Salmon Project: How to Resist Internet Censorship Effectively with Proxies with User Confidence Levels

The governments of many countries in one way or another restrict citizens' access to information and services on the Internet. The fight against such censorship is an important and difficult task. Usually simple solutions cannot boast of high reliability or long-term efficiency. More sophisticated methods of overcoming blockages have disadvantages in terms of ease of use, poor performance, or do not allow maintaining the quality of Internet use at the proper level.

A group of American scientists from the University of Illinois has developed a new method of overcoming blocking, which is based on the use of proxy technology, as well as segmenting users by level of trust to effectively identify agents working for censors. We present to your attention the main points of this work.

Description of Approach

Scientists have developed the Salmon tool - a system of proxies managed by volunteers from countries with no restrictions on the use of the Internet. In order to protect these servers from blocking by censors, the system uses a special algorithm to assign users a level of trust.

The method involves exposing potential censor agents who appear to be regular users to find out the IP address of the proxy server and block it. In addition, the counteraction to the attacks of Sibyl is carried out using the requirements to provide, when registering in the system, a link to a valid account on the social network or to receive a recommendation from a user with a high level of trust.

How it works

It is assumed that the censor is a state-controlled body that has the ability to take control of any router within the country. It is also assumed that the censor’s task is to block access to certain resources, and not to calculate users for further arrests. The system can not prevent such a development of events - the state has a lot of opportunities to find out what services citizens use. One of them is the use of honeypot servers to intercept communications.

It is also assumed that the state has significant resources, including human resources. A censor can solve tasks that require hundreds and thousands of full-time employees.

A few more basic points:

• The task of the system is to enable the bypass of locks (i.e. provide the IP address of a proxy server) to all users living in regions with online censorship.
• Agents / employees of censoring Internet agencies and departments may try to connect to the system under the guise of ordinary users.
• The censor can block any proxy server whose address it becomes aware of.
• In this case, the organizers of the Salmon system understand that the censor somehow recognized the server address.

All this brings us to the description of the three key components of a blocking system.

1. The system calculates the probability that the user is an agent of censoring organizations. Users who are recognized as highly likely by such agents are banned.
2. Each user has a level of trust that needs to be earned. The highest-speed proxies are dedicated to users with the highest levels of trust. In addition, this allows you to separate reliable, time-tested users from beginners, because it is precisely among them that there will most likely be censor agents.
3. Users with a high level of trust can invite new users to the system. The result is a social graph of trusted users.

Everything is logical: the censor usually needs to block the proxy server here and now, he will not wait for a long time to try to “pump” the accounts of his agents in the system. In addition, it is clear that new users can initially receive a different level of trust - for example, friends and relatives of the creators of the project are less likely to cooperate with censored states.

Levels of trust: implementation details

Not only users have a level of trust, but also proxy servers. The system assigns a user with a certain level a server with the same level of trust. At the same time, the level of user confidence can both increase and decrease, and in the case of servers it only grows.

Each time the censors block the server with which a certain user worked, their level of trust decreases. Trust increases if the server is not blocked for a long time - with each new level, the necessary time doubles: to go from level n to n + 1, you need 2 ^{n + 1} days of uninterrupted operation of the proxy server. The path to the maximum, sixth, level of trust takes more than two months.



The need to wait so long to find out the addresses of the highest quality proxy servers is an extremely effective measure to counter censors.

The server trust level is the minimum level of trust assigned to users by it. For example, if a new server in the system is assigned to users, among which a minimum rating of 2, then the proxy will receive the same. If then the server will be used by a person with a rating of 3, but users from the second level will remain, then the server’s rating will be 2. If all users of the server have increased the level, then it will increase for the proxy. At the same time, the server cannot lose the level of trust, on the contrary, if it is blocked, users will be fined.

High trust users receive two types of rewards. Firstly, the servers are not the same. There are minimum bandwidth requirements (100 Kbps), but a volunteer server owner can offer more - there is no upper limit. The Salmon system selects the most productive servers for users with the highest rating.

In addition, users with a high level of trust are better isolated from censor attacks, because the censor needs to wait for months to find out the proxy address. As a result, the probability of server blocking for people with high risk is several times lower than for owners of low trust.

In order to connect as many deserving users as possible to the best proxies, the creators of Salmon have developed a recommendation system. Highly rated users (L) can invite their friends to join the platform. Invited people get an L-1 rating.

The recommender system works in waves. The first wave of invited users gets the opportunity to invite their friends only after about four months. Users from the second and subsequent wave must wait 2 months.

System modules

The system consists of three components:

• Salmon client for Windows;
• server-based daemon program installed by volunteers (versions for Windows and Linux);
• A central directory server that stores a database of all proxy servers and distributes IP addresses among users.

System client application interface

In order to use the system, a person must create an account using a Facebook account.

Conclusion

At the moment, the Salmon method is not widespread, only small pilot projects for users in Iran and China are known. Despite the fact that this is an interesting project, it does not fully ensure the anonymity, protection of volunteers, and the creators themselves admit that it is susceptible to attacks using honeypot services. Nevertheless, the implementation of a system with confidence levels looks like an interesting experiment, which may be continued.

That's all for today, thanks for watching!

Useful links and materials from Infatica :

• Experiment: is it possible to reduce the negative consequences of DoS attacks using proxies
• Research: creating a blocking proxy service using game theory
• The history of the fight against censorship: how the flash proxy method created by scientists from MIT and Stanford works
• How to understand when proxies are lying: verification of physical locations of network proxies using the active geolocation algorithm
• How to disguise yourself on the Internet: compare server and resident proxies