How Feed-Over-Email Circumvents Chinese Censorship

Neat article, both the technology and the hacker who created it.

Posted on February 11, 2011 at 7:05 AM • 20 Comments

Comments

Richard Steven HackFebruary 11, 2011 8:26 AM

Seems to me this technology could be defeated by a country simply by filtering all email and attempting to detect the encryption. In other words, if an email is encrypted (and perhaps not being addressed to someone who has authorization to use encryption), block it. I don't see why a deep packet filter can't do these things if a country wants them to. It would be a major hassle and require a lot of resources, but couldn't it be done?

Thoughts?

kashmarekFebruary 11, 2011 8:48 AM

Now that this technology has surfaced, it shouldn't take long to defeat it or most certainly, make it more difficult to use. We keep forgetting that all of this stuff evolves over time, and sometimes it even comes back to bite you much later. I wonder what new technologies IPV6 will spawn for this type of activity?

magetooFebruary 11, 2011 9:05 AM

Richard Steven Hack:

I suppose that's why this system relies on "foreign" email providers, and encrypted connections to them; email doesn't cross borders except for on the final hop to the end user.

But on the other hand, if one is willing to block encrypted POP/IMAP entirely...

GreenSquirrelFebruary 11, 2011 11:33 AM

I wonder how the likes of Australia will respond to this :-)

Also, would the US Government be so proud of it as a concept if it had been used to feed diplomatic cables to Wikileaks...

Although on a more sensible note, I agree with Paul and it is nice to see old concepts re-discovered.

Steve WeisFebruary 11, 2011 3:00 PM

Feed over Email does not require SSL by default. If users do not configure it to use an SSL email server, they will receive the feed in the clear.

Worse, messages from the FOE server are not authenticated and written to the user's disk. This could make FOE vulnerable to malicious spoofed messages.

See the project and source here:
http://code.google.com/p/foe-project/

Xin LIFebruary 11, 2011 7:00 PM

Frankly I think this is a no-go stuff.

It could be beneficial when used by small group to exchange data but I would expect it be defeated quickly if it is being used by broader audience.

A good spam filter could just flagged these messages as spams and on the other hand, this technique can be used to deliver spams to certain people; finally, the fact that it requires special decrypting software would expose more attack surface to those who installed the software.

claudioFebruary 12, 2011 4:58 AM

It remembers me the old FTPmail programs. I think it can be very effective: in fact it's a covert channel in a legitimate channel that the government cannot close. The key is that as long as news are text, it requires very little bandwidth, so the text can be hidden very effectively. It's a lot different than trying to hide browsing activities. With a bit of steganography (again, especially for text, that requires so little bandwidth), the encrypted text wouldn't be noticeable by the filters. Also, if a reader could get a "personalized" steganography key, even when the mechanism is discovered, the filters wouldn't be able to detect which messages carries a forbidden payload.

Dirk PraetFebruary 12, 2011 9:50 AM

Although someone will probably come up with a technique to block or cripple such feeds, the positive thing is that there is yet another technique to circumvent internet censorship, which for all practical purposes is a good thing.

It would seem that at least some folks take it seriously as the Google FOE project URL is not accessible from within Iran. For something similar, check out www.mailmyweb.com .

ElQhawaqFebruary 13, 2011 3:15 AM

The answer is yes, this technology can be easy defeated by a good content filter ( who treat these messages simply as spam ) or a packet filter. As known, Skype is one of the most hard applications to be blocked, it easily circumvents content and packet filters, but with a little effort, I have instructed my packet filters to apply a simple and extremly efficient strategy, when my packet filter see a Skype packet, it cut off from the Internet the machine who send it for 4 hours. Users, when starts to understand that Skype was the culprit of this malfunction, simply ceased to use it. So, with no effort, I have hit the target ... so can you imagine what a government can do ? I think that temporarly the FoE tech had surprised censors, but FoE can be considered too weak and it's only a matter of time until be defeated. Maybe, the "old and gold" steganography can be considered more useful, because also if censors discovered the algo it can be changed, so censors must to commit more resources every time until these commitments will be economically or technically unsustainables ...

bob (the original bob)February 14, 2011 6:56 AM

"...The client and mail server have to be encrypted to bypass the..."

I do not understand why ANY email is still unencrypted; at least since RSA's patent expired.

FnordFebruary 14, 2011 7:58 AM

My understanding is that China's internet censorship system really isn't that robust. There were already numerous technical ways around it. If this makes things easier, great. But it never was unbreakable, and never needed to be to keep the majority of citizens reading what the leadership wants.

David ThornleyFebruary 14, 2011 12:46 PM

@original bob: One reason why my email is unencrypted is that I want my recipients to be able to read it. While some of my friends are very computer-savvy, not all are, and my family tends not to be.

For encryption to work, all the popular email programs would have to support it, and transparently generate and handle key pairs. They would have to work properly with multiple recipients and mailing lists, including group replies. So far, there hasn't been the demand.

zoliFebruary 15, 2011 3:53 PM

One reason why not blocking the encrypted e-mails: you need the traffic for your agents using different nicknames and free mail services, not only the government ones, sniffed by the enemies 8-)
in case you put them on a white list...

paulFebruary 16, 2011 1:12 PM

Ultimately you can do mimic ciphers, which is pretty much what the best spambots do already. If you personalize those just a bit, it's going to be very hard to distinguish between those and "legitimate" messages.

MarcMarch 7, 2011 8:05 PM

I'm reading so much silly talk here...

This is basically encapsulating RSS in other protocols - mail (over SSL Web/POP/IMAP whatever). Because this is so commonly encrypted and the decryption software - SSL - is built into standard browsers and mail clients, users have a plausible reason to be using encryption.

Deep packet inspection won't work because of the encryption. Only option for the eavesdropper is to then to block anything that isn't cleartext, which means blocking a lot of services and is not without solutions either.

But seriously, what has spam filtering got to do with anything? The mail server is in a friendly country.

So much nonsense.

How to get the completed source of FOE?April 7, 2011 3:52 AM

How to get the completed source of FOE? I have get your FOE source files at http://code.google.com/p/foe-project/
. but when i compile the
solution with Visual Studio 2010, it show a fail message "not found
..\foe\AddFeed.cs". Is the AddFeed.cs neccessary? How to get this
file?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..