In a small basement office at the University of Toronto in Canada, Citizen Lab researchers are getting ready to launch Psiphon, a new weapon in the fight against Net censorship.
"The team at Citizen Lab is now racing to put the final touches on the program in time for its public debut at the international congress of the free-speech group PEN in May," says the Globe and Mail.
"Billed as a uniquely Canadian approach to 'hactivism,' the first generation of Psiphon will then be made publicly available."
Founding director of the Citizen Lab is Ronald J. Deibert, associate professor of political science. Lead Citizen Lab programmers for the Psiphon project are Nart Villeneuve and Michelle Levesque.
Deibert's team is also part of the Open Net Initiative which includes Harvard and Cambridge universities and tries to document the extent of state interference on the Internet and which tries to, "turn the tables on the watchers, to watch the watchers," says Deibert in the Globe and Mail story.
What, precisely, is Psiphon, and how does it work? >>>>>>>>>>>>>>>>>>>>>>>
Psiphon is a userfriendly suite of stand alone proxy applications designed to securely circumvent Internet censorship. Specifically intended for personal use, Psiphon replaces the technological networks of peer-to-peer and public proxy systems with human or social networks based on relations of trust. Psiphon is installed on personal computers in locations where Internet access is not restricted in order to allow a select group of family and friends in restricted locations to browse the Internet freely.
Psiphon is a product of the The Citizen Lab (University of Toronto), a founding partner of the OpenNet Initiative.
OVERVIEW
Psiphon (and its related suite of tools) will be of use to any person or group of people living in a country where there is Internet content filtering and who have friends or relatives living in countries where there is not. Apart from the general citizen/diaspora networks, Psiphon can be employed by networks of human rights and civil society advocates. Given the extent to which many of the countries of concern that censor the Internet have large diaspora populations in North America and Europe (e.g., Chinese, Iranian), the Psiphon will enable a practical, user-friendly and secure way for citizens within these countries to capitalize on those networks of trust and surf the Internet freely.
Unlike other circumvention technologies, Psiphon relies on multiple social networks of trust. Psiphon does not depend on mass publication of IPs or proxies, which in turn can be easily intercepted and filtered by a determined state, but rather on “word of mouth” and multiple, smaller networks of trust. The users would include any group that wishes to communicate over and access information from the Internet freely.
TECHNICAL SPECIFICATIONS
A. Psiphon application and Psiphon Repeater
Psiphon is a personal proxy application designed to allow users to circumvent Internet censorship from countries where content filtering takes place. Psiphon is installed on computers in locations that do not censor the Internet and is accessible through a browser by users in locations that are censored. Users in censored countries do not need to install any software. There are two methods of connection currently under development:
a) A system in which the user modifies the proxy settings in their browser to point to the location of psiphon.
b) A system in which users simply browse to the location of psiphon and are presented with a web form interface, through which the user requests websites.
An additional project, which is a concurrent fork of the Psiphon codebase, is the Psiphon Repeater. The Repeater is a standalone application designed to securely forward requests to and from users trying to circumvent Internet censorship and large proxy servers. In other words, the Repeater accepts connections from users and then forwards them to a proxy server location. The Repeater is not a proxy server itself; rather, it acts as an intermediary through which a proxy server can be reached. Designed for use with (web) proxy applications, the Repeater itself does not actually fetch requests for the user. This is handled by the proxy server that the Repeater connects to. In this scenario, the Repeater user's IP address does not show up in web server logs limiting any legal liabilities or concerns a user may have by allowing other users to browse through their computers.
Instead these responsibilities are assumed by the larger institutions running the proxy servers.
B. Psyphon: Key Characteristics and Components
i. Open Source codebase
Psiphon is developed in Python, an open source, interpreted, interactive, object-oriented programming language. Psiphon, is platform independent; it can be run on Windows or Linux/Unix systems (including OS X). Linux and Unix users are required to install Python and OpenSSL. A simple, compiled, executable version of Psiphon is available for Windows users.
ii. Graphical User Interface
Psiphon is managed by the user through a graphical user interface (GUI). The GUI displays the address used to connect to Psiphon (which must be securely sent to the user), the bandwidth throttling options, and the access control system.
iii. Encrypted Network transfer
Psiphon accepts connections the over HTTPS protocol (port 443), but also has options to run over any port. The server uses X.509 public key exchange certificatebased authentication using selfsigned certificates generated with OpenSSL. The certificates are 1024 bit RSA keys, encrypted by a PEM pass phrase. All traffic between the browser and Psiphon is encrypted, including the URL of the website that is being visited.
iv. Access Control System
After the initial security handshake is completed, Psiphon determines whether or not it should accept traffic from the web browser. This is done though HTTP user authentication, which is uuencoded (a program that takes a stream of binary data and returns an obfuscated string) and encrypted through the SSL layer, both of these done seamlessly through methods already supported by all browsers. The user is asked for a username and a password to access the Psiphon system and is only given access to the Psiphon proxy system if these are correct. The usernames and passwords are easily maintained through a user-friendly graphical user interface (GUI) by the Psiphon user.
They can be sent to users of the Psiphon via email, instant messaging, Internet Relay Chat, telephone, or regular mail, whichever users feel is most secure.
v. Bandwidth throttling
Psiphon has a built-in bandwidth quota that allows users to restrict the total amount of bandwidth used by the Psiphon system. In addition, Psiphon can also monitor the amount of traffic generated by specific users. This option specifically protects Psiphon users whose ISPs charge them based on the amount of internet traffic used. If the total bandwidth used has reached the specified limit, Psiphon refuses to accept any more incoming requests until the user resets the quota system. Bandwidth throttling can be turned off if Psiphon users are not concerned with the amount of traffic through their proxy.
vi. Proxification
Once the browser has fully transmitted the request to Psiphon, Psiphon then issues a request to the webpage in question, captures all of the data, and then sends that data to the browser. Psiphon uses streaming technologies such that if a large amount of data is transferred, Psiphon begins to transfer the data it has received back to the browser while it waits for more from the webpage. Between receiving the data from the webpage and transferring it to the browser, Psiphon ensures that all links in the web page it is transferring point through itself, such that the user on the end of the browser can surf the
web seamlessly through the Psiphon proxy system.
Development Team
The Psiphon and related suite of circumvention technologies is a research and development project of the Citizen Lab, Munk Centre for International Studies, University of Toronto. The present and founding director of the Citizen Lab is Professor Ronald J. Deibert, Associate Professor of Political Science. Lead Citizen Lab programmers for the Psiphon project are Nart Villeneuve and Michelle Levesque.
Villeneuve and Levesque are members of the Citizen Lab/Advanced Network Research Group collective. For more information, see http://www.citizenlab.org/
The Psiphon development project benefits from, and is closely related to the Open Net Initiative, a collaborative project among the Citizen Lab, The Berkman Center for Internet & Society (Harvard University), and the Advanced Network Research Group, University of Cambridge. One element of the Open Net Initiative is a Circumvention Technologies Clearinghouse in which major circumvention, security/privacy, and encryption tools for use by civil society and NGOs are archived, assessed, and analyzed.
The development of the Psiphon is thus closely related to analyses of existing circumvention technologies, and has been specifically designed to improve upon their usability and effectiveness.
Also See: Globe and Mail - Scaling the firewall of digital censorship, February 16, 2006
=====================
If you're Chinese and you're looking for a way to access independent Internet news sources, try Freegate. It's a free DIT program written to help Chinese citizens circumvent website blocking outside of China.
Download it here and feel free to copy the zip and host it yourself so others can download it.
