For the last two years, a team of engineers and researchers has quietly been working to develop new technology for Internet freedom. Today, we are pleased to share results from the first large-scale field trial of refraction networking, a fundamentally new way to help people around the world learn and communicate online in the face of censorship. We served more than 50,000 users, for more than a week, by deploying refraction networking at partner ISPs.
Our results show that Internet Service Providers who value Internet freedom can play a powerful, positive role in fighting global censorship. We believe this points toward the future of Internet freedom.
Across the world, national governments are clamping down on what their people can say, learn, and do online. Freedom House, whose Freedom on the Net report is a longstanding yardstick of Internet censorship, finds that censorship has increased in each of the last six years, and that two-thirds of Internet users worldwide are now at risk of being punished if they speak out online about the government, military or ruling family in their country.
John Gilmore, an engineer who helped to build the early Internet, explained nearly 25 years ago that “the Net interprets censorship as damage and routes around it.” And at first, that sounded like a pretty good summary. Initially, the innovation and creative energy of the Internet were largely at its edges, where participants dreamt up new ways to use it — and the infrastructure at the network’s core, which held everything together, was relatively simple. Would-be censors struggled to keep up with network traffic, and users seemed constantly to stay a step ahead, with encryption, proxy servers and other steps giving them unfettered access.
But that balance is changing. Over the last few years, the advantage has shifted to favor censors, who control the core of the Internet in their countries. Backbone networks are no longer the “dumb pipes” they once were: Censors can now inspect the data crossing their borders in real time, in increasingly subtle ways, to detect and prevent circumvention efforts. Strategies that rely on endpoint proxy servers are failing, against increasingly sophisticated state-level censors, who can see and control a country’s entire network.
Repressive governments are building censorship into the core of their networks. It’s time for those of us who favor Internet freedom to respond in kind, engineering networks to avoid artificial barriers to learning, communication, and commerce. Internet connections are an indispensable touchstone of modern life for people around the world, and Internet freedom should be a central and inevitable facet of these connections.
Refraction networking,* the strategy we used in our trial, makes this idea a reality. Rather than trying to hide individual proxies from censors, refraction brings proxy functionality to the core of the network. This makes censorship much more costly, because it prevents censors from selectively blocking only those servers used to provide Internet freedom. Instead, whole networks outside the censored country provide Internet freedom to users — and any encrypted data exchange between a censored nation’s Internet and a participating friendly network can become a conduit for the free flow of information.
For our trial, we built a high-performance implementation of the TapDance refraction networking scheme and deployed it on four ISP uplinks with an aggregate bandwidth of 100 gigabits per second. To reach end users, we partnered with Psiphon, a popular anti-censorship tool. For this trial, some Psiphon users received a specially updated version of the Psiphon client, which was configured to use TapDance instead of Psiphon’s other circumvention strategies. Over one week of operation, our deployment served more than 50,000 real users. The experience demonstrates that TapDance can be practically realized at ISP scale with good performance and at a reasonable cost, potentially paving the way for long-term, large-scale deployments of TapDance or other refraction networking schemes in the future.
For more information:
One last thing: We are starting to plan larger, longer-term trial deployments of TapDance. If you work in networking and are interested in learning more, please get in touch!
* Early conversations about this strategy used the term “decoy routing” to refer both to this overall family of approaches and to the specific scheme described by Karlin et al. in 2011. After careful deliberation, we’ve decided to use refraction networking as a flexible term to refer to all schemes that embrace this general strategy.