Saturday, July 01, 2006

6th Workshop on Privacy Enhancing Technologies

Adam and EKR have already blogged the paper on evading the great firewall of china, but there is plenty of interesting stuff in the rest of the agenda at the 6th Workshop on Privacy Enhancing Technologies

The firewall paper is likely to create the most interest because it describes the design of the Great Firewall of China and gives some insight into the thinking behind it. I have always thought that the GFC is more a question of face than a real attempt to prevent dangerous Western thoughts in. After all they already have Karl Marx and they don't get more dangerous than that. Besides which there are a billion people inside the firewall and they are the ones who know the information that is really damaging to the regime. They know about the corrupt local bureaucrats, the disasters, the repression. The only way anyone outside the country knows what is going on is that people inside tell them, and that includes the dissidents as well.

EKR discusses how to subvert the GFC by suppressing/ignoring RST signals. These are meant to tell the ends of a TCP/IP conection that the connection is over and there is no need to send additional data. In practice they are kinda redundant since the application protocols are designed so they don't rely on them.

A better way to circumvent the GFC would be to turn on encryption, or at least obfustication. The GFC uses IDS technology to detect sites that contain 'objectionable' strings such as FA-L!U-N+G. As my example shows it does not take a lot of effort to bypass systems of that sort. There are plenty of sites that obfuscate email addresses, why not have an IIS/Apache plug in that filters a site so that keywords known to trigger the GFC get encoded?

Reading between the lines is an old tradition in repressive regimes.

No comments: