Learn More
We describe " domain fronting, " a versatile censorship circumvention technique that hides the remote endpoint of a communication. Domain fronting works at the application layer, using HTTPS, to communicate with a forbidden host while appearing to communicate with some other host, permitted by the censor. The key idea is the use of different domain names at(More)
While Internet access to certain sites is blocked in some parts of the world, these restrictions are often circumvented using proxies outside the censored region. Often these proxies are blocked as soon as they are discovered. In this paper we propose a browser-based proxy creation system that generates a large number of short-lived proxies. Clients using(More)
—The utility of anonymous communication is undermined by a growing number of websites treating users of such services in a degraded fashion. The second-class treatment of anonymous users ranges from outright rejection to limiting their access to a subset of the service's functionality or imposing hurdles such as CAPTCHA-solving. To date, the observation of(More)
On March 16th, 2015, the Chinese censorship apparatus employed a new tool, the " Great Cannon " , to engineer a denial-of-service attack on GreatFire.org, an organization dedicated to resisting China's censorship. We present a technical analysis of the attack and what it reveals about the Great Cannon's working, underscoring that in essence it consitutes a(More)
We describe a web browser fingerprinting technique based on measuring the onscreen dimensions of font glyphs. Font rendering in web browsers is affected by many factors—browser version, what fonts are installed, and hinting and antialiasing settings, to name a few— that are sources of fingerprintable variation in end-user systems. We show that even the(More)
Recently, the operators of the national censorship infrastructure of China began to employ "active probing" to detect and block the use of privacy tools. This probing works by passively monitoring the network for suspicious traffic, then actively probing the corresponding servers, and blocking any that are determined to run circumvention servers such as(More)
We introduce the concept of a web-based online scanning service, or OSS for short, and show that these OSSes can be covertly used as proxies in a censorship circumvention system. Such proxies are suitable both for short one-time rendezvous messages and bulk bidirectional data transport. We show that OSSes are widely available on the Internet and blocking(More)
Tor has grown beyond its original purpose as and has since become an important Internet circumvention tool. We specifically examine it usability as a censorship circumvention tool, an essential facet for adoption and use. We focus our analysis on the connection configuration dialog of Tor browser, as censorship circumvention requires correct transport(More)