Michael Hull recalls a time when frustrating Chinese government censors was as simple as bringing another server online.
Hull’s company develops a censorship circumvention tool called Psiphon, popular in countries such as China, where access to information online is tightly controlled. It used to be that when the addresses pointing to Psiphon’s servers were discovered and blocked, Hull would simply bring a new server with a new address online — until that server, too, was found. And on and on it would go.
But times have changed. As software designed to evade censors and software blocks has improved, so has the technology used by governments to curb its use.
Hull’s app was one of numerous services removed from Apple’s Chinese App Store over the weekend at the behest of the country’s government, which announced its intent to block all such unregulated services by February 2018.
On Sunday, the Russian government also announced the signing of a new law banning the use of virtual private network (VPN) services and anonymity software as of Nov. 1.
For service providers, putting circumvention software into the hands of users has always been a challenge. But in the midst of such aggressive crackdowns, there is added pressure to ensure their software will continue to work in the face of increasingly sophisticated countermeasures that require more novel workarounds to defeat.
“It’s becoming less of a cat and mouse game, and more of an intelligence game,” Hull said.
Traffic in disguise
In places such as China, gone are the days when sidestepping simple keyword filters or application-specific blocks required little more than a VPN or the anonymous browser Tor. Internet filtering technology used in some countries has reached a point where it can detect and block the evasion tools themselves.
As a result, there are a handful of efforts to develop new and improved evasion tools that, to a censor, don’t look like evasion tools at all — a practice called traffic obfuscation. The goal is to take connections to sites and services that might otherwise be blocked and make them look more or less the same as connections to content that’s approved.
Sometimes, the process is a sort of bait and switch. A user might look like they’re merely visiting Amazon or Google, but their connection is actually redirected to blocked content. Other times, the traffic itself is disguised to look like the traffic of an unblocked app, such as Skype, or…