Automating Censorship Evasion Strategies to Unlock Closed Societies

IFF-supported Geneva project revolutionizes censorship circumvention via real-world deployment of genetic algorithms
Mon, 2021-12-13 11:24

In response to pro-democracy movements and the work of Internet freedom activists, nation-state level censors have increased their efforts to wall off entire populations from the rest of the world. By limiting access to outside information, tools, and apps, repressive regimes like China and Iran are able to further tighten government control and prevent dissident voices from gaining traction. Researchers and developers labor tirelessly to counter these antidemocratic moves by manually developing methods to evade such censorship — yet this back-and-forth game is one that inherently favors the better-financed regimes. And with the gap in resources widening, the ability to effectively and sustainably circumvent censorship has become more difficult in recent years.

But there is good news to report: the Internet Freedom Fund-supported Geneva project stands to shift the imbalances of this evade-detect cycle by harnessing the power of AI to automate the discovery of censorship evasion strategies. Through OTF’s funding and connections, Geneva’s genetic algorithms have been able to train against real-world censors in China, India, Iran, and Kazakhstan — discovering dozens of previously unknown strategies to defeat state-level censorship. Today, many of these novel strategies have been incorporated into TunnelBearPsiphon, and other publicly available tools to strengthen their effectiveness and individual protections. This remarkable success story shows what can be possible when OTF seeds an idea and serves as the nexus connecting academia to the broader Internet freedom community.

Project Overview

Geneva, which stands for genetic evasion, revolutionizes censorship circumvention by using AI to automate processes which have long been manually performed. The tool itself consists of two distinct components: (1) its genetic algorithm, and (2) its strategy engine. The genetic algorithm is Geneva’s learning component — through its deployment against real-world censors, the algorithm uses biologically-inspired principles of evolution to test and evolve new strategies to evade censorship. In turn, the engine is what deploys such strategies over active network traffic.

Traditional nation-state censors limit what users are able to access online by monitoring packets as they cross middleboxes. Whenever the censor detects a prohibited connection or keyword, it breaks the connection — effectively cutting off the user from their desired information and the outside world. In response to this type of censorship, Geneva essentially operates as a network fuzzer — sending out packets to obscure what is happening and prevent the censor from detecting a request that would otherwise deem to be prohibited.

To automate this evasion detection process, the Geneva team developed a “survival of the fittest” theory under which the algorithm can use any combination of its four packet-manipulation building blocks (duplicate, fragment, tamper, and drop) to try to circumvent a censor. Unsurprisingly, at the beginning of the process every strategy the algorithm employs will fail. But the failures of certain strategies won’t be quite as bad as others — and the “children” of those strategies can go on to try again, and again, until eventually one actually succeeds in slipping past the censor undetected. Success in hand, the algorithm can begin again to test and develop a new strategy while the identified success is able to be deployed through Geneva’s separate engine component.

OTF’s Catalyzing Involvement

Prior to connecting with OTF team members, Geneva was a concept that existed in a lab — but its radical idea for genetic evasion had yet to be tested on real censors. That changed in the wake of a 2018 seminar where Geneva team members met with an OTF program manager. Talks between the two rapidly progressed as it became clear that OTF could offer the project access to vantage points in China so that Geneva’s algorithm could train against the actual Great Firewall. OTF’s funding and critical connections with the Internet freedom community opened previously closed doors as Geneva went to work testing and evolving in the real world. Within three years, the project became a full-fledged success story with a proven track record, award-winning papers, and deployment by several major players in the Internet freedom space.

Of particular note, Geneva’s versatility makes it unique within the space as it only needs to be deployed on one side of the connection to work. This ability allows the user to talk to any server they want without the need for a bridge or VPN — meaning Geneva can be deployed on either the client-side or the server-side (allowing it to be used by the likes of Psiphon and TunnelBear). The team’s groundbreaking server-side evasion discovery was supported in part by OTF and has seen an uptick in use as server-side techniques are safer to deploy than client-side strategies and can serve as a particularly effective bootstrapping tool.

Today, Geneva’s engine is currently being used “in the wild” by Psiphon, TunnelBear, and other groups that layer Geneva’s successful strategies on top of their tools’ existing evasion techniques to enhance their efficacy and protections. Geneva’s identified protections are automatically embedded into the tools themselves — meaning users receive the benefits of Geneva’s work without having to take any additional action. As an open source project, Geneva is also available on GitHub — but individuals interested in using the tool themselves are encouraged to use the engine first (since the algorithm is actively trying to get censored in order to learn).

Looking Forward

Curated in Dave Levin’s Breakerspace Lab at the University of Maryland, the student-based Geneva team led by Kevin Bock is interested in exploring a potential future transition for Geneva to mobile via the creation of an application layer (Geneva currently needs to manipulate packets to work, which is a significant limitation on mobile devices). The team is already hard at work to expand Geneva to the application layer, allowing it to run without root access. They are also conducting further research in censored states like Belarus, Russia, and Saudi Arabia.

Despite already revolutionizing censorship evasion tactics, the Geneva team is looking to do even more — knowing that as evasion strategies evolve, so too do the strategies of censors. Geneva’s existing model focuses solely on traditional forms of censorship such as block pages and broken connections, but nation-state actors have begun to experiment with new forms of repression like throttling and personalized censorship. Going forward, the Geneva team would like to examine ways to potentially identify and measure throttling (in order to determine if a given instance is indeed censorship), and then work to develop new ways to address this censorship strategy.

Read more about OTF’s involvement with Geneva here.

About the program: The Internet Freedom Fund (IFF) is OTF’s primary way to support projects and people working on open and accessible technology-focused projects that promote human rights, Internet freedom, and open societies. The IFF accepts applications on a rolling basis through a two-step process. Applications are first submitted as concept notes. Upon positive review of an application, OTF then invites applicants to submit a full proposal. Click here to learn more and begin the application process. Note: OTF prioritizes IFF projects coming from individuals or organizations who are applying for the first time, identify as under-represented within the field, and address areas that are underfunded.

Projects Mentioned