The Salmon Project: how to counter Internet censorship effectively using proxies with user trust levels

Governments in many countries restrict citizens’ access to information and services on the Internet in one way or another. Combating such censorship is an important and difficult task. Usually simple solutions cannot boast about high reliability or long-term efficiency. More complex methods of overcoming blocks have disadvantages in terms of usability, low performance, or they do not allow you to maintain the quality of Internet use at the proper level.

A group of American scientists from the University of Illinois has developed a new method of overcoming blocks, which is based on the use of proxy technology, as well as segmenting users by trust level to effectively identify agents working for censors. We present you with the main theses of this work.

Description of the approach

Scientists have developed the Salmon tool, a system of proxy servers operated by volunteers from countries without restrictions on Internet use. In order to protect these servers from blocking by censors, the system uses a special algorithm for assigning a level of trust to users.

The method involves exposing potential censor agents that pose as ordinary users in order to find out the IP address of the proxy server and block it. In addition, countering Sybil attacks is carried out through the requirements to provide a link to a valid social network account when registering in the system or to receive a recommendation from a user with a high level of trust.

How it works

It is assumed that the censor is a state–controlled body that has the ability to take control of any router within the country. It is also assumed that the task of the censor is to block access to certain resources, and not to identify users for further arrests. The system cannot prevent such a course of events in any way – the state has plenty of opportunities to find out what services citizens use. One of them is the use of honeypot servers to intercept communications.

It is also assumed that the state has significant resources, including human ones. The censor can solve tasks that require hundreds and thousands of full-time employees.

A few more basic theses:

• The task of the system is to make it possible to bypass the blocks (i.e. provide the IP address of the proxy server) to all users living in regions with online censorship.
• Agents/employees of Internet censoring agencies and institutions may try to connect to the system under the guise of ordinary users.
• The censor can block any proxy server the address of which becomes known to him.
• In this case, the facilitators of the Salmon system understand that the censor somehow found out the server address.

All this brings us to the description of the three key components of overcoming the blocking.

1. The system calculates the probability that the user is an agent of censoring organizations. Users who are recognized as such agents are highly likely to be banned.
2. Each user has a level of trust that needs to be earned. The proxy servers with the highest performance are allocated to users with the highest levels of trust. In addition, it allows you to separate reliable, time-tested users from newcomers, because the censor agents are most likely to be among the last ones.
3. Users with a high level of trust can invite new users to the system. The result is a social graph of trusted users.

Everything is logical: the censor usually needs to block the proxy server here and now, they will not wait a long time to try to “level up” the accounts of their agents in the system. In addition, it is clear that new users may initially receive different levels of trust – for example, friends and relatives of the creators of the project are less likely to cooperate with censoring states.

Trust levels: implementation details

And not only users have the level of trust, but proxy servers as well. The system assigns a server with the same level of trust as the one that the user has to that user. At the same time, the level of user trust can both increase and decrease, and in the case of servers it only grows.

Every time censors block a server that a certain user has been working with, their trust level decreases. Trust increases if the server hasn’t been blocked for a long time – with each new level, the required time doubles: to move from level n to n+1, you need 2ⁿ⁺¹ days of uninterrupted operation of the proxy server. The path to the maximum, sixth, level of trust takes more than two months.

The necessity to wait so long to find out the addresses of the highest quality proxy servers is an extremely effective measure to counteract censors.

The server’s trust level is the minimum level of trust of the users assigned to it. For example, if a new server in the system is assigned to users, among whom the minimum rating is 2, then the proxy will receive the same level. If then a person with a rating of 3 starts using the server, but users of the 2nd level also remain there, then the server rating will be 2. If all users of the server have increased the level, then it is increased for the proxy too. At the same time, the server cannot lose the level of trust, on the contrary, if it is blocked, users will be fined.

Users with a high level of trust receive two types of rewards. Firstly, the servers are not identical. There are minimum bandwidth requirements (100 Kbit/sec), but the volunteer server owner can offer more – there is no upper limit. The Salmon system selects the most productive servers for users with the highest rating.

In addition, users with a high level of trust are isolated from censor attacks better, because the censor needs to wait months to find out the proxy address. As a result, the probability of blocking servers for people with high trust level is several times lower than for those with low trust level.

In order to connect as many deserving users as possible to the best proxies, the creators of the Salmon project have developed a recommendation system. Users with a high rating (L) can invite their friends to join the platform. Invited people receive an L-1 rating.

The recommendation system works in waves. The first wave of invited users gets the opportunity to invite their friends only after about four months. Users from the second and subsequent waves have to wait 2 months.

System modules

The system consists of three components:

• Salmon client for Windows;
• A daemon server program that is installed by volunteers (Windows and Linux versions);
• A central directory server that stores a database of all proxy servers and distributes IP addresses among users.

In order to use the system, a person must create an account using a Facebook account.

Conclusion

At the moment, the Salmon method is not widely used, only small pilot projects for users in Iran and China are known. Despite the fact that this is an interesting project, it does not fully provide anonymity, protection for volunteers, and the creators themselves admit that it is susceptible to attacks with honeypot services. Nevertheless, the implementation of a system with trust levels looks like an interesting experiment that may have a continuation.

Source: https://habr.com/en/articles/817635/