[tor-dev] Def Con Kaminsky talk (censorship detection)
David Fifield
david at bamsoftware.com
Mon Jul 30 17:57:38 UTC 2012
I saw an interesting talk by Dan Kaminsky at Def Con that touched on
some ideas for censorship detection. He mentioned OONI-probe and talked
about his project CensorSweeper. It tests blockedness of web sites by
making cross-domain requests for favicon.ico and displaying them in a
minesweeper-like grid.
http://www.censorsweeper.com/
https://www.hackerleague.org/hackathons/wsj-data-transparency-code-a-thon/hacks/censorsweeper
He also mentioned something, which unfortunately I didn't follow very
closely, about using Flash sockets to spoof HTTP and HTTPS headers. I
think the gag here was sending these spoofed connections to a server you
control (so you can answer the crossdomain policy requests without which
Flash Player will refuse to connect), but you give it a Host header of a
censored site or something like that.
http://miriku.com/wp/2012/07/decon-day-3/comment-page-1/#comment-1416
Unfortunately I don't have the conference DVD which presumably contains
the slides he used, but videos usually show up online after some number
of months.
David Fifield
More information about the tor-dev
mailing list