Ethan Zuckerman’s online home, since 2003

Relakks – an interesting option for circumvention and (partial) anonymity

It’s not every day that I get an introduction via video podcast. My friends Loïc LeMeur and Thomas Crampton used a podcast to introduce Rebecca, me and the Global Voices community to Jonas Birgersson, the chief executive of Swedish IT firm, Relakks. Relakks is a very interesting form of anonymizer, using technology and a business model that are somewhat unfamiliar to folks who work in the internet filtering and circumvention community.

Birgersson tells Crampton that he’s working on Relakks in part as a political statement. He sees some pending legislation – notably the “Second Intellectual Property Enforcement Directive” – as leading towards increased government surveillance to prevent the new crime of “aiding, abetting, or inciting” commercial-scale copyright infringement. By responding to this threat with a system designed to let large numbers of users surf the Internet in a way that shields their identity from some forms of surveillance, Relakks demonstrates that net users can respond to attempted surveillance by becoming very difficult to watch. In other words, law enforcement should consider saving surveillance for the important stuff, not just to catch copyright criminals.

Relakks allows users around the world to adopt a Swedish IP and surf the web using that IP. This allows users whose governments filter the Internet – like Ethiopia, China or Saudi Arabia – to access the web freely… so long as their governments don’t start blocking access to Relakks. Governments have gotten quite good at blocking web proxy services like Anonymizer – it’s not clear how quickly they’ll learn to block a service like Relakks.

Relakks sets up an encrypted virtual private network (VPN) between your machine and a server in Sweden using PPTP, a protocol that comes pre-installed on Windows and Mac OS X machines. This gives Relakks a possible advantage over tools like Tor, which require installation on your machine (or require you to run the tool from a USB key using a package like TorPark.) The technique is similar to the one I use when I travel, logging into a Unix machine in Cambridge, setting up a SOCKS proxy via SSH, except that it’s easier to set up and doesn’t require you to install ssh on your laptop or have a Unix account.

That said, there are at least two major vulnerabilities of Relakks – one is that a determined government could shut off your connection to the Swedish servers via PPTP… or just blocking the TCP ports associated with the protocol. Or by poisoning DNS to make the pptp.relakks.com unresolveable via local DNS. Second, because all your traffic passes through Relakks, they’re capable of generating a great deal of information about your online activities. This is a vulnerability of most central-server anonymization systems, as well as systems like Psiphon, which require you to trust whoever is forwarding your Internet traffic. Tor protects against this vulnerability through the use of multiple servers and layered encryption, but that protection comes at a price: the system is slower than systems like Relakks.

(In the interview with Crampton, Birgersson makes it clear that his company will only release user data when compelled by Swedish law. That law specifies that data must be released in cases of murder or attempted murder, large-scale narcotics trafficking or threats to national and international security.)

I was impressed by the easy setup and speed of Relakks – it took roughly 30 seconds to configure the system for a Mac. The first couple of web connections I tried to make failed, but then connections were quite fast: noticeably slower than surfing the web through my direct connection, noticeably faster than Tor. I had one major problem – I could not access any of the Google family of sites – they simply timed out. It’s possible that this is a function of Google’s geolocation service, which may have trouble resolving the high port that Relakks uses to let users surf the web.

Relakks isn’t free – Birgersson and crew are charging €5 a month for the service or €50 a year. There’s an additional transaction fee if you’re signing up for a single month. These fees subsidize connectivity to and from the Swedish servers – Birgersson tells Crampton that he’s currently got 10 Gigabits per second of connectivity to his server cluster – which helps keep the service very fast.

Unfortunately, the service charge is likely to be a major obstacle for some of the people who’d most like to use the service. The price may or may not be an issue, but the need to use an online payment system is a major obstacle for many developing world users. A system that let users pay using their mobile phones, or which subsidized connectivity in repressive nations by charging users in countries with high credit card penetration might be a solution. The system already has 50,000 users, and has seen spikes in usage from Turkey and Thailand when those nations made steps towards constraining internet access – I’d observe that those are nations where average net users are more likely to have credit cards than in Ethiopia, for instance.

One of the most interesting features that Birgersson is promising is “country shifting”, which would let you choose a nation to proxy your connections through, giving you the chance to see the Internet through the eyes of users in other countries. The Blossom system has used the Tor network to achieve this same result, but that code is a bit tricky to use for the average user – with additional Relakks servers in different nations, the user would simply need to choose a different server to surf through a different nation.

It will be interesting to see what uses people find for Relakks. Many users have started using the Tor network for filesharing, allowing them to share copyright-violating files with a high degree of anonymity, but likely degrading the performance of the network in the process. Will filesharers move to Relakks? Terrorists? Internet gambling enthusiasts? Probably all of the above, as well as people in nations that constrain access to the Internet, allowing them to surf and publish in an unfettered fashion.

I’m not likely to become a long-time Relakks user – I’ve got Tor installed on my laptop, and while it’s not as fast as I’d like, it is reliable enough for the moments I want to surf of publish anonymously, doesn’t require me to pay a membership fee and gives me a very high degree of anonymity without requiring me to trust anyone. I’m enough of a child of the 80s that I’d half-hoped to dislike Relakks so I could write a post titled “Relakks: Don’t Do It” in homage to Frankie Goes to Hollywood, but I’m quite impressed with the system. If you’re in a situation where you need to evade a national firewall frequently, where you can afford to pay €5 a month and where you trust Jonas Birgersson more than your local Internet Service Provider, Relakks might be for you.

4 Responses to “Relakks – an interesting option for circumvention and (partial) anonymity”

  1. Ethan: Thanks for the detailed technical analysis!

  2. Alex says:

    The real strength of VPN-based approaches to censorship evasion is that nobody will block encrypted VPN traffic *because that way, you block all the corporate travellers’s e-mail*.

  3. nart says:

    hi ethan,

    vpn is a nice option, as you say, no client d/l to install and you can do more than just web browse. definitely a good choice for a one hop.

    one quick point is about anonymity — one-hop “proxy” systems may disguise your IP from the sites you visit, and if encrypted, protect the traffic between you and the “proxy” from a snooping ISP but they are not anonymity systems in the true sense since the owner of the “proxy” — as you noted — has access to everything that you do through it, unlike anonymity systems such as tor.

    the second point is just an addition and a clarification for one of the comments. the ip address(es) can also be easily blocked, arguable easier and more effective than tampering with dns and not as restrictive as blocking the protocol.

    the main issue, as i see it, with circumvention is not the technology but the discovery mechanism. while private systems can help, the user base is necessarily low. the problem with public systems is that whatever connection info you publish can also be known by the attacker who can block it. that said until a system becomes popular it often remains unblocked even though it could be easily blocked.

  4. Ethan says:

    Alex, that’s a good point in terms of port blocking, but it doesn’t solve the problem of IP blocking. If a Tunisian ISP, for instance, decides that Relakks is primarily associated with subversive activity, they’ll block that specific IP at the national boundary router level, even if they keep the PPTP ports open.

    Nart, I’m with you on questions of discovery. Right now, Relakks isn’t doing anything more complex than resolving their DNS to the appropriate PPTP server, near as I can tell – Jonas, if I’m wrong, please let me know. At the risk of underestimating our adversary – a lot of filtering governments seem more concerned about port 80 than about novel ports – wonder if that will help Relakks stay unblocked for a while longer, much in the way that Tor has stayed unblocked longer than we expected…

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

 

Powered by WordPress | Designed by Elegant Themes