Security and Privacy

An earthquake off southern coast of Taiwan broke several undersea cables that carries majority of internet and phone communications between East Asia and North America on Dec 26. While the repair will take days or even weeks to complete, you can use open HTTP proxy in South Korea to get reasonable internet connection between U.S. and China.

Labels: News

doublelee published his/her analysis of encryption mechanism in Freegate 6.2 (in Chinese). (local mirror)

Bennett Haselton has an editorial on the current state of anti-censorship software:

So now you know most of what there is to know about the state of the art in anti-censorship software. It's just that there is less to understand than the hype originally suggests -- the programs aren't really secure, but they work because the censors aren't really trying. And there aren't any cool mathematical formulas that you can impress your friends with -- for that, you'll still have to go back to Applied Cryptography. It's a lot less impressive to be the Bruce Schneier of circumvention algorithms than it is to be the real Bruce Schneier.

Labels: Censorship, Proxy Services

With the successful launch of new version 2.0 web browser, Mozilla Firefox continues to earn high praises from users around world. Yet, more and more users of Firefox Chinese language version begin to voice their concerns in community forums and blogs. After upgrading to Firefox 2.0 Chinese language version, users find out that the handy internet keywords service from Firefox location bar has been quietly changed from Google to Yahoo China.

What is Internet Keywords Service?

According to Firefox knowledge base:

When entering information in the Location Bar, Mozilla attempts to convert the information into a usable URL. For example, “mozilla.org” is automatically converted to “http://mozilla.org/”. When Mozilla is unable to discern what URL the user wanted, the information that was entered may be submitted to an Internet Keywords service. This preference determines the Internet Keywords service URL.

In Firefox 2.0, the default has been changed to use Google’s “Browse by Name” service: http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=.

What has been changed with Firefox 2.0 Chinese language version?

In Firefox 2.0 Chinese language version, the default location bar Internet Keywords Service is defined (in keyword.url) to use Yahoo! China:

http://cn.search.yahoo.com/search?ei=UTF-8&p=

For comparison;

In Firefox 2.0 English version, the default location bar Internet Keywords Service is defined (in keyword.url) to use Google:

http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=.

Who made the decision and Why?

When questioned about this change, Mozilla China foundation responds with the following press release about "Yahoo entering into a strategic relationship with Mozilla":

(http://www.mozilla.com/en-US/press/mozilla-2005-11-29.html)

"By combining Yahoo!'s global Internet leadership with Mozilla's innovative, easy-to-use, open source Firefox Web browser and our shared commitment to end users, we will deliver an enhanced Web experience for millions of users worldwide, beginning with China, Japan, Korea and Taiwan."

When Yahoo is named as the worst offender in web search censorship in China by reporters without borders, it is really hard to understand why Mozilla chose China as its test ground for its Yahoo connection. Hopefully, Mozilla could reevaluate its decision to enter a relationship with Yahoo.

Labels: News

Some screen shots:
1. Main server control window


2. User log-in through browser


3. Browsing with Psiphon


4. SSL certificate of Psiphon


Overall, I find Psiphon easy to set up and quite handy for personal use on a Windows PC. However, I do have one specific concern over the SSL certificate used by Psiphon. As shown in the screen shot above, Psiphon uses "somename.somewhere.com" as the common name in its SSL certificate.(Psiphon source code is not published at the time of writing.) So if someone wants to block all Psiphon traffic, all he needs to do is to block SSL traffic when a SSL certificate's common name is "somename.somewhere.com". I hope Psiphon developers will use randomized SSL certificates in the next release.

Update:

Canuck at Psiphon forum posted instruction to change server SSL certificate

1. Delete key.pem and cert.pem.
2. Edit openssl (looks like a shortcut in windows because it has a .cnf extension that doesn't show in Windows Explorer.) using notepad. You can change all the fields such as country name, common name, etc.
3. When you save it, ensure you just click save so as not to put .txt in the end (easily fixable if you forget)
4. When you restart Psiphon, it will regenerate the key and certificate to be used based on the fields in the openssl.cnf file.

Labels: Proxy Services