Opened 6 years ago

Closed 19 months ago

#7137 closed project (fixed)

Build a tool that a censored developer can run to discover why their Tor is failing to connect

Reported by: karsten Owned by:
Priority: Medium Milestone:
Component: Obfuscation/Censorship analysis Version:
Severity: Normal Keywords: SponsorF20130228
Cc: isis, asn, ioerror, hellais, phw, runa, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We should develop an automated censorship diagnostics toolkit for Tor. It gets deployed when someone says something like "tor doesn't work in my country anymore". The goal is to have them download this toolkit, which will automatically figure out if tor is blocked, how it might be blocked, and if any of the known ways to bypass tor censorship works, and if so, tell the client "you need X." Where X is bridges, private bridges, obfsproxy, private obfsproxy. If nothing works, it collects lots of data, and sends it back to tor.

Tor then analyzes the data and learns a new way of blocking tor as feedback into our anti-censorship work. Maybe there is a quick solution for the user in blocked country, maybe there isn't.

Child Tickets

Change History (10)

comment:1 Changed 6 years ago by phw

The paper "Detecting BitTorrent Blocking" can give us some ideas. The authors developed a Java applet which could tell whether and how BitTorrent was blocked in a given location.

comment:2 Changed 6 years ago by rransom

See also https://www.torproject.org/getinvolved/volunteer.html.en#firewallProbeTool.

The hard part will be developing a suitable machine-learning algorithm to search for Tor-compatible SSL configurations that pass through the firewall (if any SSL configuration works).

comment:3 Changed 6 years ago by asn

I should mention that Arturo and I started developing a similar tool for OONI. It's called daphn3 and it's supposed to be able to derive the fingerprint that a DPI uses by using the firewall as an oracle.

Unfortunately, we never got around to testing it or deploying it somewhere. It's currently sitting in the OONI codebase:
https://gitweb.torproject.org/ooni-probe.git/blob/HEAD:/ooni/plugins/daphn3.py
https://gitweb.torproject.org/ooni-probe.git/blob/HEAD:/ooni/protocols/daphn3.py
I would estimate it needs 3-4 days of coding, polishing and testing before it's useful.

For the record, daphn3 is only able to exploit DPI firewalls that look for strings of bytes. If the DPI firewall looks for regexps (or anything more complicated than that), daphn3 will not be able to derive the whole fingerprint.

(We should probably write down how daphn3 works exactly. A not-very-helpful description can be found in #6349. Also, daphn3 is based on d0wser, and d0wser's description can be found here:
https://trac.torproject.org/projects/tor/wiki/doc/OONI/Tests/d0wser )

comment:4 Changed 6 years ago by arma

Summary: Build a tool that a censored person can run to discover why their Tor is failing to connectBuild a tool that a censored developer can run to discover why their Tor is failing to connect

(Changed the title to make it clearer that this is designed as an aid for developers, not as general-purpose magic pixie dust for every Windows user.)

comment:5 Changed 6 years ago by karsten

Keywords: SponsorF20130228 added; SponsorZ removed

This is actually a deliverable for sponsor F year 3 phase 1.

comment:7 Changed 6 years ago by phw

A draft of the technical report is available here:
http://www.cs.kau.se/philwint/tmp/draft-report.pdf

It's an extended version of all the features we collected in the wiki. Feedback is still greatly appreciated.

comment:8 Changed 6 years ago by runa

Owner: runa deleted
Status: newassigned

comment:9 Changed 6 years ago by runa

Status: assignednew

comment:10 Changed 19 months ago by dcf

Resolution: fixed
Severity: Normal
Status: newclosed

org/sponsors/SponsorF/Year3#Phase1February282013:

Done: Final results from this deliverable are a technical report which discusses design requirements for a censorship analysis tool and a blog post referencing this technical report. An extended version of the technical report has been accepted for publication at FOCI '13.

Note: See TracTickets for help on using tickets.