Tag: censorship

  • UNREDACTED, a year in review (2024)

    A message from our founder:

    2024 has been a great year for us at Unredacted, growing in many ways that we didn’t even imagine were so quickly possible. We set out to explore whether becoming a 501(c)(3) non-profit was feasible. We ended up putting in the research and work to do it, and we formally incorporated as Unredacted Inc in May and received our 501(c)(3) determination letter from the IRS in June. We received a huge amount of support, from kind words to donations, and even a grant from the Human Rights Foundation. All of the support we’ve received has inspired us and allows us to continue our growth.

    2025 will surely be a difficult and challenging year for the fight against Internet censorship, and the fight for everyone’s right to privacy. Access to free and open information is as extremely important as it ever was. With some level of critical thinking, the truth can be found. We’re refocusing and doubling down on our mission to fight Internet censorship and protect people’s privacy by building out more censorship-resistant and privacy-friendly Internet infrastructure and services, while polishing the existing.

    So much has already happened, so read on to see in full detail what we accomplished in 2024.

    Zach
    Executive Director
    Unredacted Inc

    A year in review (2024)

    General Updates:

    Initiatives:

    Censorship Evasion (CE):

    Secure Infrastructure (SI):

    Conclusion:

    Website

    This year, we put a lot of work into the content and design of our website. The front page was redesigned, we added breadcrumbs on nearly all pages for easier navigation, and redesigned our donation page. Furthermore, we added new pages and content such as our transparency report, Supporters page and launched Unredacted Updates, where you can get a summary of what we’ve worked on each month. Transparency is important to us, and there will be more to come in 2025.

    Want to read more about the inner-workings our projects & services? Check out our blog!

    Hardware

    Unredacted has largely operated on a mix of dedicated hardware that we rent from various hosting providers. Unfortunately one of those providers, Hetzner, mysteriously cancelled our account at the end of October. We’ve since migrated to more reliable providers. However, important infrastructure such as our Tor exit relays, XMPP.is, and Unredacted Matrix server run on top of rented dedicated servers still. This past year, we’ve pursued purchasing and colocating hardware that we fully own. So far, we’ve built out redundant edge routers, aggregation switches and a PoE switch (seen below) which will power a special project that we’re working on. We won’t give any hints on what the PoE powered Raspberry Pis are for now, but we’ll be announcing how and why we built them in early 2025. What we’ll say is that they’re scalable, efficient and more affordable to operate in the long run.

    We’re also in the process of building an high-availability virtualization cluster with Ceph for storage too. That hardware is still in testing, but we plan to fully deploy it in early 2025 as well. The new cluster will power XMPP.is, the Unredacted Matrix server and various other new services that we’ll spin up in 2025.

    The hardware purchases that we made wouldn’t have been possible without the amazing support and donations we’ve received from our community. We’d especially like to thank the Human Rights Foundation for providing a grant to us.

    Network

    For a long time, we have operated our own network on top of one of our hosting providers. Recently, we became an ARIN member and received our own ASN (Autonomous System Number), AS401401 – which, in HTTP status codes means “Unauthorized.” ARIN must have thought we were cool. 🙂

    We also received IPv6 and IPv4 prefixes, which we’ve started advertising to our upstream providers. Our edge network at the time of writing consists of 18 virtual machines across various hosting providers for diversity and redundancy. We built this network for the special project mentioned above in the hardware section, and in 2025 we’ll write about how and why we built it on our blog.

    Operation Envoy: Defeating Censors

    In July of 2023, we started Operation Envoy, an initiative that consists of ‘envoys’ which help to deliver messages (packets) to and from the Tor network. This helps users experiencing Internet censorship, or those who wish to mask their use of Tor. Previously, we focused heavily on deploying Tor snowflake proxies around the world.

    This year, Operation Envoy had its 1st year anniversary. We thought a lot about Operation Envoy’s future, and we decided that it should consist of more than just Tor bridges. Operation Envoy now consists of everything we operate that helps people reach the free and open Internet, or particular services such as Signal & Telegram.

    Operation Envoy includes:

    Around the same time last year, we had served around 121TiB of traffic in a single 30 day period. As of December of 2024, in the last 30 days we’ve served over 192TiB of traffic to across all Operation Envoy services, which is a significant increase, but also due to the reclassification of what an ‘envoy’ is to us.

    30 days of past traffic (Dec, 2024)

    If we continue to average at this new rate of bandwidth over a year, that would be over 2.2PiB!

    Last year, we ended with 31 CPU cores and 53GiB of RAM. Looking at CPU core and RAM counts now, we ended the year with 91 cores and 106GiB of RAM, which is again a significant increase – but also due to the reclassification.

    24 hour hour stats on CPU & RAM usage (Dec, 2024)

    Our anonymized & aggregated Operation Envoy metrics are publicly accessible, and you can see the direct impact that we’re making.

    In 2025, we will continue expanding our CPU core and RAM counts, but we can’t do it without your help! If you like what we do and want to support our mission, consider making a donation.

    FreeSocks, proxies that circumvent censorship

    FreeSocks, our service that provides free, open & uncensored Outline (Shadowsocks) proxies to people in countries experiencing a high level of Internet censorship was open sourced in June. It also hit its first year of existence in December of 2024, and has expanded rapidly.

    Since its launch, FreeSocks has issued over 10,000 access keys to people looking to circumvent Internet censorship. This is an amazing milestone, and we’re happy to be helping so many people across the world. We’ve received a lot of positive feedback, and it has inspired us to continue our work on the service.

    A screenshot of the FreeSocks website

    In 2025, we’ll be continuing our work on a full rewrite of the freesocks-control-plane (FCP), the code which powers FreeSocks and allows for access keys to be issued, and have their state tracked. The rewrite will convert the existing code from JavaScript to TypeScript, and feature an API + web control panel which will allow us and others to manage their FCP deployment much more easily.

    A sneak peek of the new FCP control panel

    We’re also planning to potentially move away from Outline’s server software, and utilize raw Shadowsocks, Vmess, VLESS and Trojan proxies to offer more options to our users. To note, existing access keys and Outline’s client will still work with raw Shadowsocks.

    We can’t run free & awesome services like this without your help.

    Tor exit relays

    In our efforts to help people evade censorship, and protect their right to privacy, we have operated numerous high-bandwidth Tor exit relays since 2021.

    We’re currently #20 in the top exit families, and have a 0.55% exit probability according to OrNetStats. That means your connection through Tor may be one of the 0.55% which exits traffic through our relays.

    A screenshot from OrNetStats

    Currently, we have around 5Gb/s of throughput capacity (3Gb/s more since last year), however in practice this has been lackluster due to hosting provider network congestion and rate-limits. With our new hardware, we’re planning to migrate all of our Tor exit relays to our colocation in early 2025, which should allow for better throughput and control.

    Our Tor exit relay bandwidth bitrate over the past 30 days

    Regardless, over the past 30 days we have received and transmitted over 366TiB of bandwidth. If this rate continued for a year, that would still be over 4.2PiB of bandwidth usage for a whole year, quite an achievement.

    Our bandwidth usage over a single 24 hour period

    With your help, we can do even more, and continue to push a lot of traffic for the Tor network.

    Unredacted Proxies

    In 2024, we quietly announced Unredacted Proxies – which allow people to connect to messaging services such as Signal and Telegram, without exposing the fact to their ISP or government.

    Unredacted Proxies are a part of Operation Envoy, and are quite useful to many people around the world where Signal & Telegram are blocked. We’ve had a lot of good feedback about the service, and while we don’t directly count the amount of users – we can see that it’s being utilized by many when looking at bandwidth metrics. We’ve particularly seen great interest from people in Russia and Iran.

    For those interested in the technical side, we use Signal’s TLS Proxy and Telegram’s MTProto for our proxies.

    Chat services

    Our oldest projects are our chat services. XMPP.is was launched in 2015 and our Matrix server was launched in 2021. For many years, thousands of individuals have used our chat servers to exchange messages back and forth between friends and family. These remain a crucial part of our mission, as it allows people to communicate securely and privately. We regularly maintain and update these services, but there’s nothing notable to announce for them this year.

    If you want to chat with us and other like-minded people, why not join one of our communities?

    Funding

    Las year, we struggled with funding. However, this year has been amazing in terms of funding. We received a record amount of donations, and even received a grant from the Human Rights Foundation! We’re eternally grateful to our community and supporters, and we promise to always use your money effectively. To date, no one at Unredacted makes any money for the work they do, and we intend to keep it this way until we are fully sustainable.

    2024 EoY Balance Totals (USD):

    • Cryptocurrency balances (calculated at time of writing): $35,681
    • Bank balance (at the time of writing): $246
      Total: $35,927

    2024 Grant Totals (USD):

    We expect that with our current expense and growth rate, these funds will allow us to smoothly operate for at least 2-3 years. To continue our mission, and rapidly expand, we’ll need your support! We have many very ambitious and interesting work & projects in 2025.

    If you want to support us, we allow one-time or recurring donations via multiple payment methods, including PayPal, credit cards, cryptocurrency (including XMR & ZEC), Open Collective, Patreon & Liberapay.

    In 2025, we plan to be much more transparent in terms of our spending and funding.

    What’s next?

    In 2025, we have a lot of work ahead of us. We’ll be building out new infrastructure, creating new services and revamping existing ones. We’re expanding at a rapid pace, and we’re going to continue doing so. The fight against Internet censorship and for people’s right to privacy will be especially important in the coming year.

    Happy holidays!

    Sincerely,
    The Unredacted Team

  • Operation Envoy’s 1st year anniversary

    Governments across the world continue to block & restrict access to the uncensored Internet, with many of them blocking & restricting the use of the Tor network as a result. Over a year ago, we launched Operation Envoy, an effort to help defeat those Internet censors. Operation Envoy originally helped with our vast deployment of Tor bridges & snowflake proxies, which help to pass messages (IP packets) back and forth from users and the Tor network. These messengers, or envoys as we call them, allow people to access the uncensored Internet and disguise their use of Tor from prying eyes.

    Obfuscation of the messages that our envoys carry to and from uncensored networks are incredibly important in keeping users safe. In many countries, it’s outright illegal or highly discouraged to use these technologies to bypass Internet censorship. Some people could be in real danger if their government found out that they are circumventing Internet censorship. This is morally wrong, and with governments across the world continuing to abuse their powers and limit the free flow of information, we’ll continue fighting against it.

    It’s no secret that people in countries such as Russia and Iran (& some in China) heavily depend on censorship-resistant bridge & proxy technologies according to Tor’s metrics. To help people in even more countries, and in more ways, we want to expand our vision of what Operation Envoy is.

    Tor bridge usage metrics from June to August 2024

    Redefining what an envoy is

    After we originally launched Operation Envoy, we launched FreeSocks – a service that provides free, open & uncensored Outline (Shadowsocks) proxies to people in countries experiencing a high level of Internet censorship. We also launched Unredacted Proxies, which allow people to connect to messaging services such as Signal and Telegram, without exposing the fact to their ISP or government.

    Today, we are redefining what an envoy is to us – it’s any of our services that pass messages (IP packets or TLS wrapped application layer data) back and forth between a user and the uncensored Internet. These services should all obfuscate those messages in a way where anyone monitoring a user’s Internet usage would not be able to tell what those messages might contain. In other words, they all should use an obfuscated protocol of some kind.

    Operation Envoy now includes:

    These services currently all fall under our Censorship Evasion (CE) services.

    Operation Envoy does not include:

    Operation Envoy metrics

    Operation Envoy started with 34 CPU cores and 58 GiB of RAM, deployed all over the world. We’ve since scaled the operation, and we currently have 61 CPU cores (nearly double), and 70 GiB of RAM dedicated to delivering uncensored access to the Internet (excluding our Tor exit relays). We’re working to expand that on a regular basis, and continue growing the number of envoys at our disposal.

    To collect anonymized metrics on all of ours envoys, we created a new Grafana dashboard which details the hourly bandwidth usage of all envoys combined. Over the last 30 days (at the time of writing) we pushed over 152 TiB of bandwidth across all of our envoys. That’s a lot of data!

    We need your help!

    Unredacted Inc is a 501(c)(3) non-profit organization, and we directly depend on generous donors like you to fund our operations. If you like what we do, and want to support our mission, please consider donating. We couldn’t fund Operation Envoy, and many of our services without your help.

    As a special promotion, if you donate $10 USD/mo (or more) to us on a recurring basis after reading this blog post, we’ll deploy an envoy of your choice in honor of your generosity. If you do this, please contact us afterwards and we’ll coordinate with you.

    Thank you!

  • FreeSocks is now open source

    Censorship on the Internet is getting worse, not better. The free flow of information is key to learning and making change. Because of this, we started FreeSocks, a service that provides free, open & uncensored Outline (Shadowsocks) proxies to people in countries experiencing a high level of Internet censorship late last year (2023).

    Since then, the service has seen a considerable amount of growth. Over 1,000 access keys have been issued to people all around the world wanting to hide their Internet traffic from oppressive governments, and access the open Internet without restriction. Seeing the impact that the service has made is inspiring, and it’s why we’ve been working towards something quite special. Today, we are open sourcing the code that makes FreeSocks work, the FreeSocks Control Plane (FCP), which runs entirely on the serverless Cloudflare Workers platform for free. This allows anyone to launch their own FreeSocks-like service.

    GitHub Repository: github.com/unredacted/freesocks-control-plane

    Understanding the FreeSocks flow

    A diagram showing how FreeSocks works

    Understanding the FreeSocks flow is key to understanding how FreeSocks really works. It’s designed with security in mind, while also being simple enough for any decently technical person to understand.

    Breaking down the flow:

    1. A user visits an HTTP endpoint such as freesocks.org/get on their web browser. The request is terminated in an edge network datacenter close to them.
    2. The user solves a captcha/challenge, and submits their request.
    3. The FCP calculates the latency between the edge network datacenter the user reached, and the available Outline servers by sending HTTP requests over QUIC tunnels to their API endpoints. The available endpoints are stored in and retrieved from a Workers KV namespace.
    4. The Outline server with the best latency and lowest access key count is chosen by the FCP.
    5. The FCP initiates another request to the Outline server’s API to create a new access key, which is returned to the user with a definable expiry date if they don’t use the access key at all.
    6. The user enters the access key in their Outline (or Shadowsocks) application and connects to the server, allowing them to access the open Internet. As long as they continue to use the access key, it won’t expire. If they stop using it, it will be deleted in definable number of days.

    FCP architectural design choices

    By now you know that the FCP is used for access key retrieval by users, and allows administrators to delete unused access keys from the Outline VPN servers they manage. The code behind it is written in JavaScript. The FCP is designed to be fast, flexible and expandable for the future.

    Operating the FreeSocks Control Plane (FCP) on top of a serverless platform was a core design choice for many reasons.

    • It allows others to run the FCP for free (as is the case with Cloudflare Workers).
    • It’s easy to stand up on multiple domains for optimal censor evasion. Let them play whack a mole.
    • It’s easier to manage with tools like Cloudflare Wrangler.
    • It’s more difficult for censors to block serverless edge networks, because they control a large portion of the Internet.
    • Serverless edge networks are beneficial in determining latency between edge and Outline servers to provide the lowest latency server to users without exposing servers to users. In that way, it’s hard for a censor to discover all available servers from their interaction with the FCP.

    While many may not trust large cloud providers to process potentially sensitive information, there’s no doubt that they make it harder for censors to block. FreeSocks is intended to circumvent censorship. At the same time, it makes the FCP very fast and efficient since requests are terminated all over the world in datacenters close to users. We believe the potential privacy tradeoff is worth it.

    While we have to place our trust in cloud infrastructure providers here, we can say with certainty that the FCP code itself does not trigger anything to store personally identifiable information (PII). This makes FreeSocks a fairly privacy friendly service to use.

    How can I run my own FreeSocks?

    Since the FCP is now open source, anyone can run their own FreeSocks-like platform to distribute access keys to people. As time goes on, we’ll write more documentation on how this can be done. For those that are tech-savvy enough, you might figure it out without our help. If you do, please let us know – we’re very interested in hearing your feedback. Contributions to the codebase are welcome too!

    Where does FreeSocks go from here?

    FreeSocks will continue to be developed and expanded based on demand. We’ll continue to gather user feedback, and implement features in the FCP so that we can fight censorship.

    However, we need your help! If you enjoy what we do, please consider making a donationUnredacted is a non-profit organization that provides free and open services that help people evade censorship and protect their right to privacy.

  • New Tor bridge types for Operation Envoy

    In July of last year (2023) we launched Operation Envoy, our effort to deliver packets to and from the Tor network which helps defeat Internet censorship. This is achieved by Unredacted operating Tor bridges, also known as Pluggable Transports. Tor bridges obfuscate (bridge) the connection a user makes when connecting to Tor so that it looks like any normal connection and disguises the fact that they are connecting to the Tor network. Each Pluggable Transport has its own unique way of obfuscating the connection, such as WebTunnel which mimics HTTPS traffic, one of the most common types of traffic on the Internet.

    What a connection to the Tor network looks like with a bridge in the path
    Credit: robertheaton.com/2019/04/06/how-does-tor-work/

    Historically, and for a long time we’ve focused our efforts on deploying dedicated snowflake proxies around the world in strategic locations close to Internet users that face a high level of Internet censorship in their countries. Today, we’ve added a WebTunnel and meek bridge into the mix. Adding more Tor bridge types means that users have more ways to connect to the Tor network in the event that one protocol / obfuscation technique gets blocked.

    Our meek bridge

    How meek works, click the image to learn more

    To deploy our meek bridge, we worked with the team at Tor after volunteering to run a new bridge. Due to how meek works with Tor, there is some setup on their end as well because they use a technique called domain fronting. This is a technique to disguise a connection and route it through popular, and more painful to block CDN networks like Microsoft Azure. Meek bridges remain a crucial method to connect to the Tor network in several countries.

    To see our new meek bridge statistics, you can click here.

    Our WebTunnel bridge

    How HTTPT works, the proxy behind WebTunnel technology

    As described earlier in the post, WebTunnel is a bridge type which mimics HTTPS traffic, one of the most common types of traffic on the Internet. It’s based on HTTPT which resists active probing attacks that censors use to block censorship circumvention techniques. WebTunnel will likely, and ultimately become a very important bridge type for Tor as it rolls out and gains popularity due to the protocol it disguises itself as and its resistance to active probing.

    Our new WebTunnel bridge uses a unique configuration that we came up with to hide the IP of the bridge behind a TCP proxy service. This allows us to easily switch the ‘front’ of the WebTunnel bridge in case its IP gets blocked. In the future, we plan to write about how we did this once we’ve confirmed its stability over time.

    To see our new WebTunnel bridge statistics, you can click here.

    Current Operation Envoy stats

    As it stands today, we have a collective of virtual machines consisting of 31 CPU cores, 40GB of RAM and multi-gigabit unmetered links dedicated to serving Tor bridge traffic across the world.

    Past 7 days of CPU and memory usage, click the image to see live stats

    On an average day, we are pushing almost 2TB of symmetrical bandwidth per day. That’s almost 60TB per month!

    Past 7 days of bandwidth usage, click the image to see live stats

    We can’t make all of this possible without your help. If you like what we do, please consider making a donation. As time goes on, and with more funding we’ll continue to expand our Operation Envoy footprint by deploying more Tor bridges across the world. Your help can make a real impact for Internet censorship circumvention.

  • UNREDACTED, a year in review (2023)

    From our humble beginnings in 2015, to now (almost 2024), we’ve undergone many significant changes in the almost 9 years of our existence. We’ve established ourselves as a legitimate organization that is on a mission to fight Internet censorship, and provide various services to individuals & organizations seeking privacy and security. In 2023, a lot of work has been done to accomplish that mission. That’s why we’re starting our own “year in review” to go over all of the major developments that continue to challenge and inspire us.

    A year in review (2023)

    Operation Envoy: Defeating Censors

    In July of 2023, we started Operation Envoy, an effort to scale up our Tor bridge and snowflake proxy operations that help deliver messages (packets) to and from the Tor network. This helps users experiencing Internet censorship, or those who wish to mask their use of Tor. We focused heavily on deploying snowflake proxies around the world. At the start of the operation we were serving 93TB of symmetrical snowflake proxy traffic looking at the past 30 days.

    30 days of past traffic at the start of the operation (July 2023)

    As of December of 2023, in the last 30 days we’ve served over 121TB of symmetrical traffic to snowflake proxy users. We started with 34 CPU cores and 58GB of RAM from servers deployed around the world. We’re ending the year with the same core count, but with a bit less RAM at 53GB. However, we’ve served more traffic due to server provider changes and software upgrades.

    30 days of past traffic at the end of 2023 (December 2023)

    Our Operation Envoy metrics are publicly accessible, and can show you the direct impact that we’re making. Have a look.

    In 2024, we will continue expanding our CPU core and RAM counts, but we can’t do it without your help! If you like what we do and want to support our mission, consider making a donation.

    FreeSocks, proxies that circumvent censorship

    To continue our efforts and follow our mission in providing censorship-resistant Internet access, in late December we launched FreeSocks. A service that provides free, open & uncensored Outline (Shadowsocks) proxies to individuals in countries experiencing a high level of Internet censorship.

    A screenshot of the FreeSocks website

    We’ve spread news about the service on social media, and we’ve seen a gradual and steady increase in users since the launch.

    In 2024, we will scale the service to meet our user’s needs and write a blog post about how we built the core of FreeSocks on Cloudflare Workers in a privacy respecting way. Again, we can’t run services like these without your help.

    Tor exit relays

    In addition to our front-line censorship circumvention services, we have run numerous high-bandwidth Tor exit relays for many years.

    We’ve recently become #16 in the top exit families, and have a 1.03% exit probability according to OrNetStats. That means, you may be one of the 1% of Tor network users who exit traffic through our relays.

    A screenshot from OrNetStats

    Over the past 30 days, we’ve greatly improved our Tor exit relay setup, which consists of 2 hypervisors. Each having an Intel Xeon E-2276G, 64GB of RAM and a 1Gb/s NIC. We’ve spent a lot of time revising this setup to maximize bandwidth and resource usage.

    Our Tor exit relay bandwidth bitrate over the past 30 days

    This optimized setup has allowed us to push 2Gb/s of symmetrical traffic at any given time. In a single 24 hour period, we pushed nearly 20TB of traffic through our relays.

    Our bandwidth usage over a single 24 hour period

    If we continue at this rate for 365 days, that would be close to 7.3PB (Petabytes) of traffic for an entire year. With your help, we can do even more than this, and continue pushing tons traffic for Tor network users.

    Unredacted Guides

    In November of 2023, we launched Unredacted Guides. We aim to aid users in setting up, configuring and launching privacy/security focused software. It’s one thing to run these services ourselves, but helping others do the same only increases awareness and impact.

    As of writing this post, we have 2 guides.

    In 2024, we will continue to refine existing guides and write new ones in accordance with our mission.

    Chat services

    Our oldest projects are our chat services. XMPP.is was launched in 2015 and our Matrix server was launched in 2021. For many years, thousands of individuals have used our chat servers to exchange messages back and forth between friends and family. These remain a crucial part of our mission, as it allows people to communicate securely and privately.

    In November, we made efforts to secure XMPP.is based on the teachings from the jabber.ru MITM attack, and shared our work in a blog post.

    We will continue to maintain, monitor and secure our chat services for the years to come.

    Infrastructure changes

    Over the past year, we’ve made significant improvements to our server orchestration and the security of our services and website.

    We use many self-written Ansible roles and playbooks to deploy and maintain our servers. We’ve made a lot of refinements in this area which has made deploying and maintaining new services easier than ever.

    On the security side, we’ve utilized Cloudflare Access heavily on critical parts of our websites and locked down server access behind Tailscale. In 2024, a focus of ours will be to further secure our infrastructure from potential attacks.

    Funding

    While we’ve always paid for our services mostly out of pocket, 2023 was unfortunately one of the lowest in terms of funding, and it was far under our operational costs (domains, servers & SaaS providers). With that said, we greatly appreciate those that made contributions. Any amount helps us in carrying out our mission.

    2023 Donation Totals (USD):

    Cryptocurrency (calculated at time of writing): $127
    Stripe (credit cards): $68
    PayPal: $23
    Total: $218

    To continue our mission, we need your support! We allow one-time or recurring donations via multiple payment methods, including PayPal, credit cards, cryptocurrency, Open Collective, Patreon & Liberapay.

    In 2024, we will launch a fundraiser in an attempt to cover our operational costs. This will be announced later.

    What’s next?

    Regardless of funding for our services in 2024, we will make an attempt to expand them, and create new ones. We’ll continue working on awesome projects, and providing them to the masses.

    In 2024, we will explore the possibility of becoming a 501(c)(3) non-profit organization and assess it’s feasibility. We’ve always been non-profit focused, but legitimizing ourselves as a US tax deductible non-profit has its perks and it may be the next step in the growth and expansion of our organization.

    Happy holidays!

  • Introducing FreeSocks, proxies that circumvent censorship

    Easy censorship circumvention

    We despise censorship and human (& animal) rights abuses, and it’s time to fight back. In addition to Operation Envoy, our effort to provide stable and performant anti-censorship Tor bridges and snowflake proxies, we’re launching FreeSocks. FreeSocks is a free and open proxy service that aims provide an alternative to individuals that live in or are visiting countries with a heavily censored internet. With FreeSocks proxies, people that reside in countries with oppressive governments can access the open internet freely.

    An internet free of censorship is extremely important in countries where the internet is censored heavily. It provides access to information that individuals may never find out about, for example the Tiananmen Square massacre and countless other atrocities and injustices carried out by governments around the world. It also allows people to communicate freely amongst themselves, so that they’re not afraid to show their true selves. In the modern age, governments are only getting better at restricting access to content and services they deem ‘unpalatable’. China is one government which is particularly advanced in their censorship efforts, and is constantly tweaking their Great Firewall to block more and more content and services. This is why services like FreeSocks are important.

    A screenshot of the FreeSocks website

    Our tech stack

    The underlying technology that FreeSocks provides is Outline (Shadowsocks) proxies (deployed around the world), which encrypt and obfuscate user’s internet traffic. The website guides users on how they can retrieve and use the proxy access keys that we provide to them. We make an attempt to reduce the chance for abuse by preventing people from retrieving a proxy if they are not within an especially oppressive country. At a later date, we’ll detail exactly how we provide this service and the underlying code that FreeSocks uses. We think it’s pretty cool, as the functionality of retrieving and expiring proxy access keys (via the outline-server API) lives entirely on the Cloudflare Workers serverless platform. The entire FreeSocks platform is very flexible because of this. Something awesome is that our Workers cron triggers to expire access keys at defined intervals run only in datacenters that are powered by renewable energy.

    We do all of this in a privacy respecting way, and we don’t log the IPs of active users, or who might have even requested a proxy.

    Where do we go from here?

    We need your help to maintain FreeSocks, deploy more proxies and fight the censors! If you like to support organizations like ours, please consider making a donation.

    With your help we:

    • Plan to continuously deploy new Outline proxy servers in strategic locations.
    • Plan to translate all pages on the website to different languages, so that people who can’t translate or read English can use the service.
    • Plan to provide mirrors of the site in case the main URL is inaccessible.
    • Plan to extend the expiration time of access keys (30 days at the time of launch) based on reception and use.

    We’ve worked really hard on FreeSocks, and we hope that you can get good use out of the service. Share it with your friends who might be subjected to internet censorship. If you use the service, and have any trouble – please contact us.

  • Operation Envoy: Defeating Censors

    Operation background

    Accessing the uncensored Internet in some countries has never been so difficult. Internet censorship is rising across the world, and content filtering is becoming more difficult to circumvent as technology and censors evolve. Even in countries you wouldn’t expect. However the worst offenders are the ones you would typically suspect, China, Russia and countries who rank low on the World Press Freedom Index.

    The organization, OONI (Open Observatory of Network Interference) monitors internet censorship around the world and produces reports which show that censorship is on the rise. Government censors (governments who implement Internet censorship) are insatiable in their quest to restrict Internet access and keep their citizenry blind and oppressed, just how they like it.


    The question is, what are we doing about it? That’s where Operation Envoy comes in. We want to help deliver messages (network packets) to and from the Tor network. For quite a while now, we’ve been running Tor exit relays which provide valuable bandwidth and processing power to the Tor network which helps people in heavily censored countries access services and information that people in the western world take for granted. While exit relays are an integral part of the Tor network, there’s another part that is critical for accessing it in many countries. Tor bridges and snowflake proxies are the first entry point into the Tor network for many people. What are they you might be wondering? Well, many countries block access to Tor and they’re very good at it, which makes Tor hard to access. That’s where Tor bridges and snowflake proxies step in, and so do we. Bridges and snowflake proxies allow Tor users to access the network via an obfuscated and seemingly normal-looking connection to the bridge or proxy. That bridge or proxy then acts as a literal bridge to the Tor network.

    Censors have even gotten so audacious that they’ve identified specific signatures of user to snowflake proxy traffic and blocked it. Thanks to the anti-censorship team at Tor, they are hyperaware of these issues and always trying to be a step ahead of the censors.

    Where the operation stands

    So, that’s where we’ve been focusing most of our censorship evasion efforts. The Tor network has plenty of bandwidth, but it has problems with accessibility and bridges/snowflake proxies help with that. At the time of writing we’ve ramped up to 29 high-bandwidth servers around the world that run Tor snowflake proxies 24/7/365. We have 34 CPU cores and 58GB of RAM at our disposal. Some servers are in strategic locations that help users within censored countries access the proxies themselves.

    Over the past 30 days, we’ve pushed over 93TB of symmetrical traffic on our bridges & proxies.

    See our stats

    The future of Operation Envoy

    Our goal with this operation is to run as many high quality dedicated bridges and snowflake proxies as possible, and become one of the largest operators. We believe Operation Envoy is essential, as many of the snowflake proxies are run via home networks which typically do not provide high upload and download speeds.

    To scale our growing bridge and snowflake proxy server infrastructure, we use automation software called Ansible and have started writing our own Ansible role to help with that. This allows us to update and maintain our Tor bridge and proxy fleet.

    To succeed in our mission, we ask for your help via donation. With your help, we can deploy more and more censorship evasion servers around the world. In an effort to fund our operations, if you make a recurring donation of $10/mo or more after reading this post, be sure to contact us and let us know – we will deploy a Tor bridge or snowflake proxy in your name!

    We plan to release updates on our operation as it expands, so stay tuned.

    Thanks for your support,
    Zach

  • What we’re doing in response to the invasion of Ukraine

    https://blog.torproject.org/tor-and-the-humans-who-use-it/

    The situation in Ukraine is unsettling, and requires the world to step in and help on every front. Whether you do your part and help with donations, use your cybersecurity skills or attending & staging protests, anything helps.

    In response to the invasion of Ukraine by the Russian military, we have expanded our operations on the Tor network.

    What exactly does this do, and how does it help, you might ask?

    Tor is a network of virtual tunnels that allows you to improve your privacy and security on the Internet. Tor works by sending your traffic through three random servers (also known as relays) in the Tor network. The last relay in the circuit (the exit relay) then sends the traffic out onto the public Internet.

    Source: https://tb-manual.torproject.org/about/

    This makes Tor critical infrastructure to those living in oppressive countries. Without Tor, they can’t access many sites and services that provide views that their governments don’t want them to see.

    While Tor is accessible in Ukraine (despite internet outages), and not being actively blocked, it is not the same in Russia. There are many Russians who do not agree with the decision to invade Ukraine, and they have been staging protests across Russia. As such, it’s very important that Russian protestors have a way to access the uncensored internet. For many years, Roskomnadzor, a Russian agency focused on censoring and controlling the media Russian’s consume, has been cutting Russians off from websites and services they deem unpalatable. Right now, Tor is blocked in Russia, and we want to help unblock it through anti-censorship Tor bridges. Everyone should have access to an uncensored internet.

    How specifically are we helping combat this now?

    Well, since the start of the invasion we’ve deployed 5 additional Tor bridges (our focus), and 4 exit relays. Our Tor bridges were deployed in strategic locations, close to but outside of Russia, for optimal latency.

    What exactly are Tor bridges?

    Tor bridges are the first hop onto the Tor network for many users in countries enforcing internet censorship. They use obfuscation to disguise Tor traffic to and from a user, & make it look unsuspicious to would-be snoopers looking to block connections to the Tor network.

    Since the deployment of our Tor bridges, we’ve seen high usage across the board. This doesn’t surprise us, as Tor usage has been spiking in Ukraine, and bridge usage is up in Russia.

    Source

    Since the invasion of Ukraine on February 24th to now (Feb 27th), our own metrics show that we have pushed over 100 TB of symmetrical traffic to and from the Tor network via all of our Tor relays and bridges.

    Source

    How can you help?

    You might be wondering, how can I help this effort to provide uncensored internet access. Well, it’s quite simple actually, and you don’t need to be tech-savvy at all. You can install Tor’s Snowflake browser add-on which helps censored users access the Tor network.

    https://snowflake.torproject.org/

    Additionally, you can donate to Unredacted. We will use any funds during the conflict to spin up new Tor bridges and expand our Tor footprint to help those experiencing internet censorship.

    Donate here: unredacted.org/donate

    You can also see the real world impact of your funding here (although Tor bridges produce much less traffic than other relay types): https://grafana.unredacted.net/d/ce-tor-bridges/unredacted-tor-bridge-metrics?orgId=1

    We wish the best for the people of Ukraine and Russia alike.

    Найкращі побажання
    Zach

Donate