Tag: freesocks

  • UNREDACTED, a year in review (2024)

    A message from our founder:

    2024 has been a great year for us at Unredacted, growing in many ways that we didn’t even imagine were so quickly possible. We set out to explore whether becoming a 501(c)(3) non-profit was feasible. We ended up putting in the research and work to do it, and we formally incorporated as Unredacted Inc in May and received our 501(c)(3) determination letter from the IRS in June. We received a huge amount of support, from kind words to donations, and even a grant from the Human Rights Foundation. All of the support we’ve received has inspired us and allows us to continue our growth.

    2025 will surely be a difficult and challenging year for the fight against Internet censorship, and the fight for everyone’s right to privacy. Access to free and open information is as extremely important as it ever was. With some level of critical thinking, the truth can be found. We’re refocusing and doubling down on our mission to fight Internet censorship and protect people’s privacy by building out more censorship-resistant and privacy-friendly Internet infrastructure and services, while polishing the existing.

    So much has already happened, so read on to see in full detail what we accomplished in 2024.

    Zach
    Executive Director
    Unredacted Inc

    A year in review (2024)

    General Updates:

    Initiatives:

    Censorship Evasion (CE):

    Secure Infrastructure (SI):

    Conclusion:

    Website

    This year, we put a lot of work into the content and design of our website. The front page was redesigned, we added breadcrumbs on nearly all pages for easier navigation, and redesigned our donation page. Furthermore, we added new pages and content such as our transparency report, Supporters page and launched Unredacted Updates, where you can get a summary of what we’ve worked on each month. Transparency is important to us, and there will be more to come in 2025.

    Want to read more about the inner-workings our projects & services? Check out our blog!

    Hardware

    Unredacted has largely operated on a mix of dedicated hardware that we rent from various hosting providers. Unfortunately one of those providers, Hetzner, mysteriously cancelled our account at the end of October. We’ve since migrated to more reliable providers. However, important infrastructure such as our Tor exit relays, XMPP.is, and Unredacted Matrix server run on top of rented dedicated servers still. This past year, we’ve pursued purchasing and colocating hardware that we fully own. So far, we’ve built out redundant edge routers, aggregation switches and a PoE switch (seen below) which will power a special project that we’re working on. We won’t give any hints on what the PoE powered Raspberry Pis are for now, but we’ll be announcing how and why we built them in early 2025. What we’ll say is that they’re scalable, efficient and more affordable to operate in the long run.

    We’re also in the process of building an high-availability virtualization cluster with Ceph for storage too. That hardware is still in testing, but we plan to fully deploy it in early 2025 as well. The new cluster will power XMPP.is, the Unredacted Matrix server and various other new services that we’ll spin up in 2025.

    The hardware purchases that we made wouldn’t have been possible without the amazing support and donations we’ve received from our community. We’d especially like to thank the Human Rights Foundation for providing a grant to us.

    Network

    For a long time, we have operated our own network on top of one of our hosting providers. Recently, we became an ARIN member and received our own ASN (Autonomous System Number), AS401401 – which, in HTTP status codes means “Unauthorized.” ARIN must have thought we were cool. 🙂

    We also received IPv6 and IPv4 prefixes, which we’ve started advertising to our upstream providers. Our edge network at the time of writing consists of 18 virtual machines across various hosting providers for diversity and redundancy. We built this network for the special project mentioned above in the hardware section, and in 2025 we’ll write about how and why we built it on our blog.

    Operation Envoy: Defeating Censors

    In July of 2023, we started Operation Envoy, an initiative that consists of ‘envoys’ which help to deliver messages (packets) to and from the Tor network. This helps users experiencing Internet censorship, or those who wish to mask their use of Tor. Previously, we focused heavily on deploying Tor snowflake proxies around the world.

    This year, Operation Envoy had its 1st year anniversary. We thought a lot about Operation Envoy’s future, and we decided that it should consist of more than just Tor bridges. Operation Envoy now consists of everything we operate that helps people reach the free and open Internet, or particular services such as Signal & Telegram.

    Operation Envoy includes:

    Around the same time last year, we had served around 121TiB of traffic in a single 30 day period. As of December of 2024, in the last 30 days we’ve served over 192TiB of traffic to across all Operation Envoy services, which is a significant increase, but also due to the reclassification of what an ‘envoy’ is to us.

    30 days of past traffic (Dec, 2024)

    If we continue to average at this new rate of bandwidth over a year, that would be over 2.2PiB!

    Last year, we ended with 31 CPU cores and 53GiB of RAM. Looking at CPU core and RAM counts now, we ended the year with 91 cores and 106GiB of RAM, which is again a significant increase – but also due to the reclassification.

    24 hour hour stats on CPU & RAM usage (Dec, 2024)

    Our anonymized & aggregated Operation Envoy metrics are publicly accessible, and you can see the direct impact that we’re making.

    In 2025, we will continue expanding our CPU core and RAM counts, but we can’t do it without your help! If you like what we do and want to support our mission, consider making a donation.

    FreeSocks, proxies that circumvent censorship

    FreeSocks, our service that provides free, open & uncensored Outline (Shadowsocks) proxies to people in countries experiencing a high level of Internet censorship was open sourced in June. It also hit its first year of existence in December of 2024, and has expanded rapidly.

    Since its launch, FreeSocks has issued over 10,000 access keys to people looking to circumvent Internet censorship. This is an amazing milestone, and we’re happy to be helping so many people across the world. We’ve received a lot of positive feedback, and it has inspired us to continue our work on the service.

    A screenshot of the FreeSocks website

    In 2025, we’ll be continuing our work on a full rewrite of the freesocks-control-plane (FCP), the code which powers FreeSocks and allows for access keys to be issued, and have their state tracked. The rewrite will convert the existing code from JavaScript to TypeScript, and feature an API + web control panel which will allow us and others to manage their FCP deployment much more easily.

    A sneak peek of the new FCP control panel

    We’re also planning to potentially move away from Outline’s server software, and utilize raw Shadowsocks, Vmess, VLESS and Trojan proxies to offer more options to our users. To note, existing access keys and Outline’s client will still work with raw Shadowsocks.

    We can’t run free & awesome services like this without your help.

    Tor exit relays

    In our efforts to help people evade censorship, and protect their right to privacy, we have operated numerous high-bandwidth Tor exit relays since 2021.

    We’re currently #20 in the top exit families, and have a 0.55% exit probability according to OrNetStats. That means your connection through Tor may be one of the 0.55% which exits traffic through our relays.

    A screenshot from OrNetStats

    Currently, we have around 5Gb/s of throughput capacity (3Gb/s more since last year), however in practice this has been lackluster due to hosting provider network congestion and rate-limits. With our new hardware, we’re planning to migrate all of our Tor exit relays to our colocation in early 2025, which should allow for better throughput and control.

    Our Tor exit relay bandwidth bitrate over the past 30 days

    Regardless, over the past 30 days we have received and transmitted over 366TiB of bandwidth. If this rate continued for a year, that would still be over 4.2PiB of bandwidth usage for a whole year, quite an achievement.

    Our bandwidth usage over a single 24 hour period

    With your help, we can do even more, and continue to push a lot of traffic for the Tor network.

    Unredacted Proxies

    In 2024, we quietly announced Unredacted Proxies – which allow people to connect to messaging services such as Signal and Telegram, without exposing the fact to their ISP or government.

    Unredacted Proxies are a part of Operation Envoy, and are quite useful to many people around the world where Signal & Telegram are blocked. We’ve had a lot of good feedback about the service, and while we don’t directly count the amount of users – we can see that it’s being utilized by many when looking at bandwidth metrics. We’ve particularly seen great interest from people in Russia and Iran.

    For those interested in the technical side, we use Signal’s TLS Proxy and Telegram’s MTProto for our proxies.

    Chat services

    Our oldest projects are our chat services. XMPP.is was launched in 2015 and our Matrix server was launched in 2021. For many years, thousands of individuals have used our chat servers to exchange messages back and forth between friends and family. These remain a crucial part of our mission, as it allows people to communicate securely and privately. We regularly maintain and update these services, but there’s nothing notable to announce for them this year.

    If you want to chat with us and other like-minded people, why not join one of our communities?

    Funding

    Las year, we struggled with funding. However, this year has been amazing in terms of funding. We received a record amount of donations, and even received a grant from the Human Rights Foundation! We’re eternally grateful to our community and supporters, and we promise to always use your money effectively. To date, no one at Unredacted makes any money for the work they do, and we intend to keep it this way until we are fully sustainable.

    2024 EoY Balance Totals (USD):

    • Cryptocurrency balances (calculated at time of writing): $35,681
    • Bank balance (at the time of writing): $246
      Total: $35,927

    2024 Grant Totals (USD):

    We expect that with our current expense and growth rate, these funds will allow us to smoothly operate for at least 2-3 years. To continue our mission, and rapidly expand, we’ll need your support! We have many very ambitious and interesting work & projects in 2025.

    If you want to support us, we allow one-time or recurring donations via multiple payment methods, including PayPal, credit cards, cryptocurrency (including XMR & ZEC), Open Collective, Patreon & Liberapay.

    In 2025, we plan to be much more transparent in terms of our spending and funding.

    What’s next?

    In 2025, we have a lot of work ahead of us. We’ll be building out new infrastructure, creating new services and revamping existing ones. We’re expanding at a rapid pace, and we’re going to continue doing so. The fight against Internet censorship and for people’s right to privacy will be especially important in the coming year.

    Happy holidays!

    Sincerely,
    The Unredacted Team

  • FreeSocks is now open source

    Censorship on the Internet is getting worse, not better. The free flow of information is key to learning and making change. Because of this, we started FreeSocks, a service that provides free, open & uncensored Outline (Shadowsocks) proxies to people in countries experiencing a high level of Internet censorship late last year (2023).

    Since then, the service has seen a considerable amount of growth. Over 1,000 access keys have been issued to people all around the world wanting to hide their Internet traffic from oppressive governments, and access the open Internet without restriction. Seeing the impact that the service has made is inspiring, and it’s why we’ve been working towards something quite special. Today, we are open sourcing the code that makes FreeSocks work, the FreeSocks Control Plane (FCP), which runs entirely on the serverless Cloudflare Workers platform for free. This allows anyone to launch their own FreeSocks-like service.

    GitHub Repository: github.com/unredacted/freesocks-control-plane

    Understanding the FreeSocks flow

    A diagram showing how FreeSocks works

    Understanding the FreeSocks flow is key to understanding how FreeSocks really works. It’s designed with security in mind, while also being simple enough for any decently technical person to understand.

    Breaking down the flow:

    1. A user visits an HTTP endpoint such as freesocks.org/get on their web browser. The request is terminated in an edge network datacenter close to them.
    2. The user solves a captcha/challenge, and submits their request.
    3. The FCP calculates the latency between the edge network datacenter the user reached, and the available Outline servers by sending HTTP requests over QUIC tunnels to their API endpoints. The available endpoints are stored in and retrieved from a Workers KV namespace.
    4. The Outline server with the best latency and lowest access key count is chosen by the FCP.
    5. The FCP initiates another request to the Outline server’s API to create a new access key, which is returned to the user with a definable expiry date if they don’t use the access key at all.
    6. The user enters the access key in their Outline (or Shadowsocks) application and connects to the server, allowing them to access the open Internet. As long as they continue to use the access key, it won’t expire. If they stop using it, it will be deleted in definable number of days.

    FCP architectural design choices

    By now you know that the FCP is used for access key retrieval by users, and allows administrators to delete unused access keys from the Outline VPN servers they manage. The code behind it is written in JavaScript. The FCP is designed to be fast, flexible and expandable for the future.

    Operating the FreeSocks Control Plane (FCP) on top of a serverless platform was a core design choice for many reasons.

    • It allows others to run the FCP for free (as is the case with Cloudflare Workers).
    • It’s easy to stand up on multiple domains for optimal censor evasion. Let them play whack a mole.
    • It’s easier to manage with tools like Cloudflare Wrangler.
    • It’s more difficult for censors to block serverless edge networks, because they control a large portion of the Internet.
    • Serverless edge networks are beneficial in determining latency between edge and Outline servers to provide the lowest latency server to users without exposing servers to users. In that way, it’s hard for a censor to discover all available servers from their interaction with the FCP.

    While many may not trust large cloud providers to process potentially sensitive information, there’s no doubt that they make it harder for censors to block. FreeSocks is intended to circumvent censorship. At the same time, it makes the FCP very fast and efficient since requests are terminated all over the world in datacenters close to users. We believe the potential privacy tradeoff is worth it.

    While we have to place our trust in cloud infrastructure providers here, we can say with certainty that the FCP code itself does not trigger anything to store personally identifiable information (PII). This makes FreeSocks a fairly privacy friendly service to use.

    How can I run my own FreeSocks?

    Since the FCP is now open source, anyone can run their own FreeSocks-like platform to distribute access keys to people. As time goes on, we’ll write more documentation on how this can be done. For those that are tech-savvy enough, you might figure it out without our help. If you do, please let us know – we’re very interested in hearing your feedback. Contributions to the codebase are welcome too!

    Where does FreeSocks go from here?

    FreeSocks will continue to be developed and expanded based on demand. We’ll continue to gather user feedback, and implement features in the FCP so that we can fight censorship.

    However, we need your help! If you enjoy what we do, please consider making a donationUnredacted is a non-profit organization that provides free and open services that help people evade censorship and protect their right to privacy.

  • UNREDACTED, a year in review (2023)

    From our humble beginnings in 2015, to now (almost 2024), we’ve undergone many significant changes in the almost 9 years of our existence. We’ve established ourselves as a legitimate organization that is on a mission to fight Internet censorship, and provide various services to individuals & organizations seeking privacy and security. In 2023, a lot of work has been done to accomplish that mission. That’s why we’re starting our own “year in review” to go over all of the major developments that continue to challenge and inspire us.

    A year in review (2023)

    Operation Envoy: Defeating Censors

    In July of 2023, we started Operation Envoy, an effort to scale up our Tor bridge and snowflake proxy operations that help deliver messages (packets) to and from the Tor network. This helps users experiencing Internet censorship, or those who wish to mask their use of Tor. We focused heavily on deploying snowflake proxies around the world. At the start of the operation we were serving 93TB of symmetrical snowflake proxy traffic looking at the past 30 days.

    30 days of past traffic at the start of the operation (July 2023)

    As of December of 2023, in the last 30 days we’ve served over 121TB of symmetrical traffic to snowflake proxy users. We started with 34 CPU cores and 58GB of RAM from servers deployed around the world. We’re ending the year with the same core count, but with a bit less RAM at 53GB. However, we’ve served more traffic due to server provider changes and software upgrades.

    30 days of past traffic at the end of 2023 (December 2023)

    Our Operation Envoy metrics are publicly accessible, and can show you the direct impact that we’re making. Have a look.

    In 2024, we will continue expanding our CPU core and RAM counts, but we can’t do it without your help! If you like what we do and want to support our mission, consider making a donation.

    FreeSocks, proxies that circumvent censorship

    To continue our efforts and follow our mission in providing censorship-resistant Internet access, in late December we launched FreeSocks. A service that provides free, open & uncensored Outline (Shadowsocks) proxies to individuals in countries experiencing a high level of Internet censorship.

    A screenshot of the FreeSocks website

    We’ve spread news about the service on social media, and we’ve seen a gradual and steady increase in users since the launch.

    In 2024, we will scale the service to meet our user’s needs and write a blog post about how we built the core of FreeSocks on Cloudflare Workers in a privacy respecting way. Again, we can’t run services like these without your help.

    Tor exit relays

    In addition to our front-line censorship circumvention services, we have run numerous high-bandwidth Tor exit relays for many years.

    We’ve recently become #16 in the top exit families, and have a 1.03% exit probability according to OrNetStats. That means, you may be one of the 1% of Tor network users who exit traffic through our relays.

    A screenshot from OrNetStats

    Over the past 30 days, we’ve greatly improved our Tor exit relay setup, which consists of 2 hypervisors. Each having an Intel Xeon E-2276G, 64GB of RAM and a 1Gb/s NIC. We’ve spent a lot of time revising this setup to maximize bandwidth and resource usage.

    Our Tor exit relay bandwidth bitrate over the past 30 days

    This optimized setup has allowed us to push 2Gb/s of symmetrical traffic at any given time. In a single 24 hour period, we pushed nearly 20TB of traffic through our relays.

    Our bandwidth usage over a single 24 hour period

    If we continue at this rate for 365 days, that would be close to 7.3PB (Petabytes) of traffic for an entire year. With your help, we can do even more than this, and continue pushing tons traffic for Tor network users.

    Unredacted Guides

    In November of 2023, we launched Unredacted Guides. We aim to aid users in setting up, configuring and launching privacy/security focused software. It’s one thing to run these services ourselves, but helping others do the same only increases awareness and impact.

    As of writing this post, we have 2 guides.

    In 2024, we will continue to refine existing guides and write new ones in accordance with our mission.

    Chat services

    Our oldest projects are our chat services. XMPP.is was launched in 2015 and our Matrix server was launched in 2021. For many years, thousands of individuals have used our chat servers to exchange messages back and forth between friends and family. These remain a crucial part of our mission, as it allows people to communicate securely and privately.

    In November, we made efforts to secure XMPP.is based on the teachings from the jabber.ru MITM attack, and shared our work in a blog post.

    We will continue to maintain, monitor and secure our chat services for the years to come.

    Infrastructure changes

    Over the past year, we’ve made significant improvements to our server orchestration and the security of our services and website.

    We use many self-written Ansible roles and playbooks to deploy and maintain our servers. We’ve made a lot of refinements in this area which has made deploying and maintaining new services easier than ever.

    On the security side, we’ve utilized Cloudflare Access heavily on critical parts of our websites and locked down server access behind Tailscale. In 2024, a focus of ours will be to further secure our infrastructure from potential attacks.

    Funding

    While we’ve always paid for our services mostly out of pocket, 2023 was unfortunately one of the lowest in terms of funding, and it was far under our operational costs (domains, servers & SaaS providers). With that said, we greatly appreciate those that made contributions. Any amount helps us in carrying out our mission.

    2023 Donation Totals (USD):

    Cryptocurrency (calculated at time of writing): $127
    Stripe (credit cards): $68
    PayPal: $23
    Total: $218

    To continue our mission, we need your support! We allow one-time or recurring donations via multiple payment methods, including PayPal, credit cards, cryptocurrency, Open Collective, Patreon & Liberapay.

    In 2024, we will launch a fundraiser in an attempt to cover our operational costs. This will be announced later.

    What’s next?

    Regardless of funding for our services in 2024, we will make an attempt to expand them, and create new ones. We’ll continue working on awesome projects, and providing them to the masses.

    In 2024, we will explore the possibility of becoming a 501(c)(3) non-profit organization and assess it’s feasibility. We’ve always been non-profit focused, but legitimizing ourselves as a US tax deductible non-profit has its perks and it may be the next step in the growth and expansion of our organization.

    Happy holidays!

  • Introducing FreeSocks, proxies that circumvent censorship

    Easy censorship circumvention

    We despise censorship and human (& animal) rights abuses, and it’s time to fight back. In addition to Operation Envoy, our effort to provide stable and performant anti-censorship Tor bridges and snowflake proxies, we’re launching FreeSocks. FreeSocks is a free and open proxy service that aims provide an alternative to individuals that live in or are visiting countries with a heavily censored internet. With FreeSocks proxies, people that reside in countries with oppressive governments can access the open internet freely.

    An internet free of censorship is extremely important in countries where the internet is censored heavily. It provides access to information that individuals may never find out about, for example the Tiananmen Square massacre and countless other atrocities and injustices carried out by governments around the world. It also allows people to communicate freely amongst themselves, so that they’re not afraid to show their true selves. In the modern age, governments are only getting better at restricting access to content and services they deem ‘unpalatable’. China is one government which is particularly advanced in their censorship efforts, and is constantly tweaking their Great Firewall to block more and more content and services. This is why services like FreeSocks are important.

    A screenshot of the FreeSocks website

    Our tech stack

    The underlying technology that FreeSocks provides is Outline (Shadowsocks) proxies (deployed around the world), which encrypt and obfuscate user’s internet traffic. The website guides users on how they can retrieve and use the proxy access keys that we provide to them. We make an attempt to reduce the chance for abuse by preventing people from retrieving a proxy if they are not within an especially oppressive country. At a later date, we’ll detail exactly how we provide this service and the underlying code that FreeSocks uses. We think it’s pretty cool, as the functionality of retrieving and expiring proxy access keys (via the outline-server API) lives entirely on the Cloudflare Workers serverless platform. The entire FreeSocks platform is very flexible because of this. Something awesome is that our Workers cron triggers to expire access keys at defined intervals run only in datacenters that are powered by renewable energy.

    We do all of this in a privacy respecting way, and we don’t log the IPs of active users, or who might have even requested a proxy.

    Where do we go from here?

    We need your help to maintain FreeSocks, deploy more proxies and fight the censors! If you like to support organizations like ours, please consider making a donation.

    With your help we:

    • Plan to continuously deploy new Outline proxy servers in strategic locations.
    • Plan to translate all pages on the website to different languages, so that people who can’t translate or read English can use the service.
    • Plan to provide mirrors of the site in case the main URL is inaccessible.
    • Plan to extend the expiration time of access keys (30 days at the time of launch) based on reception and use.

    We’ve worked really hard on FreeSocks, and we hope that you can get good use out of the service. Share it with your friends who might be subjected to internet censorship. If you use the service, and have any trouble – please contact us.

Donate