Not certain why this escaped under the radar but I thought it might be useful to highlight this story that came across the wires a few days ago about a very handy little tool that allows web users to sidestep restrictions on web access.
Slated for Dec 1 release, the software, known as Psiphon, presents a formidable new weapon that has great potential to threaten the efforts of those who would suppress 'freedom of expression' on the web.
More below the fold:
Funded by the Open Society Institute (part of the Soros Foundation), Psiphon was developed at The Citizen Lab in the Munk Centre for International Studies at the University of Toronto for the purpose of providing:
a censorship circumvention solution that allows users to access blocked sites in countries where the Internet is censored. Psiphon turns a regular home computer into a personal, encrypted server capable of retrieving and displaying web pages anywhere.
The solution is unique in that it is not easily detectable by censors. It allows the web user to avoid detection through the adept employment of small social 'networks of trust' whereby:
psiphon providers install and administer a psiphon server (psiphonode) in an uncensored country, and psiphon users (psiphonites) login and access the server from a country that censors the Internet.
Unlike other publically accessible circumvention systems that eventually sustain detection by the censors, Psiphon remains perennially elusive thanks to the simple fact that the web addresses are only sent to a few, trusted individuals. As a result, these web addresses are not easily detectable and so avoid being blocked by censors.
It's a rather brilliant but simple solution that relies on trusting relationships to enable otherwise restricted web users freedom of access to the internet. Watch a tutorial here or see below some of the FAQ's taken from The Citizen lab's website here:
How does psiphon work?
psiphon acts as a "web proxy" for authenticated psiphonites, retrieving requested web pages and displaying them in a user's browser. psiphon uses a secure, encrypted connection to receive web requests from the psiphonite to the psiphonode who then transports the results back to the psiphonite. There is no connection between the psiphonite and the requested website, as psiphon transparently proxies the request through the psiphonode's computer allowing the psiphonite to browse blocked websites seamlessly.
How do psiphonites connect to psiphon?
psiphonites go to their psiphonodes' machine using a unique web address. The first page displayed is the user login. The psiphonite must login with a valid username and password, given to them by the psiphonode administrator. After authentication, the psiphon server displays a toolbar at the top of the page where the psiphonite can then enter a website to browse. When using psiphon, the psiphonite does not have to install any software or change any browser settings.
What do you mean, "the user does not have to install any software"?
After a successful login to the psiphon server, the user enters the website address they would like to visit, and psiphon takes care of the rest. With a regular Internet browser, the psiphonite simply logs in and requests and views the website entered in the psiphon toolbar. No software is installed on the end user's machine.
How do users find out about psiphon and how is psiphon distributed?
Anyone who wants to become a psiphon provider and is located in an uncensored country will be able to download the psiphon software from the psiphon website. After installation, the psiphonode administrator sends a unique web address to people in need that he or she personally knows and trusts in censored countries.
Even if the psiphon website is blocked it does not affect psiphon's distribution model. psiphon is completely decentralized; each psiphonode is independent of all others. The distribution of access to personal psiphon servers is based on social networks. Each psiphonode administrator grows his/her private network based on social relations of trust.
A potential flaw in the solution may be its susceptibility to infiltrators posing as 'trusted users' who then may be in a position to discover the private Psiphon URL. Absent of this, detectibility is enormously difficult as evidenced here:
From a technical perspective traffic between the psiphonode and the psiphonite is identical to normal HTTPS (encrypted) traffic. Although many sites only use HTTPS during the login process many sites, such as email providers and banking services, use HTTPS for extended periods of time, as does psiphon. The differences are that psiphon uses self-signed certificates and connections to home computers, rather than signed certificates and domain names. However, unless the attacker has the private psiphon URL it cannot be easily determined that psiphon is being used.
The potential ramifications are enormous as the cat and mouse game between those that are censored and those doing the censoring grows dramatically more complex. As has been demonstrated in the past, the nodal model provides for exponential growth in private URL's that will be available to facilitate free and open access to the internet. Be it China, Iran, our troops in Iraq, perhaps even those who have limited access at work, this technology certainly ought to raise eyebrows as the rules of the game now appear to have changed once more.