CacheBrowser: Bypassing the Chinese Firewall Without Proxies

2captcha - Jul 17 - - Dev Community

Content Delivery Networks (CDNs) play a crucial role in the distribution of internet traffic, yet little is known about how internet censors, especially in countries like China, manage to control CDN content. Researchers from the University of Massachusetts have tackled this issue, developing CacheBrowser, an innovative tool to bypass such censorship without relying on proxies. This article delves into their findings and the implications for internet freedom.

We (specialists from proxy service) have prepared an overview material with the main conclusions and results of this experiment (translate of this material).

Image description

The Problem of Internet Censorship and CDNs

Internet censorship is a significant threat to free speech and access to information. Traditional methods of internet communication, rooted in the end-to-end model from the 1970s, make it easy for censors to block access based on IP addresses. However, the rise of CDNs has introduced new challenges and opportunities.

CDNs, such as Akamai, handle a substantial portion of global internet traffic by caching content on geographically distributed servers. This not only improves user experience but also helps content creators scale their operations efficiently.

Techniques for Censoring CDN Content

The University of Massachusetts study outlines several censorship techniques applied to CDNs, focusing on the methods used by Chinese authorities:

  1. IP Filtering
  • Method: Blacklisting IP addresses of servers hosting prohibited content.

  • Challenges: Due to the distributed nature of CDNs, blocking one IP is ineffective. CDNs use numerous edge servers, making it difficult for censors to block all relevant IPs without affecting allowed content.

  1. DNS Interference
  •   **Method:** Preventing users from resolving domain names of prohibited sites using DNS poisoning or manipulation.
    
  • Challenges: Users can bypass this method with non-standard DNS resolution techniques. Combining DNS blocking with IP filtering is also ineffective against CDNs.

  1. Deep Packet Inspection (DPI)
  • Method: Analyzing data packets for specific URLs or keywords and blocking them.

  • Challenges: DPI is resource-intensive and can be thwarted by encryption methods like HTTPS.

  1. Self-Censorship by CDN Providers
  •   **Method:** States can pressure CDN providers to comply with local censorship laws.
    
  • Challenges: Providers often comply to maintain market presence, leading to self-censorship.

China’s Approach to CDN Censorship

China’s Great Firewall is one of the most advanced censorship systems globally. Researchers conducted experiments using a Linux node within China, confirming it experienced similar censorship to typical Chinese users. They analyzed blocking methods for various CDN providers, including Akamai, CloudFlare, and Amazon CloudFront.

Key Findings:

  • Akamai’s Self-Censorship: In China, Akamai blocks access to prohibited content while allowing access outside the country.
  • DNS Filtering: The primary method used for other CDN providers involved resolving DNS requests for blocked sites to incorrect IP addresses.
  • Encryption and HTTPS: While DPI can block unencrypted traffic, HTTPS forces censors to block entire domains, inadvertently affecting allowed content.

CacheBrowser: Bypassing Censorship Without Proxies

Given the challenges in blocking CDN content, researchers developed CacheBrowser, a tool that bypasses censorship by leveraging CDN properties. Unlike traditional methods that rely on proxies, CacheBrowser directly accesses edge servers where content is cached.

Image description

How CacheBrowser Works:

  1. Client Software: Installed on the user’s computer, CacheBrowser uses a standard browser for content access.
  2. LocalDNS System: Intercepts DNS requests locally, reducing dependency on traditional DNS resolution.
  3. Scraper and Resolver Modules: Identify blocked domains and resolve them through non-standard methods, updating the LocalDNS database.
  4. Bootstrapper Module: Uses geographically distributed DNS servers to ensure resolution, bypassing local censorship.

In practice, CacheBrowser allows users to access blocked content by contacting edge servers directly, using IP addresses obtained through alternative means. This method proved effective even in accessing heavily censored sites like Facebook from within China.

Image description

Conclusion

The CacheBrowser experiment demonstrates a viable method for bypassing internet censorship by exploiting the inherent properties of CDNs. This tool offers a promising solution for accessing restricted content in regions with stringent censorship, like China. By understanding and leveraging the weaknesses in traditional censorship techniques, CacheBrowser provides a pathway to maintaining free access to information on the internet.

. . . . . . . . . . . . . . . . .