Browser Plug-in Punches an Unfixable Hole in China’s Great Firewall
By exploiting the plumbing of the Web, researchers have created a new way around online censorship that governments could struggle to shut down.
It could soon be a lot easier to access blocked news sites and even the social network Facebook from inside China thanks to a simple browser plug-in developed by researchers at the University of Massachusetts, Amherst.
The Chinese government’s “Great Firewall” blocks many foreign websites, such as news sources and social networks. The best-established tools to evade that kind of censorship, such as the anonymity network Tor or encrypted VPN connections, can make browsing slow and are actively targeted by the government.
Tests of the new browser plug-in, called CacheBrowser, from inside China show that it provides an effective solution that doesn’t slow browsing so much, says Amir Houmansadr, an assistant professor at UMass Amherst.
For sites that use encryption, censors in China or elsewhere can’t easily shut down the tool without also preventing access to thousands of popular websites that aren’t censored, he says. “They’ll have to block thousands or millions of other webpages,” says Houmansadr. “This advances the arms race in censorship resistance.”
Houmansadr built CacheBrowser with John Holowczak, until recently an undergraduate at Umass Amherst. Working versions of the plug-in for the Chrome and Firefox browsers are available but aren’t straightforward to install. Work is underway to change that and to provide better documentation. Available data suggests that CacheBrowser should work for over 80 percent of the sites that China blocks among the world’s 1,000 most popular, including Facebook and Bloomberg. Houmansadr expects that proportion to grow as the feature of the Web’s plumbing it relies on becomes more common.
The most established tools for avoiding Web censorship rely on computers located outside a country that censors the Web. Those computers must access pages on your behalf and relay the data back. Tor does that using a network of computers offered up by volunteers around the globe. Using a VPN connection has a computer pull all its traffic through a particular computer rented out for that purpose.
CacheBrowser instead exploits a mechanism used by companies to make their pages load faster to allow a computer to sidestep the censors and access the pages it wants directly.
Censorship systems like China’s mostly rely on blocking computers from accessing the Web addresses and IP addresses, which identify specific servers, of blacklisted sites. But when you visit a popular website, your computer is usually directed to download it from the servers of a content delivery network, a company such as Akamai that website operators pay to store copies of their data on many servers around the world so people can access it faster. Use of content delivery networks is very common among major sites and growing; Cisco expects a majority of all Internet traffic to pass through them within a few years.
Censors tend to leave content delivery networks alone because their servers host many different sites, most of which they don’t want to block, says Houmansadr. CacheBrowser works by going directly to content delivery network servers to download pages when you type in a Web address, using a lookup table of websites and their content delivery networks.
Charlie Smith – a pseudonym – who works with the nonprofit GreatFire.org, which tracks China’s censorship, says that using content delivery networks that way is an “excellent strategy” that could help people resist a recent strengthening of China’s control of the Web.
“We have seen a huge crackdown on circumvention tools,” he says. “Many Internet users in China are scrambling to find new ways to get around censorship. The more working circumvention solutions there are, the better it is for everybody.” GreatFire.org uses the free pass that content delivery networks get from China’s censors to make censor-proof copies of certain static webpages, in a project called Collateral Freedom. CacheBrowser makes it possible to access a much broader selection of pages, including interactive pages (such as services that require you to log in).
Houmansadr hopes to see his tool start helping people in China and elsewhere, and also that some publishers will consider making more use of content delivery networks to make their content more difficult to censor.
Houmansadr is also wondering how authorities in China might respond. If they start blocking content delivery networks, China could be cut off from much of the Web. When the country’s censors temporarily blocked a content delivery network owned by Verizon in 2014, it became impossible to access thousands of websites, including that of Hong Kong-based bank HSBC.
Smith of GreatFire says he doesn’t think that tactic will be used again, suggesting CacheBrowser could be here to stay. “Cutting [content delivery networks] off would create severe negative economic consequences for China,” he says.