Technology designed to smuggle requests for access to anticensorship services out of countries that censor content has been announced by researchers.
'Telex' appears to create an encrypted tunnel to a sanctioned site, but uses public-key steganography to mark packets as Telex communications, US-based researchers announced on Monday.
"The client secretly marks the connection as a Telex request by inserting a cryptographic tag into the headers," said University of Michigan researcher J Alex Halderman in a blog post. "We construct this tag using a mechanism called public-key steganography. This means anyone can tag a connection using only publicly available information, but only the Telex service (using a private key) can recognize that a connection has been tagged."
The technology requires sympathetic internet service providers to set up 'Telex stations' to monitor communications and redirect Telex-marked packets from sanctioned sites to anticensorship services such as proxies, or The Onion Router (Tor).
Once communications have been redirected, users can access content while appearing to be connected to the sanctioned site, using HTTPS.
Update 21-7-11 One of the researchers involved in the project, Eric Wustrow, responded to a series of email questions on Wednesday.
Q. What's to stop monitoring of Telex communications by the countries where ISPs have Telex stations?
A: Normally, Telex stations can see both the source and destination of telex connections they proxy for. This means if you use Telex to access google.com, the Telex station will learn your IP address, and that you tried to access google.com. However, it is possible to use Tor, an existing anonymity-providing proxy ( https://www.torproject.org ), over a Telex connection. That way, the Telex station would only learn that you are using Tor, and not your ultimate destination.
Q. What's to stop repressive states from using ISPs in the country to advertise themselves as Telex stations? How can you keep a private key that has been divulged to certain ISPs private?
A. While a censor could certainly run their own Telex station, it is unlikely they would be able to obtain the required private key that would allow them to detect, decrypt, and block tagged connections. We discuss how to keep a shared private key secret on our Q&A page ( https://telex.cc/qa.html#private-key ). The short answer is that either a single entity ("Telex authority") needs to be responsible for only giving the private key to trusted Telex stations, or a Public Key Infrastructure (PKI) could be used to allow each station to generate their own private key.
Q. Surely any deep packet inspection has to compromise privacy to a certain extent?
A. ISPs already have the capability and technology to do deep packet inspection (DPI) on traffic that passes over them. Often times, ISPs will use DPI to help censor or block certain content. What Telex provides is a way to use DPI to promote anitcensorship. There are some potential privacy concerns for Telex users, but again, using Telex to access Tor can help solve these issues. For non-Telex connections (i.e. normal HTTPS), running a Telex station at an ISP does not give the ISP any more information about those connections than it would have without a Telex station.