Encrytped text that looks like plaintext, thanks to spammers.

You may be familiar with Stegonography, the technique for hiding messages in other messages so that not only can the black-hat not read the message, they aren't even aware it's there at all. It's arguably the most secure way to send secret data over an open channel. A classic form of "stego" involves encrypting a message and then hiding it in the low order "noise" bits of a digital photograph. An observer can't tell the noise from real noise. Only somebody with the key can extract the actual message.

This is great but it has one flaw -- the images must be much larger than the hidden text. To get down a significant amount of text, you must download tons of images, which may look suspicious. If your goal is to make a truly hidden path through something like the great firewall of China, not only will it look odd, but you may not have the bandwidth.

Spammers, bless their hearts (how often do you hear that?) have been working hard to develop computer generated text that computers can't readily tell isn't real human written text. They do this to bypass the spam filters that are looking for patterns in spam. It's an arms race.

Can we use these techniques and others, to win another arms race with the national firewalls? I would propose a proxy server which, given the right commands, fetches a desired censored page. It then "encrypts" the page with a cypher that's a bit more like a code, substituting words for words rather than byte blocks for byte blocks, but doing so under control of a cypher key so only somebody with the key can read it.

Most importantly, the resulting document, while looking like gibberish to a human being, would be structured to look like a plausible innocuous web page to censorware. And while it is rumoured the Chinese have real human beings looking at the pages, even they can't have enough to track every web fetch.

A plan like this would require lots and lots and lots of free sites to install the special proxy, serving only those in censored countries. Ideally they would only be used on pages known to be blocked, something tools behind the censorware would be measuring and publishing hash tables about.

Of course, there is a risk that the censors would deliberately pretend to join the proxy network to catch people who are using it. And of course with live human beings they could discover use of the network so it would never be risk-free. On the other hand, if use of the proxies were placed in a popular plugin so that so many people used it as to make it impossible to effectively track or punish, it might win the day.

Indeed, one could even make the encrypted pages look like spam, which flows in great volumes in and out of places like China, stegoing the censored web pages in apparent spam!

(Obviously proxying in port 443 is better, but if that became very popular the censors might just limit 443 to a handful of sites that truly need it.)

Add new comment