Comments (2)
MassBrowser was the topic of the 2020-04-30 session of the Tor anti-censorship team reading group. Meeting log. Some topics covered:
- MassBrowser is similar to Snowflake in some ways, viz. in its use of volunteer proxies and domain-fronted communication with the Operator (in Snowflake a similar component is called the broker). Client-to-Client proxying is a notable feature that doesn't have a parallel in Snowflake.
- Matching peers by their NAT characteristics is a cool idea; how does that work technically?
- Because the Client includes a browser, how do security updates work? Looks like it uses an electron-updater package.
- From personal conversation, it sounds as if Buddies were at one time web browser extensions before evolving into their current standalone form.
- MassBrowser is getting a security audit from Subgraph.
- There was some confusion about how Client-to-Client proxying interacts with content category whitelisting and the list of known-blocked sites. For a Client in China to read a Chinese news site through another Client in Iran, it seems that the Operator would need to know more than the "News" content category and the fact that the site is blocked in China; it would also need to know that the Client acting as a Buddy is located somewhere where the site is not blocked.
- The claim, in e.g. §V-B and §VII-C, that censors cannot block residential peer-to-peer connections, is still untested, as the group sees it. The collateral damage argument may have more to do with the agility of changing Buddy addresses rather than the utility of any single Buddy address (NATed or not): if the Buddies sparsely occupy a large address space, it can be hard to write a rule to block them without blocking something else important. But even the agility argument is untested (as in Snowflake): how often do Buddies/proxies actually change their address? The group outlined some research avenues for investigating this.
from bbs.
The conference page for the paper has resources from the conference presentation:
from bbs.
Related Issues (20)
- Possible Cloudflare blocking in Russia HOT 2
- EU.ORG got blocked by GFW recently HOT 15
- Anamorphic Encryption Covert Channels HOT 1
- Thinking about building a covert TCP proxy that's based on DPI. But is it possible? HOT 12
- کانفیگ برای v2ray / v2ray configuration HOT 3
- "Anti-fraud" (反诈) spyware apps, phone inspections in China HOT 12
- National Anti-Fraud Center based plugins allegedly found in residential FTTR modem in China. HOT 3
- PowerTunnel HOT 3
- CN4Iran 2.0
- China-Linked 'Muddling Meerkat' Conducts DNS Hijacking for Internet Mapping HOT 3
- REALITY servers in Iran being abused as sort-of SNI proxies HOT 2
- CensorWatch: On the Implementation of Online Censorship in India (FOCI 2023)
- Some IP addresses used for DNS censorship in India HOT 3
- Defense against AI-guided Traffic Analysis (DAITA)
- Blocking of fully encrypted protocols (Shadowsocks, VMess) in Russia, targeting HTTPS traffic fingerprints HOT 12
- Blocking of *.pages.dev in Russia HOT 4
- I have my own VPN application, and I published it in the app markets. What is the difference between LTE and Home internet? HOT 1
- Snowflake, a censorship circumvention system using temporary WebRTC proxies (USENIX Security 2024) HOT 1
- Bleeding Wall: A Hematologic Examination on the Great Firewall (FOCI 2024)
- Assistance Needed to Bypass Restrictions on Irancell Network
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bbs.