Sign up to our newsletter
The latest security news direct to your inbox
In this case, we aren’t referencing the group who, as of late, has made headlines for hacking endeavors. A new technology, sort of a modified proxy chain on steroids, seems to be gaining some proof-of-concept notoriety, hoping to offer new levels of anonymity while surfing online. The technology hopes that when users connect, the network won’t detect “that the the user is attempting to have an anonymous conversation”, so it won’t set off network filtering triggers.
Rather than using an “end-to-end” anonymizing setup, like Tor, this is referred to as an “end-to-middle” communication anonymizer, where the client (from the locked down network side) looks like it’s just visiting a standard https site, but embedded in the header is a cryptographic tag that tells of its true destination. The server running Telex that receives the fake https, would route the decrypted request on down the line, hopefully circumventing detection of a user attempting to visit a blacklisted site.
The project team hopes the technology will eventually allow users to circumnavigate what they feel will be increasing attempts by states at censorship. They envision this being a single piece in the puzzle, possibly complementing other anonymizing efforts, like Tor. Is it effective? The team says, “We’ve even tested it using a client in Beijing and streamed HD YouTube videos, in spite of YouTube being censored there.”
One of the sticking points seems to be the need to have various ISP’s or network facilities physically host Telex boxes to intercept and redirect the communications, and also how to let the distributed system know where the other Telex nodes might be. Some have also expressed concern that pro-censor agents may place fake Telex nodes in the mix, intercepting the specifically designed traffic, bypassing the original intent of the project.
Clearly the developers have been working on one piece in the puzzle of a never-ending game of cat-and-mouse. Censors claim they protect the users from potentially unsavory actors (and/or for other reasons). Users who wish to communicate anonymously feel no state or entity should have the ability to control the dissemination of data on a whim, and suspect the motives for those would engage in such efforts. Either way, this is a new project designed to move the needle slightly more toward freedom from control online, now we’ll see if it gets traction.
Author Cameron Camp, ESET