers so as to easily block them. To avoid such problems, the team behind Salmon wants to be able to spot these agents. Also, they want to fight Sybil attacks by requiring the provision of a valid social network account or the securing of a recommendation from the user with a high trust level within the system.

How it works

Researchers assume that the censor is a government-controlled authority which can control any router within the state's borders.

Also, it is assumed the censor's primary goal is to block access to particular online resources or tools, not the detection of the users trying to circumvent these blocks so as to make further arrests and prosecutions. The proxy network can't help in such case, as the government will always be able to find out whether the person used circumvention tools or not – for example, using honeypot servers to intercept online communications.

Some more baseline points:

The system's goal is to provide an opportunity to overcome blocks (i.e., provide an IP address of a proxy server) for all users living in regions suffering from internet censorship.

Agents/employees of censoring authorities may try to connect to a proxy server within a network by mimicking the behavior of a regular user.

The censoring authority may block any proxy server with a known IP address.

In the case of such a block, the team behind the Salmon project knows that censors have managed to somehow identify the proxy IP address.

All of this leads us to the description of the three critical components of the circumvention system:

The system calculates the probability of a user being an agent of a censoring authority. If the user is recognized, to a high probability, as being an agent, the system bans him/her. Every user has an assigned trust level. This trust is to be earned. The fastest and most productive proxy servers are dedicated to users with the highest trust levels. This helps to separate old users from newbies, as censoring agents usually fall into this category. Highly-trusted users can invite new users to the system. Such invited new users (like friends and family) get a high trust level by default. Such recommendations build a social graph of trusted users.

It seems logical: usually, the censor wants to block the proxy immediately, and so it is unlikely that such an organization will wait for a long time to try to get higher in the trust hierarchy of the project in order to reveal all proxy IP addresses.

Trust levels: more details

The trust level is something assigned not only to users but to proxy servers as well. A user with a particular value of his/her trust can connect to the server with a corresponding trust level. Important note: the trust level of users can go up and down, while server trust can only grow.

Whenever censors reveal the proxy IP address and block the server, the trust level of all users associated with this server decreases. The trust grows if the server works for an extended period. With every new level the required length of trust increases: to move from the trust of n to n+1, you need a 2n+1 days of non-stop work from the proxy server. The journey to a maximum trust level of 6 usually takes more than two months.

The necessity to wait months to reveal IP addresses of the best proxy servers of the network is a factor that efficiently limits censors' activity. For example, if a new proxy is assigned to users with a minimum trust rating of 2, the server gets the same score. If in the future at least one user with a trust level of 3 is matched with the server, its trust remains the same. If all users of the server have upgraded their rating, then the server's trust rises as well. The server can't lose its trust. Only users can.

Highly-trusted users are awarded as such in two ways. First, the servers are not the same. There are minimal requirements for proxies' bandwidth (100KB/s). However, volunteers can provide more. The Salmon system assigns the best, fastest, and most productive servers to users with the highest trust rating.

Second, top-trusted users are better isolated from newbies, as a censoring authority’s malicious agents might be among them. In this system, the censor has to wait months to identify the proxy address. So, the probability of a block for the server of a highly-trusted person is much smaller than for servers assigned to low-trusted users.

Also, to assign the best servers to as many trusted users as possible, the creators of the Salmon system have developed a recommendation system. Users with a high trust of L can invite their friends or family members. These new users get a trust level of L-1.

There are waves of recommendations. The first group of invited people will be able to invite their friends after a period of time, usually after four months. Users from the next wave of recommendations get a recommendation option after two months.

System modules

There are three components of the system:

the Salmon Windows client;

server-side daemon software for volunteers (Windows and Linux supported);

the central directory server, where the database of all proxies is stored. This server also distributes IP addresses among users.

The Salmon client interface

To use the system, a person has to provide a valid Facebook account.

Final thoughts

For now, the Salmon method is not that widespread. There is only limited information about small pilot projects for users in Iran and China. Despite this fact, the project has good potential, although with the approach it uses it can't guarantee the anonymity of volunteers or secure the platform from honeypot attacks, etc. However, the trust level system looks promising in terms of future developments of circumvention systems.

That's it for now! Share your thoughts in the comments below.