Category: News

  • UNREDACTED, a year in review (2023)

    From our humble beginnings in 2015, to now (almost 2024), we’ve undergone many significant changes in the almost 9 years of our existence. We’ve established ourselves as a legitimate organization that is on a mission to fight Internet censorship, and provide various services to individuals & organizations seeking privacy and security. In 2023, a lot of work has been done to accomplish that mission. That’s why we’re starting our own “year in review” to go over all of the major developments that continue to challenge and inspire us.

    A year in review (2023)

    Operation Envoy: Defeating Censors

    In July of 2023, we started Operation Envoy, an effort to scale up our Tor bridge and snowflake proxy operations that help deliver messages (packets) to and from the Tor network. This helps users experiencing Internet censorship, or those who wish to mask their use of Tor. We focused heavily on deploying snowflake proxies around the world. At the start of the operation we were serving 93TB of symmetrical snowflake proxy traffic looking at the past 30 days.

    30 days of past traffic at the start of the operation (July 2023)

    As of December of 2023, in the last 30 days we’ve served over 121TB of symmetrical traffic to snowflake proxy users. We started with 34 CPU cores and 58GB of RAM from servers deployed around the world. We’re ending the year with the same core count, but with a bit less RAM at 53GB. However, we’ve served more traffic due to server provider changes and software upgrades.

    30 days of past traffic at the end of 2023 (December 2023)

    Our Operation Envoy metrics are publicly accessible, and can show you the direct impact that we’re making. Have a look.

    In 2024, we will continue expanding our CPU core and RAM counts, but we can’t do it without your help! If you like what we do and want to support our mission, consider making a donation.

    FreeSocks, proxies that circumvent censorship

    To continue our efforts and follow our mission in providing censorship-resistant Internet access, in late December we launched FreeSocks. A service that provides free, open & uncensored Outline (Shadowsocks) proxies to individuals in countries experiencing a high level of Internet censorship.

    A screenshot of the FreeSocks website

    We’ve spread news about the service on social media, and we’ve seen a gradual and steady increase in users since the launch.

    In 2024, we will scale the service to meet our user’s needs and write a blog post about how we built the core of FreeSocks on Cloudflare Workers in a privacy respecting way. Again, we can’t run services like these without your help.

    Tor exit relays

    In addition to our front-line censorship circumvention services, we have run numerous high-bandwidth Tor exit relays for many years.

    We’ve recently become #16 in the top exit families, and have a 1.03% exit probability according to OrNetStats. That means, you may be one of the 1% of Tor network users who exit traffic through our relays.

    A screenshot from OrNetStats

    Over the past 30 days, we’ve greatly improved our Tor exit relay setup, which consists of 2 hypervisors. Each having an Intel Xeon E-2276G, 64GB of RAM and a 1Gb/s NIC. We’ve spent a lot of time revising this setup to maximize bandwidth and resource usage.

    Our Tor exit relay bandwidth bitrate over the past 30 days

    This optimized setup has allowed us to push 2Gb/s of symmetrical traffic at any given time. In a single 24 hour period, we pushed nearly 20TB of traffic through our relays.

    Our bandwidth usage over a single 24 hour period

    If we continue at this rate for 365 days, that would be close to 7.3PB (Petabytes) of traffic for an entire year. With your help, we can do even more than this, and continue pushing tons traffic for Tor network users.

    Unredacted Guides

    In November of 2023, we launched Unredacted Guides. We aim to aid users in setting up, configuring and launching privacy/security focused software. It’s one thing to run these services ourselves, but helping others do the same only increases awareness and impact.

    As of writing this post, we have 2 guides.

    In 2024, we will continue to refine existing guides and write new ones in accordance with our mission.

    Chat services

    Our oldest projects are our chat services. XMPP.is was launched in 2015 and our Matrix server was launched in 2021. For many years, thousands of individuals have used our chat servers to exchange messages back and forth between friends and family. These remain a crucial part of our mission, as it allows people to communicate securely and privately.

    In November, we made efforts to secure XMPP.is based on the teachings from the jabber.ru MITM attack, and shared our work in a blog post.

    We will continue to maintain, monitor and secure our chat services for the years to come.

    Infrastructure changes

    Over the past year, we’ve made significant improvements to our server orchestration and the security of our services and website.

    We use many self-written Ansible roles and playbooks to deploy and maintain our servers. We’ve made a lot of refinements in this area which has made deploying and maintaining new services easier than ever.

    On the security side, we’ve utilized Cloudflare Access heavily on critical parts of our websites and locked down server access behind Tailscale. In 2024, a focus of ours will be to further secure our infrastructure from potential attacks.

    Funding

    While we’ve always paid for our services mostly out of pocket, 2023 was unfortunately one of the lowest in terms of funding, and it was far under our operational costs (domains, servers & SaaS providers). With that said, we greatly appreciate those that made contributions. Any amount helps us in carrying out our mission.

    2023 Donation Totals (USD):

    Cryptocurrency (calculated at time of writing): $127
    Stripe (credit cards): $68
    PayPal: $23
    Total: $218

    To continue our mission, we need your support! We allow one-time or recurring donations via multiple payment methods, including PayPal, credit cards, cryptocurrency, Open Collective, Patreon & Liberapay.

    In 2024, we will launch a fundraiser in an attempt to cover our operational costs. This will be announced later.

    What’s next?

    Regardless of funding for our services in 2024, we will make an attempt to expand them, and create new ones. We’ll continue working on awesome projects, and providing them to the masses.

    In 2024, we will explore the possibility of becoming a 501(c)(3) non-profit organization and assess it’s feasibility. We’ve always been non-profit focused, but legitimizing ourselves as a US tax deductible non-profit has its perks and it may be the next step in the growth and expansion of our organization.

    Happy holidays!

  • Introducing FreeSocks, proxies that circumvent censorship

    Easy censorship circumvention

    We despise censorship and human (& animal) rights abuses, and it’s time to fight back. In addition to Operation Envoy, our effort to provide stable and performant anti-censorship Tor bridges and snowflake proxies, we’re launching FreeSocks. FreeSocks is a free and open proxy service that aims provide an alternative to individuals that live in or are visiting countries with a heavily censored internet. With FreeSocks proxies, people that reside in countries with oppressive governments can access the open internet freely.

    An internet free of censorship is extremely important in countries where the internet is censored heavily. It provides access to information that individuals may never find out about, for example the Tiananmen Square massacre and countless other atrocities and injustices carried out by governments around the world. It also allows people to communicate freely amongst themselves, so that they’re not afraid to show their true selves. In the modern age, governments are only getting better at restricting access to content and services they deem ‘unpalatable’. China is one government which is particularly advanced in their censorship efforts, and is constantly tweaking their Great Firewall to block more and more content and services. This is why services like FreeSocks are important.

    A screenshot of the FreeSocks website

    Our tech stack

    The underlying technology that FreeSocks provides is Outline (Shadowsocks) proxies (deployed around the world), which encrypt and obfuscate user’s internet traffic. The website guides users on how they can retrieve and use the proxy access keys that we provide to them. We make an attempt to reduce the chance for abuse by preventing people from retrieving a proxy if they are not within an especially oppressive country. At a later date, we’ll detail exactly how we provide this service and the underlying code that FreeSocks uses. We think it’s pretty cool, as the functionality of retrieving and expiring proxy access keys (via the outline-server API) lives entirely on the Cloudflare Workers serverless platform. The entire FreeSocks platform is very flexible because of this. Something awesome is that our Workers cron triggers to expire access keys at defined intervals run only in datacenters that are powered by renewable energy.

    We do all of this in a privacy respecting way, and we don’t log the IPs of active users, or who might have even requested a proxy.

    Where do we go from here?

    We need your help to maintain FreeSocks, deploy more proxies and fight the censors! If you like to support organizations like ours, please consider making a donation.

    With your help we:

    • Plan to continuously deploy new Outline proxy servers in strategic locations.
    • Plan to translate all pages on the website to different languages, so that people who can’t translate or read English can use the service.
    • Plan to provide mirrors of the site in case the main URL is inaccessible.
    • Plan to extend the expiration time of access keys (30 days at the time of launch) based on reception and use.

    We’ve worked really hard on FreeSocks, and we hope that you can get good use out of the service. Share it with your friends who might be subjected to internet censorship. If you use the service, and have any trouble – please contact us.

  • What we’re doing in response to the jabber.ru MITM attack

    As you may have heard, jabber.ru, a popular XMPP service discovered a sophisticated MITM attack against their service that may have lasted for up to 6 months. They published a great blog post, going over all the details of the attack and measures to prevent this sort of attack from happening on other services.

    From reading the post, it was apparent that the same attack could also happen on XMPP.is, and potentially other Unredacted services. We’ve confirmed in multiple ways that this attack is not currently happening on XMPP.is infrastructure. However, it’s important for us to take precautions and be alerted to this sort of attack if it were to happen in the future.

    What we’ve done

    • We have utilized CertWatch, a service by xmpp.net to alert us to the potential fact that there is an ongoing MITM attack against our XMPP service. At the time of this post, there is no ongoing MITM attack according to their service.
    What it looks like if no MITM is active when manually checking CertWatch
    • To subscribe to CertWatch alerts for XMPP.is, you can open either link in your XMPP client:
    • We have verified that our XMPP.is certificate fingerprint transparency automation is working as intended.
      • If you wish to manually check that the certificate presented to your XMPP client is valid, we have a script that has been running for many years that outputs the fingerprints from newly issued certificates. The output can be found here and is automatically updated.
    A screenshot of the current fingerprints as of this blog post
    • We have signed up for Cloudflare’s Certificate Transparency Monitoring on all important domains, so that admins can be notified when new certificates get issued for Unredacted services. This allows us to have 2 sources in which we could be notified of a potential MITM attack.
    • We have double checked and ensured that we utilize CAA records across all domains.

    What we will explore

    • We are considering automating the monitoring of default gateway MAC address changes across our dedicated hardware infrastructure. We already ingest metrics via Prometheus node_exporter that allow us to track this historically.
    • We are planning on setting up Cert Spotter, and monitoring all important domains so that we can be notified of certificate changes when they happen.
    • We plan to ensure that all existing XEPs that are mentioned in this blog post (which are supported by Prosody) get implemented on XMPP.is. This will help support channel binding and other existing SASL issues.

    Our final thoughts

    It is concerning that any attack like this can go unnoticed, and it’s unfortunately something that’s easy to miss. People think as valid certificates as automatically trustworthy. However, in cases where someone has access to your physical infrastructure a lot of things are possible, including what happened with jabber.ru (issuing Let’s Encrypt certificates from their DNS A/AAAA record IP). It’s also equally worrying that there are many certificate authority failures. When they are the root of trust, and they are not trustworthy it creates the potential for many problems with TLS on the internet.

  • Crypto World is now Unredacted!

    Crypto World was an organization founded in 2015 by a group of friends to advocate for privacy, cryptography and security on the internet. We had a great community and forum, although we had decided to shut it down the forum due to life events. The community unfortunately died off as well. It held several projects under its name, such as XMPP.is a free and open XMPP/Jabber server. While there has been many changes, and people have come and gone, it’s an ever-evolving creature.

    The creature still lives, and we’re breathing new life into it. That creature is now Unredacted, evolved into its new form. Unredacted is a special project that picks up from where Crypto World left off and continues its legacy in advocacy.

    We’re excited with our new name, and excited for what the future could bring. These past few years have been tough, and I think everyone can agree. It has put stress on all of us and bogged us down. Regardless, we push forward and continue working on our weaknesses and striving for our goals.

    Welcome, to Unredacted!

    Zach

  • Unredacted, a new Tor relay operator

    Unredacted is a new and special project. We’re focused on operating resilient, automated and security focused infrastructure. We’re dedicated to giving back to the community through open source and privacy focused projects. We’ve ran projects such as XMPP.is, a free and open XMPP/Jabber server and other projects under the Crypto World label for quite some time.

    We’ve maintained and operated Tor relays in the past, however, never under our own network. As an ARIN member, recently expanding our IP space we registered an ASN, AS399532. Putting it to good use, we established a BGP session with BuyVM who provides our bandwidth and connectivity. We love stability, so inbound traffic to our network is DDoS protected by Path.

    We have 3 locations in which we operate Tor relays:

    • Las Vegas, NV
    • New York, NY
    • Roost, LU

    All of which can be seen on our status page.

    As a start, we currently run 6 Tor exit relays and plan to add more: metrics.torproject.org

    • Our relays are named after whistleblowers, activists and people who uphold the values that we hold dear to our hearts.
    • For the configuration management of these Tor relays, we use Ansible, which makes it extremely flexible and easy to maintain a consistent configuration across all of our relays.
    • Along with a collection of our own custom Ansible roles and playbooks, we use a fantastic role called ansible-relayor which allows for easy config management and offline keys for our relays.
    • For monitoring we use UptimeRobot, Prometheus and AlertManager, all of which give us different levels of metrics and insight into performance and network latency.

    We hope that you enjoy our project! We’re proud to provide netizens of the world with stable and fast access to and from the Tor network through our relays.

    Til next time 🙂

    Zach

Donate