In fight for free speech, researchers test anti-censorship tool built into the internet's core

When the Chinese government wanted to keep its users off Facebook and Google, it blocked the entire country's access to the U.S. companies' apps and sites. And when citizens started using third-party workarounds like Tor, proxiesand VPNs to get around those blocks, it moved to quash those,too.

So a handful of researchers came up with a crazy idea: What if circumventing censorship didn't rely on some app or service provider that would eventually get blockedbut was built into the very core of the internet itself? What if the routers and servers that underpin the internet infrastructure so important that it would be impractical to block could also double as one big anti-censorship tool?

It turns out, the idea isn't as crazy as it might seem. After six years in development, three research groups have joined forces to conduct real-world tests of an experimental new technique called "refraction networking." They call their particular implementation TapDance, and it's designed to sit within the internet's core.

In partnership with two medium-sized U.S. internet providers and the popular app Psiphon, they deployed TapDance for over a week this past spring to helpmore than 50,000 users around the world access the free and open internet the first time such a test has been done outside the lab, and at such a large scale.

The researchers announced the test in a paper presented at the annual USENIX Security conference earlier this week.

"In the long run, we absolutely do want to see refraction networking deployed at as many ISPs that are as deep in the network as possible," said David Robinson, one of the paper's authors, and co-founder of the Washington-based tech policy consulting firm Upturn. "We would love to be so deeply embedded in the core of the network that to block this tool of free communication would be cost-prohibitive for censors."

A secret flag the censor can't see

The concept of refraction networking which has also been called decoy routing has been around since at least 2011, and was independently developed by research teams at the University of Michigan, the University of Illinoisand Raytheon BBN Technologies. In 2015, with a research grant from the U.S. State Department, they formed a coalition to deploy TapDance within an ISP.

In the end, they actually settled on two Merit Network, a regional ISP in Michigan, and the University of Colorado Boulder.

The technique works like this: A user in a country where internet filtering exists uses a special piece of software in this case, a special test version of the app Psiphon to browse the web. To access a site that's otherwise blocked, the software first sends a request to an unblocked site that's likely to be routed through TapDance along the way.

The user's circumvention software tags this innocuous request with a little extra data basically a secret flag the censor can't see that says "Hey, I actually want this request to go somewhere else." The TapDance software in an ISP's infrastructurekeeps watch for this secret flagand, when detected, re-routes the user's connection to the blocked site instead.

The user gets to where they want to go, everything's taken care of behind the scenes, and the censor is none the wiser in theory.

Deployment is'really exciting news'

In the near future, the researchers hope to deploy TapDance within more ISPs to test their approach on an even larger scale. But a still unanswered question is whether censors can tell when TapDance is in use.

It's a problem that's preoccupied PhD student Cecylia Bocovichand professor Ian Goldbergat the University of Waterloo, in Ontario.

"We believe that it is within the capabilities of more powerful censors to detect and blockTapDancetraffic in its current form," wroteBocovichin anemail, but nonetheless called the deployment "really exciting news."

The pairhave been working on an alternate approach to refraction networking called Slitheen that's designed to resist detection, but the trade-off is that it'smore difficult for an ISP to implement.

Instead of re-routing or refracting traffic, Slitheen actually hides censored content inside requests for images and videos from unblocked sites effectively swapping blocked data for what the censor believes is allowed. Hidden content is made tolookas close as possible to the original content's traffic pattern as it travels across the network, making the ruse extremely difficult to detect.

Even the TapDance papers' authors admit that they don't yet know how resistant to detection TapDance is in practice, given the limited amount of time their test was run. But if TapDance sensors are ever deployed as widely as its developers hope, it may not matter.

"If we have enough of them out there, the odds of going past a TapDance site increases," Robinson said.

And if enough of those sites happen to be within the heart of the internet, the cost of blocking them all would the researchers hope be too high.