Home > slashdot > Collage, and the Challenge of “Deniability”

Collage, and the Challenge of “Deniability”

August 25th, 2010 08:20 admin Leave a comment Go to comments

Slashdot regular Bennett Haselton has written a piece on a new program called Collage that can circumvent censorship by embedding messages in user-generated content on sites like Flickr. The program demonstrates that a long-standing theoretical concept can be reduced to practice but Bennett wonders if anybody would actually need it, as long as they can exchange encrypted messages over Gmail and AIM. He begins “In a presentation delivered at USENIX, Georgia Tech grad student
Sam Burnett and his colleagues
described how their new program, “Collage”, could circumvent Internet censorship
by embedding messages in user-generated content on sites like Flickr. The short
version is that a publisher uses the Collage system to break a message into pieces
that are small enough to embed into a photograph using standard
the photos are published according to some protocol (e.g. “all
photos in the photostream of user xyz” or “all photos tagged with the ‘xyz’ tag”),
and receivers who know the protocol for identifying the photos, can retrieve
them and decode the message. According to the authors’
paper, the system is general
enough that it could be adapted to almost any site where user-generated content is
published. (All of this can be done by hand using existing tools, but Collage automates
the process to hide the individual steps from the user.)”

From this short description, you can see the two salient facts about Collage:
(1) it’s robust, in the sense that in order to shut it down completely, the censor
would have to block every site containing user-generated content; and (2) it’s
efficient only for small text messages (which is what the authors used to test it),
and not for high-bandwidth communications such as video. The authors have also
highlighted the claim that Collage is (3) deniable, in the sense that in using it,
you won’t attract the attention of the censors for browsing “innocent” sites like
Flickr. On this point, I’m not so sure; I think it’s highly dependent on the kinds
of publication system that the sender and the recipient agree on. For example, if the sender
publishes their messages in photos all in one user’s photostream, and that photostream
is used primarily by recipients in censored countries to receive encoded messages,
and if virtually nobody ever visits that photostream for any other reason, then if
the censor ever finds out about that photostream, they could flag any user who ever visits it.
It doesn’t matter if the “site” as a whole is “innocent”, if that one user’s
photostream is not.

But there’s a more fundamental issue: Currently, in all censored countries, there is
at least one way to receive prohibited text messages more efficiently (and with greater
deniability) than with Collage. So Collage may work perfectly, but even when it gets
released, I’d be very surprised to see large numbers of people using it unless all
the simpler alternatives get blocked.

Most tools that people use to circumvent Internet censorship, are not “deniable” in the
sense described above. If you visit a proxy site like VTunnel,
any censor who is monitoring your Internet connection can see that you connected to a known
proxy site. If you connect to the proxy site using “https://” instead of “http://”, then a censor
eavesdropping on your connection,
won’t be able to tell what you looked at through the proxy site (unless they confiscate
your computer and look through your browser history), but they’ll still be able to tell
that you visited a proxy site. Similarly, if you use a tool like UltraSurf or Tor,
those tools can circumvent the censor’s filters by re-routing your Internet connection through
a server outside the censored country — but a censor monitoring your traffic, can still see
that you connected to an UltraSurf or Tor server outside the country, even if they can’t tell
what Web sites you were visiting.

But if all you want is to receive short text messages, then there are many options that are completely
“deniable.” The simplest is probably to use Gmail and to choose the option to always read messages
over https://. (If you sign in to Gmail, under “Settings” you can choose between “Always use
https” and “Don’t always use https”.) If you read your inbox contents using https, then a censor
eavesdropping on your connection can’t see anything at all — not the contents of messages that
people send you, not the email addresses of people who are writing to you, not even the username
that you use to sign in to read your Gmail messages. This gives you more or less perfectly deniability.
As long as many Gmail users are using Gmail over https://, then doing this by itself would not attract
undue attention from censors monitoring your Internet traffic.
Using Gmail, you could also exchange higher-bandwidth content like images and video (up to
Gmail’s attachment size limit, currently 25 megabytes),
something not possible with Collage.

Of course, if you remember the case in which Yahoo
turned over information about one of its
Chinese account-holders to the Chinese government (who subsequently arrested the user and sentenced
them to 10 years in prison), you may be wary of trusting any Western corporation with your privacy.
But in this case, you wouldn’t have to.
Because even if the Chinese government found out that some Gmail users were using Gmail
to receive anti-government messages from the U.S., the censors wouldn’t be able to eavesdrop on
https-protected connections to find out which users were receiving the messages or what they said,
so there would be no information for them to demand that Google turn over to them.

Or if you want to exchange encrypted text messages in real time, you can use
any instant
messaging client that supports encryption
. Whether or not this is “deniable”, in the sense of not
attracting undue attention for “suspicious activity”, depends on what proportion of other users are
using the chat program in encrypted mode as well. The current version of AOL Instant Messenger, for
example, apparently encrypts all instant messages by default. (Although you should take care to
understand exactly what is “encrypted” when using an instant messaging client. In my experiments,
when using AOL Instant Messenger, the contents of messages were encrypted, but the specific
screen names that you’re sending and receiving messages from, are not.
In other words, a censor eavesdropping on your traffic, can see which screen names you exchanged
messages with, but not the message contents.
So if there were
an AOL user account in a non-censored country that was a dummy account used primarily for passing
banned information to users in censored countries, then if the censors ever found out about
that account, they could flag and investigate any user in their country who exchanged messages
with that screen name.)

The bottom line is that as long as at least one of these alternatives remains unblocked in your
country, they would serve as an easier way to achieve the same goals that Collage achieves. They’re
generally faster, more convenient, and most of the time, more “deniable”, in the sense that
the traffic they generate won’t look as suspicious as, say, browsing a Flickr feed that later
becomes widely known as source of banned encoded messages. Collage does demonstrate that an interesting
idea can be reduced to practice, and is robust in the sense that the general scheme cannot be
blocked unless a regime blocks access to every site hosting user-submitted content. But there
doesn’t seem to be a compelling reason to use it unless and until all of the simpler methods
get blocked.

I write all of this as someone who also wrote a program a few years ago that was meant to serve
as a more robust back-up, in case a more popular method of circumventing censorship ever got shut down
by the censors. In my case, I thought that most censoring regimes would start blocking all popular
Web proxy sites, so I wrote an install script called
that would let you set up a Web server and James
Marshall’s CGIProxy script on your home computer, turning
it into a mini-Web-proxy site.
I assumed that eventually, most people in censored countries would have to rely on someone in a
non-censored country to set up a private Web proxy like this and e-mail them the URL, once China
and Iran got their act together and started blocking most publicly known Web proxy sites. But
that never happened, partly because Web proxy sites are now
springing up faster than most censors’
databases can keep up with. So the web proxy install script fell by the wayside — but that’s
good news, because it means that nobody really needed it, since the simpler, more straightforward
methods continued to work. Why pester your cousin in the U.S. to set up a Web
proxy for you, when most Web proxies you can find in Google are not even blocked yet?

And so it goes for Collage. It sounds like a perfectly fine idea, and it will be great news all
around if nobody ever actually has to use it, because the censors never get around to blocking
all of the simpler alternatives.

Source: Collage, and the Challenge of “Deniability”

Related Articles:

  1. Getting Around Web Censors With Flickr
  2. Italy May Censor Torrent Sites
  3. Internet Censorship Arms Race Gets New Weapon From Georgia Tech
  4. Firefox Extension HTTPS Everywhere Does What It Sounds Like
  5. Gmail Moves To HTTPS By Default
blog comments powered by Disqus