Professor Ron Deibert is the director of Citizen Lab at the University of Toronto, a remarkable institution which researches the intersection of civic politics and digital technology. Citizen Lab is one of the partners on the Open Net Initiative, a project that Berkman participates in, documenting and researching internet censorship and filtering around the world.
(The mandatory disclosure paragraph: I work at the Berkman Center and occasionally assist the Open Net Initiative. I sit on the sub-board which oversees the Information Program of Open Society Institute, which was the lead funder of Deibert’s Psiphon project. I also am friendly and work closely with the designers of Tor, which is sometimes posited as a “rival” to Psiphon. In other words, I’m either in a great position to tell you about this work, or so conflicted that you shouldn’t take anything I say seriously. Your pick.)
The ONI project has documented the explosion of filtering and online censorship over the past four years. In 2003, when the project started, it was primarily watching two or three countries which were known to be filtering access to the web. Four years later, ONI watches more than 40 countries. Not only has filtering become more pervasive, but more content is being filtered: initially, countries were filtering sites that were considered sensitive to national security, and pornography, but now filtering can include blocking sites of human rights organizations, opposition political parties and online encyclopedias. Most galling to Deibert: most of this internet filtering is non-transparent, which means you get a network error page, not a page telling you that the content has been blocked by your government.
“The open network commons of the Internet is being carved up, colonized and militarized,” says Deibert. He notes that, post 9/11, many industrialized nations passed laws that make it easier for a government to intercept and monitor electronic communications. Developing nations are adopting the same techniques, following in their steps. And many smart geeks are going to work for companies that are helping to close off the Internet, not connecting more people to it.
The result is an “emerging arms race in cyberspace.” Deibert points to recent developments in Kygryzstan and Belarus. The internet is generally relatively uncensored in these countries, but experienced heavy filtering in critical periods around elections and the public demonstrations that followed them. Some of this site blocking didn’t involve conventional techniques like blocking sites at the ISP level – it involved the hiring of groups of hackers to launch denial of service attacks on opposition and protest websites. Deibert points to a US doctrine put forth about fighting and winning cyberwars – he believes this doctrine will lead towards “a competitive dynamic amongst great powers”.
The Psiphon project arose from these concerns, and from work and expertise gathered by the ONI team in the course of researching censorship. Specifically, Deibert notes, Nart Villeneuve and Michelle Levesque became expert in the weaknesses of various censorship techniques and ways to circumvent these types of filtering. He notes that Psiphon isn’t really something new – it’s an improvement on existing tools and networks. The focus of Psiphon’s design was on ease of use, making the program something the average user would be comfortable using on a home computer. The other design goal was making the tool very difficult to detect and block, and to minimize the danger to users in repressive nations.
Psiphon improves on a known strategy for circumventing firewalls – proxy servers. Proxies retrieve web pages on a user’s behalf – if I want to access en.wikipedia.org, but I’m not able to access it through my local ISP, I ask proxy.com to retrieve the Wikipedia page and show me its content. Public proxies – proxies whose address is known by the general public and is publicized on the web – are widely used in countries like China, but they’ve got major flaws. One, they’re easily blocked by internet authorities, who do their best to keep track of publicly announced sites. Second, you have no idea who’s running these proxies, and whether they’re monitoring your internet behavior – there’s no assurance that the Chinese government isn’t running the proxy you’re using to access information on Falun Gong, and keeping track of your interest in clandestine topics. And third, the traffic between the proxy and your computer is often unencrypted, which lets governments or ISPs monitor that traffic.
Psiphon is a private proxy. A user in a country where the net is uncensored runs a copy of the software on her home or office computer. She gives the IP address of the computer, a username and password to the person in a filtered country. That person can access the web through an SSL-encrypted connection to her computer, which means that person can access sites that are blocked using an unmodified web browser – there’s no software for the end user to install.
There’s some other important implications – the person who runs the psiphon node can see what sites the user is visiting. This is useful – if she gave Uncle Jim the proxy so he could read human rights sites from Saudi Arabia, but he’s using it to surf porn, she can shut him off. But it also means that Psiphon is emphatically not an anonymous proxy – it’s encrytped so that hostile governments or ISPs can’t see what you’re looking at, but you’re completely transparent to the proxy owner. As Deibert explains, it’s a system built on “social networks of trust”.
Psiphon’s received an enormous amount of press coverage, which has led to rapid uptake of the software. 80,000 copies of the “node” (proxy server) software have been downloaded so far – Michael Hull, lead developer on the project, reports that roughly 20-30,000 copies appear to be in use. (In the most recent edition of the software, your node contacts a central psiphon server to “check in”. This also allows the central server to report your public IP, which you have to distribute to your users. It does create the danger of a canonical list of Psiphon servers, though, which would be a target for a government determined to block Psiphon.) Roughly 500 copies of the software are now downloaded daily.
Uptake has been difficult to predict – the designers predicted it would be widely used in China, but uptake has been modest there. But Vietnamese and Iranian users have flocked to the software – Deibert shows a video of an Iranian user accessing a Google Search on “women’s studies” – blocked through the national firewall – using Psiphon and thanking the program’s authors. Ethnic diaspora communities are one of the best ways Deibert has found to distribute the software – since using the software requires a user in an uncensored country and one in a censored nation, diasporas are a likely userbase. As it turns out, so are journalists trying to report from censored nations – they set up a Psiphon node in their office and access the web via that connection from China or Vietnam. And some governments and multinationals are finding the software useful and easier to use than complex VPN setups.
One of Deibert’s concerns going forward is finding a way to support development of the product beyond its first generation, which is funded by foundations, primarily by Open Society Institute. He acknowledges that this funding is scarce and competitive – OSI and other funders in this space are asked to support dozens of different anti-censorship and circumvention projects. One idea is to build a business around Psiphon, which Deibert calls Psiphon PRO. The product might appeal to four markets:
– Multinational corporations with subsidiary operations in the 40+ countries that filter the Internet. While there are other strategies to get employees connections to the outside world (ssh-tunnel, VPNs), Psiphon is easier to use for the single purpose of accessing the unfiltered web.
– Connecting customers in blocked countries to blocked content. BBC, for instance, tries very hard to offer content to users in nations around the world – perhaps they’d be interested in offering a branded Psiphon that pushed users to their content.
– Web intermediary. Once you’re proxying web pages, there’s all sort of things you can do to a page – remove ads from it (like privoxy), add ads to it, translate the page into different languages or formats.
– Remote administration – Because Psiphon is running on your home or desktop computer, it offers some possible options to administer your home machine via the web.
Deibert notes that his thoughts on building a business model are in their very early stages. His other concern resulting from the Psiphon work is the need to build the “hacktivist” field. He wants to ensure that protecting freedom of speech online is embedded within the research agenda and outlook of programs throughout universities. He describes this as a form of “field building”, the long process of convincning academics that they either need to broaden their field to include this new perspective or to build a new field alongside existing academic fields. Awareness-raising campaigns like Amnesty International’s irrepressible.info campaign are helping, but an international trend towards increasing security at the expense of freedom is very concerning to anyone focused on human rights issues.
Questions from the audience:
Q: Can you publish using Psiphon?
A: Absolutely – one of the goals for Psiphon was to make it possible to publish to Wikipedia, something that’s difficult with some other tools (Tor, notably), because they’ve been used to spam Wikipedia.
Q from John Clippinger: Are governments taking countermeasures to Psiphon at this point?
A: The Psiphon website has been filtered in Iran and China, which is ironic, since you want people in uncensored countries, not censored countries, to download the software. Concerns about countermeasures are one reason the software was designed not to leave any traces on the user’s computer.
Q from John Palfrey: What’s going to happen when someone does something terrible using Psiphon, plans a terrorist attack, for instance? What’s Psiphon’s liability?
A: It might not be terror – it could be posting child pornography. Deibert has a strong sense that access to information is an individual right. What people choose to do with technology is up to them: the 9/11 terrorists used mobile phones and rental cars, and we don’t talk about banning those technologies.
Q: What is someone hacks into Psiphon’s computers? What sort of info would be revealed?
A: There’s no real reason to hack into our computers, and we’ve got good security.
Q from Hal Roberts: But you’ve made a policy decision to have Psiphon nodes ping back to your server. And you’ve made the policy decision to keep server loads of downloads of your software. What happens if that info is compromised?
A: The people downloading the software are in uncensored countries. And we take the logs off the servers regularly.
Q from Jonathan Zittrain: What sorts of vulnerabilities are people volunteering their home computers exposing themselves to, both technically and legally? If you incorporate VNC-like functionality into the product, that might raise some eyebrows about the security of the system. And shouldn’t someone do a serious analysis of the legal risk of someone abusing the net via your psiphon connection?
A: So far, the only steps we’ve taken are a strong statement in the FAQ – you’re taking a risk by offering your machine in this fashion. A good legal analysis is a good idea.
Q, again from Zittrain: Should Psiphon consider marketing real estate on the download page and in the proxy browser frame, selling ads and making money, like Firefox?
A: Great idea.
(Zittrain emailed me and made the point that what he actually suggested was that groups like BBC distribute branded versions of Psiphon, using this real estate to promote their brands. Evidently most of us in the room jumped to the conclusion that he was talking about a more generalized advertising model…)
Q from me: Psiphon appears to work well for a user in a censored country who has a friend in an uncensored country. But there are millions of other users who don’t have that sort of personal connection – what do they do?
A: Psiphon wasn’t designed to be the perfect solution – it was mostly designed to be better than the Anonymizer project designed for Iranian web users and advertised via Voice of America. That project was irresponsible, since it didn’t encrypt traffic between the surfer and Anonymizer, meaning the government could monitor the content accessed. While this isn’t perfect, it’s far more secure. And people within ethnic media communities are emerging as brokers for accounts, setting up accounts for countrymen they don’t know personally. As these networks emerge, it will get less frustrating… but it’s still frustrating for some users who email us and ask how they can get access to a node.
Future editions of the software will deal with the problem of nodes switching IP addresses more elegantly – they might have a network of trust where, if they can’t accept new connections, they’ll send those connections to another trusted node.
Q: Would the US government be willing to sponsor this?
A: They might be, but we couldn’t take that funding – our credibility would suffer in the human rights community. Deibert finishes the talk by quoting Bob Marley: “Rasta don’t work for no CIA.”
I’m a huge fan of Psiphon, but I’m a bit worried about the attention Psiphon’s currently getting. Some of the reporting has been pretty superficial and has given the impression that Psiphon solves every problem for someone in a filtered nation. This isn’t true – Psiphon’s a great solution for people with a trusted confederate outside their home country. But it’s not a solution for anonymity, and it doesn’t solve problems well – yet – for people who don’t have an out of country confederate.
For those purposes, Tor is probably a better solution. But Tor has its problems as well – Mike Hull argues that Psiphon is much faster than Tor (which makes sense, as Tor adds overhead to each request by routing through multiple computers), easier to use (perhaps, since it doesn’t require the end user to install it) and safer for the end users (as they don’t have incriminating software on their machines). I’d argue that Psiphon and Tor are appealing to different sets of users with different needs, and that there’s a neat split between the two… what’s going to be difficult is articulating to the general public which tool is useful for which purposes, and convincing people that using public proxies is a bad idea when they could use Tor or Psiphon.