Tag: privacy

  • UNREDACTED, a year in review (2024)

    A message from our founder:

    2024 has been a great year for us at Unredacted, growing in many ways that we didn’t even imagine were so quickly possible. We set out to explore whether becoming a 501(c)(3) non-profit was feasible. We ended up putting in the research and work to do it, and we formally incorporated as Unredacted Inc in May and received our 501(c)(3) determination letter from the IRS in June. We received a huge amount of support, from kind words to donations, and even a grant from the Human Rights Foundation. All of the support we’ve received has inspired us and allows us to continue our growth.

    2025 will surely be a difficult and challenging year for the fight against Internet censorship, and the fight for everyone’s right to privacy. Access to free and open information is as extremely important as it ever was. With some level of critical thinking, the truth can be found. We’re refocusing and doubling down on our mission to fight Internet censorship and protect people’s privacy by building out more censorship-resistant and privacy-friendly Internet infrastructure and services, while polishing the existing.

    So much has already happened, so read on to see in full detail what we accomplished in 2024.

    Zach
    Executive Director
    Unredacted Inc

    A year in review (2024)

    General Updates:

    Initiatives:

    Censorship Evasion (CE):

    Secure Infrastructure (SI):

    Conclusion:

    Website

    This year, we put a lot of work into the content and design of our website. The front page was redesigned, we added breadcrumbs on nearly all pages for easier navigation, and redesigned our donation page. Furthermore, we added new pages and content such as our transparency report, Supporters page and launched Unredacted Updates, where you can get a summary of what we’ve worked on each month. Transparency is important to us, and there will be more to come in 2025.

    Want to read more about the inner-workings our projects & services? Check out our blog!

    Hardware

    Unredacted has largely operated on a mix of dedicated hardware that we rent from various hosting providers. Unfortunately one of those providers, Hetzner, mysteriously cancelled our account at the end of October. We’ve since migrated to more reliable providers. However, important infrastructure such as our Tor exit relays, XMPP.is, and Unredacted Matrix server run on top of rented dedicated servers still. This past year, we’ve pursued purchasing and colocating hardware that we fully own. So far, we’ve built out redundant edge routers, aggregation switches and a PoE switch (seen below) which will power a special project that we’re working on. We won’t give any hints on what the PoE powered Raspberry Pis are for now, but we’ll be announcing how and why we built them in early 2025. What we’ll say is that they’re scalable, efficient and more affordable to operate in the long run.

    We’re also in the process of building an high-availability virtualization cluster with Ceph for storage too. That hardware is still in testing, but we plan to fully deploy it in early 2025 as well. The new cluster will power XMPP.is, the Unredacted Matrix server and various other new services that we’ll spin up in 2025.

    The hardware purchases that we made wouldn’t have been possible without the amazing support and donations we’ve received from our community. We’d especially like to thank the Human Rights Foundation for providing a grant to us.

    Network

    For a long time, we have operated our own network on top of one of our hosting providers. Recently, we became an ARIN member and received our own ASN (Autonomous System Number), AS401401 – which, in HTTP status codes means “Unauthorized.” ARIN must have thought we were cool. 🙂

    We also received IPv6 and IPv4 prefixes, which we’ve started advertising to our upstream providers. Our edge network at the time of writing consists of 18 virtual machines across various hosting providers for diversity and redundancy. We built this network for the special project mentioned above in the hardware section, and in 2025 we’ll write about how and why we built it on our blog.

    Operation Envoy: Defeating Censors

    In July of 2023, we started Operation Envoy, an initiative that consists of ‘envoys’ which help to deliver messages (packets) to and from the Tor network. This helps users experiencing Internet censorship, or those who wish to mask their use of Tor. Previously, we focused heavily on deploying Tor snowflake proxies around the world.

    This year, Operation Envoy had its 1st year anniversary. We thought a lot about Operation Envoy’s future, and we decided that it should consist of more than just Tor bridges. Operation Envoy now consists of everything we operate that helps people reach the free and open Internet, or particular services such as Signal & Telegram.

    Operation Envoy includes:

    Around the same time last year, we had served around 121TiB of traffic in a single 30 day period. As of December of 2024, in the last 30 days we’ve served over 192TiB of traffic to across all Operation Envoy services, which is a significant increase, but also due to the reclassification of what an ‘envoy’ is to us.

    30 days of past traffic (Dec, 2024)

    If we continue to average at this new rate of bandwidth over a year, that would be over 2.2PiB!

    Last year, we ended with 31 CPU cores and 53GiB of RAM. Looking at CPU core and RAM counts now, we ended the year with 91 cores and 106GiB of RAM, which is again a significant increase – but also due to the reclassification.

    24 hour hour stats on CPU & RAM usage (Dec, 2024)

    Our anonymized & aggregated Operation Envoy metrics are publicly accessible, and you can see the direct impact that we’re making.

    In 2025, we will continue expanding our CPU core and RAM counts, but we can’t do it without your help! If you like what we do and want to support our mission, consider making a donation.

    FreeSocks, proxies that circumvent censorship

    FreeSocks, our service that provides free, open & uncensored Outline (Shadowsocks) proxies to people in countries experiencing a high level of Internet censorship was open sourced in June. It also hit its first year of existence in December of 2024, and has expanded rapidly.

    Since its launch, FreeSocks has issued over 10,000 access keys to people looking to circumvent Internet censorship. This is an amazing milestone, and we’re happy to be helping so many people across the world. We’ve received a lot of positive feedback, and it has inspired us to continue our work on the service.

    A screenshot of the FreeSocks website

    In 2025, we’ll be continuing our work on a full rewrite of the freesocks-control-plane (FCP), the code which powers FreeSocks and allows for access keys to be issued, and have their state tracked. The rewrite will convert the existing code from JavaScript to TypeScript, and feature an API + web control panel which will allow us and others to manage their FCP deployment much more easily.

    A sneak peek of the new FCP control panel

    We’re also planning to potentially move away from Outline’s server software, and utilize raw Shadowsocks, Vmess, VLESS and Trojan proxies to offer more options to our users. To note, existing access keys and Outline’s client will still work with raw Shadowsocks.

    We can’t run free & awesome services like this without your help.

    Tor exit relays

    In our efforts to help people evade censorship, and protect their right to privacy, we have operated numerous high-bandwidth Tor exit relays since 2021.

    We’re currently #20 in the top exit families, and have a 0.55% exit probability according to OrNetStats. That means your connection through Tor may be one of the 0.55% which exits traffic through our relays.

    A screenshot from OrNetStats

    Currently, we have around 5Gb/s of throughput capacity (3Gb/s more since last year), however in practice this has been lackluster due to hosting provider network congestion and rate-limits. With our new hardware, we’re planning to migrate all of our Tor exit relays to our colocation in early 2025, which should allow for better throughput and control.

    Our Tor exit relay bandwidth bitrate over the past 30 days

    Regardless, over the past 30 days we have received and transmitted over 366TiB of bandwidth. If this rate continued for a year, that would still be over 4.2PiB of bandwidth usage for a whole year, quite an achievement.

    Our bandwidth usage over a single 24 hour period

    With your help, we can do even more, and continue to push a lot of traffic for the Tor network.

    Unredacted Proxies

    In 2024, we quietly announced Unredacted Proxies – which allow people to connect to messaging services such as Signal and Telegram, without exposing the fact to their ISP or government.

    Unredacted Proxies are a part of Operation Envoy, and are quite useful to many people around the world where Signal & Telegram are blocked. We’ve had a lot of good feedback about the service, and while we don’t directly count the amount of users – we can see that it’s being utilized by many when looking at bandwidth metrics. We’ve particularly seen great interest from people in Russia and Iran.

    For those interested in the technical side, we use Signal’s TLS Proxy and Telegram’s MTProto for our proxies.

    Chat services

    Our oldest projects are our chat services. XMPP.is was launched in 2015 and our Matrix server was launched in 2021. For many years, thousands of individuals have used our chat servers to exchange messages back and forth between friends and family. These remain a crucial part of our mission, as it allows people to communicate securely and privately. We regularly maintain and update these services, but there’s nothing notable to announce for them this year.

    If you want to chat with us and other like-minded people, why not join one of our communities?

    Funding

    Las year, we struggled with funding. However, this year has been amazing in terms of funding. We received a record amount of donations, and even received a grant from the Human Rights Foundation! We’re eternally grateful to our community and supporters, and we promise to always use your money effectively. To date, no one at Unredacted makes any money for the work they do, and we intend to keep it this way until we are fully sustainable.

    2024 EoY Balance Totals (USD):

    • Cryptocurrency balances (calculated at time of writing): $35,681
    • Bank balance (at the time of writing): $246
      Total: $35,927

    2024 Grant Totals (USD):

    We expect that with our current expense and growth rate, these funds will allow us to smoothly operate for at least 2-3 years. To continue our mission, and rapidly expand, we’ll need your support! We have many very ambitious and interesting work & projects in 2025.

    If you want to support us, we allow one-time or recurring donations via multiple payment methods, including PayPal, credit cards, cryptocurrency (including XMR & ZEC), Open Collective, Patreon & Liberapay.

    In 2025, we plan to be much more transparent in terms of our spending and funding.

    What’s next?

    In 2025, we have a lot of work ahead of us. We’ll be building out new infrastructure, creating new services and revamping existing ones. We’re expanding at a rapid pace, and we’re going to continue doing so. The fight against Internet censorship and for people’s right to privacy will be especially important in the coming year.

    Happy holidays!

    Sincerely,
    The Unredacted Team

  • Operation Envoy’s 1st year anniversary

    Governments across the world continue to block & restrict access to the uncensored Internet, with many of them blocking & restricting the use of the Tor network as a result. Over a year ago, we launched Operation Envoy, an effort to help defeat those Internet censors. Operation Envoy originally helped with our vast deployment of Tor bridges & snowflake proxies, which help to pass messages (IP packets) back and forth from users and the Tor network. These messengers, or envoys as we call them, allow people to access the uncensored Internet and disguise their use of Tor from prying eyes.

    Obfuscation of the messages that our envoys carry to and from uncensored networks are incredibly important in keeping users safe. In many countries, it’s outright illegal or highly discouraged to use these technologies to bypass Internet censorship. Some people could be in real danger if their government found out that they are circumventing Internet censorship. This is morally wrong, and with governments across the world continuing to abuse their powers and limit the free flow of information, we’ll continue fighting against it.

    It’s no secret that people in countries such as Russia and Iran (& some in China) heavily depend on censorship-resistant bridge & proxy technologies according to Tor’s metrics. To help people in even more countries, and in more ways, we want to expand our vision of what Operation Envoy is.

    Tor bridge usage metrics from June to August 2024

    Redefining what an envoy is

    After we originally launched Operation Envoy, we launched FreeSocks – a service that provides free, open & uncensored Outline (Shadowsocks) proxies to people in countries experiencing a high level of Internet censorship. We also launched Unredacted Proxies, which allow people to connect to messaging services such as Signal and Telegram, without exposing the fact to their ISP or government.

    Today, we are redefining what an envoy is to us – it’s any of our services that pass messages (IP packets or TLS wrapped application layer data) back and forth between a user and the uncensored Internet. These services should all obfuscate those messages in a way where anyone monitoring a user’s Internet usage would not be able to tell what those messages might contain. In other words, they all should use an obfuscated protocol of some kind.

    Operation Envoy now includes:

    These services currently all fall under our Censorship Evasion (CE) services.

    Operation Envoy does not include:

    Operation Envoy metrics

    Operation Envoy started with 34 CPU cores and 58 GiB of RAM, deployed all over the world. We’ve since scaled the operation, and we currently have 61 CPU cores (nearly double), and 70 GiB of RAM dedicated to delivering uncensored access to the Internet (excluding our Tor exit relays). We’re working to expand that on a regular basis, and continue growing the number of envoys at our disposal.

    To collect anonymized metrics on all of ours envoys, we created a new Grafana dashboard which details the hourly bandwidth usage of all envoys combined. Over the last 30 days (at the time of writing) we pushed over 152 TiB of bandwidth across all of our envoys. That’s a lot of data!

    We need your help!

    Unredacted Inc is a 501(c)(3) non-profit organization, and we directly depend on generous donors like you to fund our operations. If you like what we do, and want to support our mission, please consider donating. We couldn’t fund Operation Envoy, and many of our services without your help.

    As a special promotion, if you donate $10 USD/mo (or more) to us on a recurring basis after reading this blog post, we’ll deploy an envoy of your choice in honor of your generosity. If you do this, please contact us afterwards and we’ll coordinate with you.

    Thank you!

  • FreeSocks is now open source

    Censorship on the Internet is getting worse, not better. The free flow of information is key to learning and making change. Because of this, we started FreeSocks, a service that provides free, open & uncensored Outline (Shadowsocks) proxies to people in countries experiencing a high level of Internet censorship late last year (2023).

    Since then, the service has seen a considerable amount of growth. Over 1,000 access keys have been issued to people all around the world wanting to hide their Internet traffic from oppressive governments, and access the open Internet without restriction. Seeing the impact that the service has made is inspiring, and it’s why we’ve been working towards something quite special. Today, we are open sourcing the code that makes FreeSocks work, the FreeSocks Control Plane (FCP), which runs entirely on the serverless Cloudflare Workers platform for free. This allows anyone to launch their own FreeSocks-like service.

    GitHub Repository: github.com/unredacted/freesocks-control-plane

    Understanding the FreeSocks flow

    A diagram showing how FreeSocks works

    Understanding the FreeSocks flow is key to understanding how FreeSocks really works. It’s designed with security in mind, while also being simple enough for any decently technical person to understand.

    Breaking down the flow:

    1. A user visits an HTTP endpoint such as freesocks.org/get on their web browser. The request is terminated in an edge network datacenter close to them.
    2. The user solves a captcha/challenge, and submits their request.
    3. The FCP calculates the latency between the edge network datacenter the user reached, and the available Outline servers by sending HTTP requests over QUIC tunnels to their API endpoints. The available endpoints are stored in and retrieved from a Workers KV namespace.
    4. The Outline server with the best latency and lowest access key count is chosen by the FCP.
    5. The FCP initiates another request to the Outline server’s API to create a new access key, which is returned to the user with a definable expiry date if they don’t use the access key at all.
    6. The user enters the access key in their Outline (or Shadowsocks) application and connects to the server, allowing them to access the open Internet. As long as they continue to use the access key, it won’t expire. If they stop using it, it will be deleted in definable number of days.

    FCP architectural design choices

    By now you know that the FCP is used for access key retrieval by users, and allows administrators to delete unused access keys from the Outline VPN servers they manage. The code behind it is written in JavaScript. The FCP is designed to be fast, flexible and expandable for the future.

    Operating the FreeSocks Control Plane (FCP) on top of a serverless platform was a core design choice for many reasons.

    • It allows others to run the FCP for free (as is the case with Cloudflare Workers).
    • It’s easy to stand up on multiple domains for optimal censor evasion. Let them play whack a mole.
    • It’s easier to manage with tools like Cloudflare Wrangler.
    • It’s more difficult for censors to block serverless edge networks, because they control a large portion of the Internet.
    • Serverless edge networks are beneficial in determining latency between edge and Outline servers to provide the lowest latency server to users without exposing servers to users. In that way, it’s hard for a censor to discover all available servers from their interaction with the FCP.

    While many may not trust large cloud providers to process potentially sensitive information, there’s no doubt that they make it harder for censors to block. FreeSocks is intended to circumvent censorship. At the same time, it makes the FCP very fast and efficient since requests are terminated all over the world in datacenters close to users. We believe the potential privacy tradeoff is worth it.

    While we have to place our trust in cloud infrastructure providers here, we can say with certainty that the FCP code itself does not trigger anything to store personally identifiable information (PII). This makes FreeSocks a fairly privacy friendly service to use.

    How can I run my own FreeSocks?

    Since the FCP is now open source, anyone can run their own FreeSocks-like platform to distribute access keys to people. As time goes on, we’ll write more documentation on how this can be done. For those that are tech-savvy enough, you might figure it out without our help. If you do, please let us know – we’re very interested in hearing your feedback. Contributions to the codebase are welcome too!

    Where does FreeSocks go from here?

    FreeSocks will continue to be developed and expanded based on demand. We’ll continue to gather user feedback, and implement features in the FCP so that we can fight censorship.

    However, we need your help! If you enjoy what we do, please consider making a donationUnredacted is a non-profit organization that provides free and open services that help people evade censorship and protect their right to privacy.

  • How we accidentally broke our Tor exit relays

    Making technology work how you expect it to, and keep it working that way can be difficult at times. Changes in configuration or software updates can put services into a broken or half-broken state, and we had the latter happen to us.

    In the spirit of transparency, we are writing about the painful discovery that many of our Tor exit relays (at least 1/3) have been broken for (at the very least) weeks, and possibly months without our knowing.

    I’d like to thank the team at Tor Project for letting us know about the issue, and how to reproduce it, which ultimately led to it being discovered and fixed.

    Root cause

    Credit: https://itsfoss.community/t/its-always-dns-lol/10820

    Based on the image, you might suspect what the issue was.

    It was DNS. Specifically, it was Tailscale’s MagicDNS feature. DNS queries were not getting resolved for some reason that is unknown to us. This means that anyone who ended up connecting to our Tor exit relays failed to connect to nearly every domain/subdomain by failing to resolve hostnames. Connecting to IPs worked just fine.

    Before we go on blaming Tailscale, I want to state that we don’t know why MagicDNS failed in the way we observed, we just know that it did. Ultimately, disabling MagicDNS on our exit relays resolved the issue entirely. When we enabled it, and tested again, it failed. As a result, we’ve left it off.

    Technical analysis

    We knew the symptom was that DNS resolution seemed to fail, which was noted by the nice people at Tor.

    We started by attempting to reproduce the issue ourselves. This required pinning our Tor instance/daemon on our local computer to a specific exit relay’s fingerprint that was exhibiting this strange behavior. For example, by modifying our Tor daemon’s torrc file and adding the below line to it, we could force our local Tor daemon to exit all traffic on that relay.

    ExitNodes F34EE673122518873E717C128E35A389B72C7837

    This fingerprint corresponds to our UnredactedSnowden relay.

    We then pointed one of our browsers to use the local SOCKS proxy the Tor daemon listens on (127.0.0.1 port 9050) to send traffic through Tor.

    When attempting to connect to any website, it failed, but the reason was unclear and did not appear to display an error related to a DNS resolution issue.

    As DNS was still the suspect here, the easiest thing to do was to SSH into that exit relay and run a tcpdump to capture all inbound and outbound packets that used TCP or UDP port 53, such as the one below.

    tcpdump -i any -n port 53

    Once we did that, we discovered that nearly all DNS queries originated from Tor seemingly went out to the 100.100.100.100 MagicDNS IP, but nothing was returned on most queries. We knew at this moment, that it was indeed a DNS resolution problem.

    An anonymized example of what we saw:

    17:11:52.164204 tailscale0 Out IP 100.69.x.x.22065 > 100.100.100.100.53: 40707+ A? domain.com. (45)
17:11:52.172049 tailscale0 Out IP 100.69.x.x.22065 > 100.100.100.100.53: 33552+ A? domain.com. (33)
17:11:52.203409 tailscale0 In  IP 100.100.100.100.53 > 100.69.x.x.22065: 47343 NXDomain 0/1/0 (119)
17:11:52.321235 tailscale0 Out IP 100.69.x.x.22065 > 100.100.100.100.53: 45366+ A? domain.com. (28)
17:11:52.321271 tailscale0 Out IP 100.69.x.x.22065 > 100.100.100.100.53: 16617+ A? domain.com. (35)
17:11:52.321303 tailscale0 Out IP 100.69.x.x.22065 > 100.100.100.100.53: 39612+ A? domain.com. (29)
17:11:52.352491 tailscale0 Out IP 100.69.x.x.22065 > 100.100.100.100.53: 63111+ A? domain.com. (34)
17:11:52.383332 tailscale0 Out IP 100.69.x.x.22065 > 100.100.100.100.53: 15513+ A? domain.com. (35)
17:11:52.501714 tailscale0 Out IP 100.69.x.x.22065 > 100.100.100.100.53: 16308+ A? domain.com. (29)
17:11:52.532238 tailscale0 Out IP 100.69.x.x.22065 > 100.100.100.100.53: 7697+ A? domain.com. (40)
17:11:52.540674 tailscale0 In  IP 100.100.100.100.53 > 100.69.x.x.22065: 22472 0/1/0 (89)
17:11:52.544683 tailscale0 Out IP 100.69.x.x.22065 > 100.100.100.100.53: 8052+ A? domain.com. (47)

    We tried several things;

    • Switching the MagicDNS nameservers to other ones & restarting Tor.
    • Rebooting the exit relay we were testing with to see if it was a strange Tailscale daemon/interface/routing issue.
    • Using dig via CLI on the test relay which queried the MagicDNS IP (100.100.100.100) which worked without issue.

    We were at a loss, and couldn’t figure out what was happening. We then decided to disable MagicDNS on the test relay to see what would happen. It worked, DNS queries started flowing and getting resolved responses via the same nameservers directly.

    We subsequently disabled MagicDNS on the rest of the exit relays with an adhoc Ansible shell command.

    Our conclusion

    The problem appeared to be with the abstraction that MagicDNS does, and queries originating from Tor did not appear to work 99%+ of the time when the feature was enabled. However, queries from dig via CLI appeared to always work. We suspect that MagicDNS fails in some sort of way when too many queries are directed at its 100.100.100.100 IP which is seemingly routed out the tailscale0 interface (& subsequently onto the physical interface). However, this doesn’t make complete sense, as we would expect queries from dig to fail as well.

    We may never know what happened exactly, and we don’t want to leave it in a broken state long enough to figure it out. At this point, it’s safe to say that we are leaving MagicDNS disabled on our Tor exit relays for the foreseeable future.

    Shortly after resolving the issue, our Tor exit relay traffic rate shot up beyond previously normal levels and hit our full capacity (as of writing this).

    In the near future, we will explore running our own local DNS resolver on each exit relay, which we’ve done in the past – but had to move away from due to an overload of bogus queries originated from Tor which also resulted in DNS resolution failures. DNS over HTTPS (DoH) or DNS over TLS (DoT) are also great options we may explore further.

    We hope you found this interesting and insightful. If you enjoy what we do, please consider making a donation. Unredacted is a non-profit organization that provides free and open services that help people evade censorship and protect their right to privacy.

  • New Tor bridge types for Operation Envoy

    In July of last year (2023) we launched Operation Envoy, our effort to deliver packets to and from the Tor network which helps defeat Internet censorship. This is achieved by Unredacted operating Tor bridges, also known as Pluggable Transports. Tor bridges obfuscate (bridge) the connection a user makes when connecting to Tor so that it looks like any normal connection and disguises the fact that they are connecting to the Tor network. Each Pluggable Transport has its own unique way of obfuscating the connection, such as WebTunnel which mimics HTTPS traffic, one of the most common types of traffic on the Internet.

    What a connection to the Tor network looks like with a bridge in the path
    Credit: robertheaton.com/2019/04/06/how-does-tor-work/

    Historically, and for a long time we’ve focused our efforts on deploying dedicated snowflake proxies around the world in strategic locations close to Internet users that face a high level of Internet censorship in their countries. Today, we’ve added a WebTunnel and meek bridge into the mix. Adding more Tor bridge types means that users have more ways to connect to the Tor network in the event that one protocol / obfuscation technique gets blocked.

    Our meek bridge

    How meek works, click the image to learn more

    To deploy our meek bridge, we worked with the team at Tor after volunteering to run a new bridge. Due to how meek works with Tor, there is some setup on their end as well because they use a technique called domain fronting. This is a technique to disguise a connection and route it through popular, and more painful to block CDN networks like Microsoft Azure. Meek bridges remain a crucial method to connect to the Tor network in several countries.

    To see our new meek bridge statistics, you can click here.

    Our WebTunnel bridge

    How HTTPT works, the proxy behind WebTunnel technology

    As described earlier in the post, WebTunnel is a bridge type which mimics HTTPS traffic, one of the most common types of traffic on the Internet. It’s based on HTTPT which resists active probing attacks that censors use to block censorship circumvention techniques. WebTunnel will likely, and ultimately become a very important bridge type for Tor as it rolls out and gains popularity due to the protocol it disguises itself as and its resistance to active probing.

    Our new WebTunnel bridge uses a unique configuration that we came up with to hide the IP of the bridge behind a TCP proxy service. This allows us to easily switch the ‘front’ of the WebTunnel bridge in case its IP gets blocked. In the future, we plan to write about how we did this once we’ve confirmed its stability over time.

    To see our new WebTunnel bridge statistics, you can click here.

    Current Operation Envoy stats

    As it stands today, we have a collective of virtual machines consisting of 31 CPU cores, 40GB of RAM and multi-gigabit unmetered links dedicated to serving Tor bridge traffic across the world.

    Past 7 days of CPU and memory usage, click the image to see live stats

    On an average day, we are pushing almost 2TB of symmetrical bandwidth per day. That’s almost 60TB per month!

    Past 7 days of bandwidth usage, click the image to see live stats

    We can’t make all of this possible without your help. If you like what we do, please consider making a donation. As time goes on, and with more funding we’ll continue to expand our Operation Envoy footprint by deploying more Tor bridges across the world. Your help can make a real impact for Internet censorship circumvention.

  • UNREDACTED, a year in review (2023)

    From our humble beginnings in 2015, to now (almost 2024), we’ve undergone many significant changes in the almost 9 years of our existence. We’ve established ourselves as a legitimate organization that is on a mission to fight Internet censorship, and provide various services to individuals & organizations seeking privacy and security. In 2023, a lot of work has been done to accomplish that mission. That’s why we’re starting our own “year in review” to go over all of the major developments that continue to challenge and inspire us.

    A year in review (2023)

    Operation Envoy: Defeating Censors

    In July of 2023, we started Operation Envoy, an effort to scale up our Tor bridge and snowflake proxy operations that help deliver messages (packets) to and from the Tor network. This helps users experiencing Internet censorship, or those who wish to mask their use of Tor. We focused heavily on deploying snowflake proxies around the world. At the start of the operation we were serving 93TB of symmetrical snowflake proxy traffic looking at the past 30 days.

    30 days of past traffic at the start of the operation (July 2023)

    As of December of 2023, in the last 30 days we’ve served over 121TB of symmetrical traffic to snowflake proxy users. We started with 34 CPU cores and 58GB of RAM from servers deployed around the world. We’re ending the year with the same core count, but with a bit less RAM at 53GB. However, we’ve served more traffic due to server provider changes and software upgrades.

    30 days of past traffic at the end of 2023 (December 2023)

    Our Operation Envoy metrics are publicly accessible, and can show you the direct impact that we’re making. Have a look.

    In 2024, we will continue expanding our CPU core and RAM counts, but we can’t do it without your help! If you like what we do and want to support our mission, consider making a donation.

    FreeSocks, proxies that circumvent censorship

    To continue our efforts and follow our mission in providing censorship-resistant Internet access, in late December we launched FreeSocks. A service that provides free, open & uncensored Outline (Shadowsocks) proxies to individuals in countries experiencing a high level of Internet censorship.

    A screenshot of the FreeSocks website

    We’ve spread news about the service on social media, and we’ve seen a gradual and steady increase in users since the launch.

    In 2024, we will scale the service to meet our user’s needs and write a blog post about how we built the core of FreeSocks on Cloudflare Workers in a privacy respecting way. Again, we can’t run services like these without your help.

    Tor exit relays

    In addition to our front-line censorship circumvention services, we have run numerous high-bandwidth Tor exit relays for many years.

    We’ve recently become #16 in the top exit families, and have a 1.03% exit probability according to OrNetStats. That means, you may be one of the 1% of Tor network users who exit traffic through our relays.

    A screenshot from OrNetStats

    Over the past 30 days, we’ve greatly improved our Tor exit relay setup, which consists of 2 hypervisors. Each having an Intel Xeon E-2276G, 64GB of RAM and a 1Gb/s NIC. We’ve spent a lot of time revising this setup to maximize bandwidth and resource usage.

    Our Tor exit relay bandwidth bitrate over the past 30 days

    This optimized setup has allowed us to push 2Gb/s of symmetrical traffic at any given time. In a single 24 hour period, we pushed nearly 20TB of traffic through our relays.

    Our bandwidth usage over a single 24 hour period

    If we continue at this rate for 365 days, that would be close to 7.3PB (Petabytes) of traffic for an entire year. With your help, we can do even more than this, and continue pushing tons traffic for Tor network users.

    Unredacted Guides

    In November of 2023, we launched Unredacted Guides. We aim to aid users in setting up, configuring and launching privacy/security focused software. It’s one thing to run these services ourselves, but helping others do the same only increases awareness and impact.

    As of writing this post, we have 2 guides.

    In 2024, we will continue to refine existing guides and write new ones in accordance with our mission.

    Chat services

    Our oldest projects are our chat services. XMPP.is was launched in 2015 and our Matrix server was launched in 2021. For many years, thousands of individuals have used our chat servers to exchange messages back and forth between friends and family. These remain a crucial part of our mission, as it allows people to communicate securely and privately.

    In November, we made efforts to secure XMPP.is based on the teachings from the jabber.ru MITM attack, and shared our work in a blog post.

    We will continue to maintain, monitor and secure our chat services for the years to come.

    Infrastructure changes

    Over the past year, we’ve made significant improvements to our server orchestration and the security of our services and website.

    We use many self-written Ansible roles and playbooks to deploy and maintain our servers. We’ve made a lot of refinements in this area which has made deploying and maintaining new services easier than ever.

    On the security side, we’ve utilized Cloudflare Access heavily on critical parts of our websites and locked down server access behind Tailscale. In 2024, a focus of ours will be to further secure our infrastructure from potential attacks.

    Funding

    While we’ve always paid for our services mostly out of pocket, 2023 was unfortunately one of the lowest in terms of funding, and it was far under our operational costs (domains, servers & SaaS providers). With that said, we greatly appreciate those that made contributions. Any amount helps us in carrying out our mission.

    2023 Donation Totals (USD):

    Cryptocurrency (calculated at time of writing): $127
    Stripe (credit cards): $68
    PayPal: $23
    Total: $218

    To continue our mission, we need your support! We allow one-time or recurring donations via multiple payment methods, including PayPal, credit cards, cryptocurrency, Open Collective, Patreon & Liberapay.

    In 2024, we will launch a fundraiser in an attempt to cover our operational costs. This will be announced later.

    What’s next?

    Regardless of funding for our services in 2024, we will make an attempt to expand them, and create new ones. We’ll continue working on awesome projects, and providing them to the masses.

    In 2024, we will explore the possibility of becoming a 501(c)(3) non-profit organization and assess it’s feasibility. We’ve always been non-profit focused, but legitimizing ourselves as a US tax deductible non-profit has its perks and it may be the next step in the growth and expansion of our organization.

    Happy holidays!

  • Introducing FreeSocks, proxies that circumvent censorship

    Easy censorship circumvention

    We despise censorship and human (& animal) rights abuses, and it’s time to fight back. In addition to Operation Envoy, our effort to provide stable and performant anti-censorship Tor bridges and snowflake proxies, we’re launching FreeSocks. FreeSocks is a free and open proxy service that aims provide an alternative to individuals that live in or are visiting countries with a heavily censored internet. With FreeSocks proxies, people that reside in countries with oppressive governments can access the open internet freely.

    An internet free of censorship is extremely important in countries where the internet is censored heavily. It provides access to information that individuals may never find out about, for example the Tiananmen Square massacre and countless other atrocities and injustices carried out by governments around the world. It also allows people to communicate freely amongst themselves, so that they’re not afraid to show their true selves. In the modern age, governments are only getting better at restricting access to content and services they deem ‘unpalatable’. China is one government which is particularly advanced in their censorship efforts, and is constantly tweaking their Great Firewall to block more and more content and services. This is why services like FreeSocks are important.

    A screenshot of the FreeSocks website

    Our tech stack

    The underlying technology that FreeSocks provides is Outline (Shadowsocks) proxies (deployed around the world), which encrypt and obfuscate user’s internet traffic. The website guides users on how they can retrieve and use the proxy access keys that we provide to them. We make an attempt to reduce the chance for abuse by preventing people from retrieving a proxy if they are not within an especially oppressive country. At a later date, we’ll detail exactly how we provide this service and the underlying code that FreeSocks uses. We think it’s pretty cool, as the functionality of retrieving and expiring proxy access keys (via the outline-server API) lives entirely on the Cloudflare Workers serverless platform. The entire FreeSocks platform is very flexible because of this. Something awesome is that our Workers cron triggers to expire access keys at defined intervals run only in datacenters that are powered by renewable energy.

    We do all of this in a privacy respecting way, and we don’t log the IPs of active users, or who might have even requested a proxy.

    Where do we go from here?

    We need your help to maintain FreeSocks, deploy more proxies and fight the censors! If you like to support organizations like ours, please consider making a donation.

    With your help we:

    • Plan to continuously deploy new Outline proxy servers in strategic locations.
    • Plan to translate all pages on the website to different languages, so that people who can’t translate or read English can use the service.
    • Plan to provide mirrors of the site in case the main URL is inaccessible.
    • Plan to extend the expiration time of access keys (30 days at the time of launch) based on reception and use.

    We’ve worked really hard on FreeSocks, and we hope that you can get good use out of the service. Share it with your friends who might be subjected to internet censorship. If you use the service, and have any trouble – please contact us.

  • Operation Envoy: Defeating Censors

    Operation background

    Accessing the uncensored Internet in some countries has never been so difficult. Internet censorship is rising across the world, and content filtering is becoming more difficult to circumvent as technology and censors evolve. Even in countries you wouldn’t expect. However the worst offenders are the ones you would typically suspect, China, Russia and countries who rank low on the World Press Freedom Index.

    The organization, OONI (Open Observatory of Network Interference) monitors internet censorship around the world and produces reports which show that censorship is on the rise. Government censors (governments who implement Internet censorship) are insatiable in their quest to restrict Internet access and keep their citizenry blind and oppressed, just how they like it.


    The question is, what are we doing about it? That’s where Operation Envoy comes in. We want to help deliver messages (network packets) to and from the Tor network. For quite a while now, we’ve been running Tor exit relays which provide valuable bandwidth and processing power to the Tor network which helps people in heavily censored countries access services and information that people in the western world take for granted. While exit relays are an integral part of the Tor network, there’s another part that is critical for accessing it in many countries. Tor bridges and snowflake proxies are the first entry point into the Tor network for many people. What are they you might be wondering? Well, many countries block access to Tor and they’re very good at it, which makes Tor hard to access. That’s where Tor bridges and snowflake proxies step in, and so do we. Bridges and snowflake proxies allow Tor users to access the network via an obfuscated and seemingly normal-looking connection to the bridge or proxy. That bridge or proxy then acts as a literal bridge to the Tor network.

    Censors have even gotten so audacious that they’ve identified specific signatures of user to snowflake proxy traffic and blocked it. Thanks to the anti-censorship team at Tor, they are hyperaware of these issues and always trying to be a step ahead of the censors.

    Where the operation stands

    So, that’s where we’ve been focusing most of our censorship evasion efforts. The Tor network has plenty of bandwidth, but it has problems with accessibility and bridges/snowflake proxies help with that. At the time of writing we’ve ramped up to 29 high-bandwidth servers around the world that run Tor snowflake proxies 24/7/365. We have 34 CPU cores and 58GB of RAM at our disposal. Some servers are in strategic locations that help users within censored countries access the proxies themselves.

    Over the past 30 days, we’ve pushed over 93TB of symmetrical traffic on our bridges & proxies.

    See our stats

    The future of Operation Envoy

    Our goal with this operation is to run as many high quality dedicated bridges and snowflake proxies as possible, and become one of the largest operators. We believe Operation Envoy is essential, as many of the snowflake proxies are run via home networks which typically do not provide high upload and download speeds.

    To scale our growing bridge and snowflake proxy server infrastructure, we use automation software called Ansible and have started writing our own Ansible role to help with that. This allows us to update and maintain our Tor bridge and proxy fleet.

    To succeed in our mission, we ask for your help via donation. With your help, we can deploy more and more censorship evasion servers around the world. In an effort to fund our operations, if you make a recurring donation of $10/mo or more after reading this post, be sure to contact us and let us know – we will deploy a Tor bridge or snowflake proxy in your name!

    We plan to release updates on our operation as it expands, so stay tuned.

    Thanks for your support,
    Zach

  • Running your own Tor relays

    As many of you may know, Tor relays are quite important to the Tor network. They allow Tor users to access .onion sites and regular internet. While hidden services (.onion sites) are great, the fact is that a lot of the internet can not be found within the Tor network. Exit relays, being one of the most essential relay types, facilitate the bridge between Tor, and the regular WWW (World Wide Web), allowing for true internet freedom.

    For a good portion of 2021, we ran (and currently run) a set of Tor exit relays on dedicated servers with unmetered bandwidth. This is something that we haven’t attempted before, and typically ran guard and middle relays exclusively to not have to deal with abuse reports. Many people fear running exit relays because of legal issues some have experienced, which is completely understandable. You may also have a hard time finding a hosting provider that allows exit relays (see more below for suggestions). In this post, we will go through some of the things we’ve found to be beneficial in our endeavor to provide fast and secure infrastructure to the Tor network.

    Network network network

    The most important thing we’ve found is operating your own network when running exit relays.

    1. Having your own ASN (autonomous system number) is a great thing to have. It allows you to have a great deal of flexibility in what you can do with your network. Having your own ASN such as ours allows us to advertise our IPv4 and v6 prefixes on our servers or routers directly to our upstream (hosting) provider. We have more control over the routing, and our network looks unique when peering into our setup. We even have the option to establish our own private or public peering with other networks, allowing us to have direct connections to other networks (for speed and free bandwidth).
    2. Having your own IP prefixes (rented or owned) gives you autonomy. With your own IPs, you directly handle abuse complaints, as your email can be listed on the abuse contact of the IPs. With this, you do not need to be at the mercy of your hosting provider, who may or may not penalize you for every abuse complaint they receive for your exit relay. Abuse complaints nowadays are generally automated, making life challenging with many coming in per day. As we do, you can simply set up an auto-responder to reply to incoming complaints and ask that another email be reached if the complaint is serious and needs direct attention.

    Hosting

    This part is really up to you, but we recommend several things here.

    • A hosting or upstream provider that allows Tor relays (especially exit relays). We’ve tested a few providers, and can recommend them for Tor usage (as of 01/24/22).

      Terrahost (exits & guard/middle allowed)
      – Locations: Norway
      – Service: Dedicated & virtual servers, misc others

      BuyVM/Frantech[aff link] (exits & guard/middle allowed)
      – Locations: Las Vegas, New York, Miami & Luxembourg
      – Services: Virtual servers, misc others

      Less preferred/highly used hosts:

      Hetzner (dedicated & cloud [aff link]) (guard/middle allowed)
      – Locations: Finland, and various locations in Germany
      – Services: Dedicated & cloud servers

      OVH / SoYouStart (guard/middle allowed)
      – Locations: Global network in various countries (mainly Europe)
      – Services: Dedicated, cloud, virtual and various other services

      More info:

      Want to know how to run a relay? Check Run A Relay out.
      If you are familiar with Ansible, be sure to use ansible-relayor.
    • Dedicated hardware, with high GHz CPU cores and an unmetered network port, is the most important for Tor relays. Obviously, with the vast amount of traffic that transits the Tor network you are going to need powerful hardware, as Tor is quite resource intensive with all the encrypting and decrypting being done on the fly. You absolutely do not want noisy neighbors, commonly seen on VPS/VM providers.

      Hardware specifics to look for:
      – 3GHz+ CPU cores with at least 1 core per relay.
      – 2 GB+ of DDR3 (or higher) RAM per relay.
      – A dedicated network uplink to your provider. Bonus points for an unmetered port where you are not charged for overages.
    • Look for a stable network. Look for a provider with a stable network, that doesn’t commonly experience congestion. Congestion, and packet loss can provide a horrible experience for users on the Tor network, resulting in a slow browsing experience with timeouts.

      Network specifics to look for:
      – A well peered hosting provider with multiple public/private peerings and public transit upstreams (think; Cogent, GTT, Telia, Lumen, etc), so that you can reach Tor network users and other relays at a low latency (which improves overall Tor network performance)
      – A provider that experiences a lower level of network congestion, which results in your ability to use your full port speed most of the time. As the Tor network uses the protocol; TCP, it is important to have a consistent good and reliable network to prevent excess TCP re-transmissions, which increases latency.

    Legal

    Legality is important, so make sure you are following laws in your country to stay within the law.

    1. Operate your own LLC, non-profit, company, or corporation. This allows you to part yourself from your Tor exit relays. While you are obviously running them, a legally formed organization will provide you with some legal protections depending on where you live.
    2. Always follow up with serious abuse complaints or subpoenas from law enforcement. This is important, and allows you to continue operating your network as a legitimate netizen. Do take abuse complaints seriously, and try to provide advice to the reporter about the Tor network and how they can circumvent future abuse. If needed, you can also disallow users from utilizing various network ports (such as port 22 used for SSH, a common source of abuse complaints) on your exit relays.

    As our journey is ever evolving, we will attempt to add to this list when we discover more along the way. If you have a suggestion, feel free to contact us, and we’ll consider adding it as well.

    G’day,
    Zach

  • Our vision of the Tor network

    Internet usage has sky rocketed with COVID-19, and the internet is expanding, so are we. As you may have noticed, we have been putting a lot of work in to expand our Tor relay & bridge network. As of writing we have over 27 nodes which reside on a diverse set of networks. Today I would like to show you what our vision is for our segment of the Tor network and the network as a whole.

    Some of our statistics

    Tor is amazing, it provides a scalable and simple way to protect and anonymize your internet traffic. Whether it be purely layer 4 (e.g. TCP/UDP) or layer 7 (e.g. HTTP), the Tor network can route it. Tor does many things, but on a daily basis, it protects good people in censored and oppressed situations, providing a way for them to safely access the internet, and all for free with open source software. Because Tor is so great, it requires dedicated volunteers, relay and bridge operators to provide that bandwidth, CPU and RAM capacity. What’s so great is that we have so many individuals already donating their time and money to do this. However, I think we can do better. We should continue to expand the Tor network by providing more bandwidth and more reliable infrastructure for optimal routing with low latency and high throughput. Not only that, we should focus on diversifying the network and providing more relays and bridges running on top of diverse networks. That’s what we’d like to accomplish, and with everyone who loves what Tor does.

    Sadly there are many relay operators that do not maintain their infrastructure well, falling behind on updates and doing little to no monitoring. By running stable and reliable Tor relays and bridges that vision of a better network ensues. We take into careful consideration potential ethical and security risks. The Tor Project team and community already protect against malicious operators and the network itself is diverse enough to handle that. However we should still do everything we can to protect the privacy of traffic that transits through our nodes. Our nodes run on top of various hosting providers, in various geographical locations. We favor providers that show a general respect for privacy and have a beefy network, no 100Mb/s rate limit with 1TB of bandwidth here. We also have our own ASN and IP space for exit relays: unredacted.org/about/network

    To protect our nodes from compromise we do our best to harden against commonly exploited attack surfaces. Nothing fancy here, but we do our best at the moment. This requires a consistent state across all nodes. For this, we use Ansible (an automation tool) which allows you to automate the configuration of your computers. With this, we enforce a pretty strict SSH policy, iptables rules, packages that every node should have, Prometheus exporters, wireguard mesh (Tailscale), various others and the full configuration of our Tor daemons. For Tor automation, we use an Ansible playbook called ansible-relayor. All of this allows us to automate the configuration of our 27 Tor nodes, applying updates, and rotating keys just to name a few. Without this, manual configuration of 27 nodes would be an extremely painful and arduous process to say the least. In theory, we can now automate the configuration of every OS feature.

    Protection is not the only thing, we need good monitoring too. To ensure consistent and reliable service, you just have to monitor your services. We make sure we have deep enough insight into our nodes, but without exposing any Tor user data. We do not log IPs, or analyze the netflows of our traffic. We collect basic metrics using Prometheus and node_exporter. Prometheus (+AlertManager) is configured to send notices through email for high CPU, RAM, disk, I/O load (and other things). We also have a 3rd party which notifies via email and SMS if something goes down. We hope to expand this in the future so that we can also collect route and packet loss statistics from outside sources that are looking into our network. Packet loss is a large cause of high latency, any way we can reduce that on our network would be crucial as the Tor network is typically already higher latency.

    Now, how have we been doing so far? See for yourself! We made publicly accessible graphs and data points that show the utilization of our nodes. We’d like to be as transparent as possible, so these metrics do not contain any revealing info.

    https://grafana.unredacted.net/d/ce-tor-relays/unredacted-tor-relay-metrics?orgId=1

    The past 30 days as of writing

    As you could imagine, all of this requires funding to do. We ask that you help us build a better Tor network through your support and donations, or run your own node.

    If you choose to donate, we accept many forms of payment, in addition to cryptocurrency. To donate, please visit our Donation page. Your donation will make a visible impact on the Tor network through our metrics. If you wish to be notified what your funds went to, we can give you the breakdown.

    Thanks for your time,
    Zach

Donate