The common theme of this cohort focuses on constantly evolving censorship techniques employed by China in order to advance circumvention mechanisms. This includes exploring DNS poisoning through forged IP addresses, interference with popular circumvention protocols, and user-created censorship circumvention techniques on Chinese social media platforms.
Below, you can find a brief description of each fellow’s area of focus, what they accomplished, and links to related materials where applicable. Over the course of their fellowships, fellows have presented their findings publicly in the form of reports, presentations, and by releasing open source code from their projects.
Host organization: Citizen Lab, Munk School of Global Affairs and Public Policy, University of Toronto
Duration: Twelve months
Phong previously discovered the prevalence of an abusive DNS poisoning behavior of China’s Great Firewall (GFW) in which IP addresses owned by many U.S. companies, including Facebook, Twitter, and SoftLayer, are heavily used in forged DNS responses. A preliminary report for this line of work was presented at USENIX FOCI ’20.
During this fellowship, Phong designed a probing method to reverse-engineer the actual blocklist used by the GFW’s DNS filter, which led to the creation of GFWatch, a longitudinal measurement platform built to monitor China’s censored domains as well as the forged IP addresses being abused. Ultimately, these datasets can assist in the development of effective solutions to bypass and reduce the negative impact of the GFW’s DNS filtering on the global Internet. GFWatch is accompanied by a research paper presented at the 30th USENIX Security Symposium in collaboration with researchers from four U.S. and Canadian institutions (Stony Brook University, UMass Amherst, ICSI at UC Berkeley, and the Citizen Lab at University of Toronto).
Using data from GFWatch, Phong also assessed the impact of GFW’s DNS censorship on the global DNS system, and proposed strategies to detect poisoned responses that can sanitize polluted DNS records from the cache of public DNS resolvers in order to assist the development of circumvention tools to bypass the GFW’s DNS censorship. The full report is available here.
The Effect of Censorship Circumvention on Information Transmission
Host Organization: Not publicly listed
Duration: Twelve months
From embedding text in images to rearranging word order of online posts, internet users in China regularly devise creative ways to post content deemed “sensitive” by the government in order to evade censorship. To better understand the most effective user-generated censorship evasion techniques that maximizes censorship circumvention and information transmission, the fellow used a combination of interviews, experiments, and a nationwide survey in China to test the adoption difficulty, circumvention effectiveness, and informational cost of existing circumvention techniques. The research found that there was generally a trade-off between circumvention effectiveness and information transmission – to be effective in circumventing censorship generally entails altering the original text to a greater extent but doing so can pose a greater challenge for reading comprehension of the altered text. Using specialized tools or language to alter text also increases the adoption difficulty for users.The full report, The Effect of Censorship Circumvention on Information Transmission, is available here.
How GFW Detects and Blocks Various Circumvention Services
Host Organization: Not publicly listed
Duration: Twelve months
The fellow investigated the underlying mechanisms used by China’s GFW to identify and block various popular censorship circumvention protocols. There have been many reports from Chinese internet users that their censorship circumvention servers were blocked. At the same time, preliminary experiments suggest that these censorship circumvention servers have been actively probed by the GFW. In the effort to investigate the underlying mechanisms used by China’s Great Firewall (GFW) to identify and block various popular censorship circumvention protocols, the fellow demonstrated how the GFW inspected and dynamically blocked any seemingly random traffic in real time. This capability potentially affects many censorship circumvention protocols that use encryption to appear as random traffic, including (but not limited to) VMess+TCP, Obfs4, and many variants of Shadowsocks. The full report, Exposing the Great Firewall’s Dynamic Blocking of Fully Encrypted Traffic, is available here.
About the program: OTF’s Information Controls Fellowship Program (ICFP) supports examination into how governments in countries, regions, or areas of OTF’s core focus are restricting the free flow of information, impeding access to the open internet, and implementing censorship mechanisms, thereby threatening the ability of global citizens to exercise basic human rights and democracy. The program supports fellows to work within host organizations that are established centers of expertise by offering competitively paid fellowships for three, six, nine, or twelve months in duration.
The projects of OTF’s eighth class of fellows are making great progress towards their goals. We are also very excited for the ninth class which is just getting underway.
The next application window for ICFP will be open in early 2023. Please keep an eye on the ICFP page to learn more about the next application window. We also encourage you to sign up for our “OTF-Announce” email list. This low-traffic list is limited to providing upcoming submission deadlines for OTF and other relevant funders on a monthly basis including fellowship opportunities. Please send a message with subscribe in the subject line. The link: https://groups.google.com/a/opentech.fund/forum/#!forum/otf-announce/join
We also encourage you to sign up for OTF’s monthly newsletter, which highlights internet freedom news from around the world, as well as provides insight into OTF’s activities.