Telex Anti-Censorship System

This is really clever:

Many anticensorship systems work by making an encrypted connection (called a “tunnel”) from the user's computer to a trusted proxy server located outside the censor's network. This server relays requests to censored websites and returns the responses to the user over the encrypted tunnel. This approach leads to a cat-and-mouse game, where the censor attempts to discover and block the proxy servers. Users need to learn the address and login information for a proxy server somehow, and it's very difficult to broadcast this information to a large number of users without the censor also learning it.

Telex turns this approach on its head to create what is essentially a proxy server without an IP address. In fact, users don't need to know any secrets to connect. The user installs a Telex client app (perhaps by downloading it from an intermittently available website or by making a copy from a friend). When the user wants to visit a blacklisted site, the client establishes an encrypted HTTPS connection to a non-blacklisted web server outside the censor’s network, which could be a normal site that the user regularly visits. Since the connection looks normal, the censor allows it, but this connection is only a decoy.

The client secretly marks the connection as a Telex request by inserting a cryptographic tag into the headers. We construct this tag using a mechanism called public-key steganography. This means anyone can tag a connection using only publicly available information, but only the Telex service (using a private key) can recognize that a connection has been tagged.

As the connection travels over the Internet en route to the non-blacklisted site, it passes through routers at various ISPs in the core of the network. We envision that some of these ISPs would deploy equipment we call Telex stations. These devices hold a private key that lets them recognize tagged connections from Telex clients and decrypt these HTTPS connections. The stations then divert the connections to anti­censorship services, such as proxy servers or Tor entry points, which clients can use to access blocked sites. This creates an encrypted tunnel between the Telex user and Telex station at the ISP, redirecting connections to any site on the Internet.

EDITED TO ADD (8/1): Another article.

EDITED TO ADD (8/13): Another article.

Posted on July 19, 2011 at 9:59 AM • 52 Comments

Comments

Dave KearnsJuly 19, 2011 10:09 AM

But wouldn't it be easy for the censors to put Telex stations on their routers - which the user's packet would reach first - to decrypt the messages and learn the identity of the users?

BrianJuly 19, 2011 10:12 AM

As usual, defense puts in more work setting up Telex stations and offense puts in more work looking for them (by setting up their own Telex stations, by using their own clients, by disallowing https that is encrypted with keys they don't own, by setting up intercepting and replacing certificates with their own (then decrypting and encrypting the requests with telex-trusted keys), etc. Man-In-the-Middle attacks are astonishingly effective when you're a government.

This is a pretty clever idea, but it's definitely not a silver bullet.

JasonJuly 19, 2011 10:14 AM

Sounds like a great method for covert communication: overshooting your target with your message, and counting on them to sniff the traffic and read the hidden message. Internet routing may make this hard, but a sufficiently determined group could probably pull it off.

Andrew2July 19, 2011 10:15 AM

@Dave Kearns

No. At least, not without compromising the Telex stations' private keys.

Andrew2July 19, 2011 10:20 AM

@Brian

The nifty part here is that this is a way to leverage the man in the middle position to combat government censorship rather than to perpetrate it.

Clive RobinsonJuly 19, 2011 10:25 AM

For those not in the know I would have a look at the work of Adam Young and Moti Yung on "kleptocryptography"

One of the things they showed was it was due to the amount of redundancy in a PQ Public key possible to hide an amount of information equivalent to about half the bit size of the PQ key.

One use of this would be to backdoor the PQ pair by providing a hidden shortcut to either P or Q.

This back door cannot be shown to exist unless you know not just the method used but the secret as well...

However it also opens a whole load of other possabilities as I've mentioned befor.

Mike CurranJuly 19, 2011 10:31 AM

@Andrew2

Chicken and the egg. Without Telex you can't verify that you have a clean public key and without a clean public key you can't use Telex.

DavidJuly 19, 2011 10:38 AM

Clever indeed - the censors cannot determine who under their control is accessing what (absent, perhaps, side channels). ... until they get a copy of one of the private keys; and detection of where these telex stations lie is fairly trivial. I would only see this working well for quite local censorship - it won't last long in China, for instance.

renoXJuly 19, 2011 10:42 AM

@Brian: for the censoring government setting up their own Telex stations doesn't help find the one owned by "anti-censorship ISP" unless they know their private keys (thanks to hacking, bribbing, etc), but yes they could provide "treacherous" Telex clients.

Now the main question is: will ISPs implement this if the Telex software becomes mature?
They don't seem to have a lot of incentives to do this..

anycatJuly 19, 2011 10:59 AM

Everyone seems to be focusing on the in-transit aspect of this. I would think that any country heavily censoring would also have the capability to scan citizens computers for any instance of the clientside software. I could even see detection being rolled into government "antivirus" software to quarantine the software upon loading.

Andrew2July 19, 2011 11:01 AM

@Mike

Granted, but that's the age-old PKI problem, which already exists with current anti-censorship solutions. You have to somehow verify your proxy's public key, but you can't until you do.

Presumably, you would need to get a public key for a trustworthy station (or a trustworthy certification authority of trustworthy stations) from the same place you get the client software.

RHJuly 19, 2011 11:04 AM

On the gov't not blocking https:

"This is a safe assumption, since blocking all HTTPS traffic would cut off practically every site that uses password logins."

Wouldn't that be nice if this was the case? **meanders off to boot up Firesheep**

Andrew2July 19, 2011 11:38 AM

Thinking about this a bit more, a censor ought to be able to use the Telex public keys to map out which neighbor ISPs are cooperating or route traffic through other ISPs who are. Once they've done that, what is to stop a censor from simply routing around them?

Unless enough ISPs cooperate that trying to avoid them all is equivalent to shutting down the internet entirely I'm not sure how this would work. And even then, specialized ISPs might pop up providing the censor with Telex-free connections for a premium.

J.P.K.July 19, 2011 11:40 AM

What's the incentive for an ISP to take part in this? Surely any ISP under the thumb of an oppressive regime such as one that this is intended to circumvent would be leery of installing anything that could threaten their very existence under said regime.

GweihirJuly 19, 2011 11:49 AM

No chance for deployment at all.

Just like all the IP traceback proposals, this requires changes in the core network. They are not going to happen. There is a reason everything new is on the endpoints only and that reason remains valid. So while this might be clever, it is completely unusable and ignores reality.

renoXJuly 19, 2011 12:15 PM

@Gweihir, I agree that there is very unlikely that ISPs deploy such system unless the US government (for example) gives a lot of incentives for them to do.

But I wonder if private website (*) couldn't do the same thing?
The main advantage is that the governements wouldn't know (**) if the users are legitimate or not which reduce significantly the risk of the visit of the goon with the $5 wrench(!): a significant improvement over Tor: stealthy proxies!

*:whose owner think that it is more important to allow Chinese Internet users to allow unrestricted browsing than the risk to be blocked by Chinese governement
**: unless they manage to steal the private key used

Andrew2July 19, 2011 12:16 PM

@J.P.K.

The ISPs not under the thumb of the oppressive regime of course.

The idea only requires an ISP willing to cooperate between the censored users and any content that the censor does not want to block. Presumably the censor wants to allow users access to some popular websites hosted in less restrictive jurisdictions.

Andrew2July 19, 2011 12:20 PM

@renoX

Such a site would be blocked as quickly as one that offers an HTTPS proxy. Telex doesn't change anything for this particular use case.

Nick PJuly 19, 2011 12:32 PM

Here I was getting excited about a new anti-censorship system when I find that it depends on the trustworthiness of the men in the middle and large investments from Tier 1 or 2 providers. (Sigh)

Well, it did remind me of a scheme that's actually useful today for port knocking. Port knocking is where an external client sends a certain sequence of packets to prespecified, closed ports. Upon recognizing the correct sequence, the firewall dynamically changes its rules to allow access. Port knocking schemes vary from using specific packets to cryptography.

One team said, "Wouldn't it be cool if we could do cryptographically secure port-knocking, but in a way where nobody knows we're doing it?" Yeah, it would be. That's why they created a protocol to do it. It would be great if some cryptographers or formal methods guys would peer review this so I can determine whether to incorporate it into other provably secure schemes. I also imagine some interesting stego uses for this scheme if it passes muster.

SilentKnock: Practical, Provably Undetectable Authentication
http://www.cs.umn.edu/~hopper/silentknock_esorics.pdf

BrianaryJuly 19, 2011 12:39 PM

@Andrew2

"only" ?

Any regime that censors is oppressive by definition, right?

Wouldn't having this box on an ISP's premises be cause for serious punishment?

renoXJuly 19, 2011 12:43 PM

@Andrew2: Both can be easily blocked, true, but the main difference is that users who try to escape the firewall by using 'Telexed website' are far less suspect than those who try to use 'Tor proxy'.

An important difference for the users I think!!

anonJuly 19, 2011 1:09 PM

@Gweihir more or less my initial thought too, but I was thinking of the security implications of having the mechanics in place to do this sort of thing. Once you have it, it will be used for other things as well.

OTOH it could be moved to other locations in the network, e.g. a cloud hosting provider could sniff all inbound connections regardless of which client it's going to.

Another variant would be to use this as a side-channel look-up service for other tunnel systems: service providers would watch for the headers as described, decode them, and then inject a new herder into the response that holds an IP address encrypted with the payload from the request. With a very small payload, this could even be done on unencryption requests without the host sites participation. All that remains is how to get the public keys to the anarchists and how to guess which one to try per http request.

Clive RobinsonJuly 19, 2011 2:07 PM

@ anon,

"how to guess which one to try per http request"

That is quite easy, if you come up with a scheme to produce a set of bits with a one way algorithm.

For instance generate a large publick key where 25% oof the bits twords the top are infact a short message signed with a short public key.

The large public key looks just like a large public key (which it is) but to somebody with the short private key they can decrypt the 25% of the bits that hide the short message.

How to do this was worked out in the 1990's and sofar remains a secure system to use.

magetooJuly 19, 2011 2:47 PM

Nick P:
"Here I was getting excited about a new anti-censorship system when I find that it depends on the trustworthiness of the men in the middle and large investments from Tier 1 or 2 providers. (Sigh)"

I thought so too at first, but I can't see anything that would stop a smaller/medium ISP (someone like rackspace, say) from running a "Telex station" (ugh, hate the name) other than my initial assumptions and their ability to handle the bandwidth.

I agree that large providers and the folks in charge of the global level infrastructure are pretty unlikely to go for this sort of thing.

anycat:
"I could even see detection being rolled into government "antivirus" software"

IIRC Freenet has already been flagged as bad by some commercial antivirus software...

Dirk PraetJuly 19, 2011 3:39 PM

I share the concern that large ISP's are unlikely to go for this. I'd even go further to say that I wouldn't trust any ISP known to have been in bed with (the) government(s) before and suddenly running a telex station. Then again, if enough smaller ISP's can be found to participate - especially those located in countries leaning towards net neutrality such as The Netherlands - , we may still have an additional anti-censorship layer to be used with existing solutions such as Tor. Finding a sponsor to turn it into an appliance would also be helpful.

Clive RobinsonJuly 19, 2011 4:38 PM

Just noticed an "Opps" with my above...

"That is quite easy, if you come up with a scheme to produce a set of bits with a one way algorithm"

Should have "with a secret trapdoor" appended to it.

cknnsJuly 19, 2011 4:40 PM

If you what to counter this method as a government that controls the infrastructure, you could employ man-in-middle attack for the https connection by sending forged certificates, and then monitor all the traffic. Yes the browser will complain, but you will have to click "next"(for whatever) if you want to connect to any site.
From the bob's and alice point of view you need the ISPs to deploy equipment (Telex stations). From Eve's point will need only on the software on the existing infrastructure you own.

anonJuly 19, 2011 4:56 PM

@Clive Robinson: the question is how to know which "short public key" to use for each http request. My assumption is that there will be many keys in use but most participating servers will only have a small number of keys they are watching for. -- Having a small number of keys would provide littler protection in the event of compromise and watching for a large number would be computationally prohibitive.

KevinJuly 19, 2011 4:58 PM

While it looks like a good idea on the surface I can imagine that if it does catch on then those who wish to track the users can do a bit of sniffing and start correlating increased numbers of https connections to sites which wouldn't normally need them and which might also be known Telex stations. They would already have the infrastructure in place to do this anyway. Although https is encrypted, can it be fingerprinted?

Just because the trusted proxy server is outside the network doesn't mean nobody knows about it - How else would you connect to it in the first place? If anything, were I the bad guys I'd be looking forward to this so that I can start collecting IP addresses to locate "persons of interest".

Also, guilt by association is not even the lowest standard of evidence used by those who would wish to intercept Telex (I can't be the only one who still remembers that there's already something called that, can I?) connections so trying to decrypt the content wouldn't even necessarily be the motivation.

Nick PJuly 19, 2011 5:08 PM

@ Clive Robinson

I was a little confused about this last time you mentioned it but now I think I get it. Correct me if I'm wrong: kleptography is basically an undetectable, covert storage channel that leaks keys or information through keys. I don't see why it would be a problem on a smartcard with an OS like MULTOS that have certified, non-modifiable crypto libraries and do signed app loading. If the TCB is protected from software attacks, then this should defeat this class of attack by preventing subversion, right? Otherwise, any app with non-audited write privileges to the public-key generating component, like OTR on Pidgin messenger, would be able to subvert the system. Am I on the mark?

Clive RobinsonJuly 19, 2011 5:24 PM

Now as always "how to go about attacking the system"...

If you assume the hiden tag realy is unidentifiable how would a country like China work out it is in use.

Now the obvious way is to backdoor every PC in China and check for the client software as described by others above.

However let us look at this as a more general case than just Telex and assume that for some reason this obvious route of client software identification is unavailable and all the Chinese can do is observe the traffic in the comms channel at "the great firewall".

Well the Chinese know the source and destination IP addressess so can see both sides of the channel (outbound request and inbound response) at the great firewall. However it is assumed that in any such ssoftware both sides of the comms channnel are encrypted in an unbreakable way.

So what can the Chinese see at the great firewall that they can use to differentiate traffic from the "legitimate" site with traffic from an "illegitimate" site (as far as the Chinese are concerned).

Well two things immediatly spring to mind,

1, Delay time differences.
2, Return size differences.

It can fairly safely be assumed that the Chinese can see the normal round trip time to a popular site on a minute by minute basis simply because of a high level of "legitimate" traffic crossing the great firewall. It would thus be reasonable to expect that without very carefull control at the site that switches the traffic to the "illegitimate" site the round trip time would be sufficiently different between the "legitimate" and "illegitimate" sites to be fairly easily detectable.

Likewise it can be safely assumed that the Chinese will have mapped out the size of most "return pages" from the "legitimate" site thus there is a reasonable chance that the size of the return page from the "illegitimate" site will be sufficiently different a sufficient number of times that a user of the client software could be identified.

Less obviously there are other more interesting ways to do the detection WHICH could also identify the "illegitimate" site the client is actually getting data from.

One such method is looking at "TCP timestamp" "rollover times. These can quite accurately fingerprint "illegitimate" sites that are known to the Chinese authorities. They then can compare the size ot the returned traffic to have a reasonable chance of actually identifing the page downloded by the client.

It is because of these "side channel" attacks many systems like this don't work as well as expected. Providing a solution to Anti-Censorship has to address these issues or it will ultimatly fail.

Clive RobinsonJuly 19, 2011 5:33 PM

@ Nick P,

"Am I on the mark?"

Yes.

The amount of redundancy in a PQ pair is actually quite astonishing.

You can do a simple calculation by using N = 0.5 (P^P-1), where P is the aproximation to the number of Primes in the range to half the number of bits in the public key.

Clive RobinsonJuly 19, 2011 5:46 PM

@ anon,

"... and watching for a large number would be computationally prohibitive."

Not realy it depends on the one way function and secret trap door used. If we assume something like a short public key length and a known message then provided it's done the right way around it is relativly fast (oh for SSL's sins and historical reasons it does public key the wrong way around putting an unnecessary high load on the server).

Roland TurnerJuly 19, 2011 7:16 PM

I suspect that the big problem[1] is the dependence upon co-operative CAs: once it becomes known that a CA is willing to issue certificates in its customers' names to random ISPs (which is something that the Telex service depends upon), it seems likely that that CA would promptly lose rather a lot of its business from at least the fraction of its customers who know that they depend specifically on the CA never doing this.

The target government could even accelerate the CA's demise by disrupting, say, 50% of SSL sessions to servers which present SSL certificates signed by a co-operating CA. This wouldn't be enough to seriously harm business in the target country, but is likely to cause a sufficiently large spike in the server-operator's customer complaint rate to get them to dump their existing CA immediately.

- Raz

1: Bigger, that is, than finding ISPs who are willing to operate Telex stations for the purpose of subverting, say, the Chinese government but not worried about retaliatory interference in their business. China routinely blocks trade with whole nations whose heads of government meet with the Dalai Lama et al. Is it such a stretch to imagine that they'll include in license terms for doing business in China an obligation not to do business with ISPs who operate Telex stations?

tommyJuly 19, 2011 8:24 PM

Sheer traffic analysis by, say, China would show that the number of visits to cutepuppydogs.com has suddenly jumped by some multiple. Red flag. (no pun intended).

All these people here arguing for freedom of Internet access, and arguing in favor of DoS attacks on "bad" sites in the thread posted later the same day, about the arrest of "Anonymous".

I guess it depends on whose ox is being gored.

Henning MakholmJuly 19, 2011 8:25 PM

The heading led me to think this would be about a syste for avoiding censorship of circuit-switched teletype connections. Don't people google before they name things anymore?

Richard Steven HackJuly 19, 2011 10:00 PM

Seems me the issue of evading state censorship is the same as the one hackers face: the traceability of IP addresses (and all those side channels Clive talks about.)

A hacker has to worry about someone tracking him down for illegally accessing an IP address. Someone seeking to evade censorship has to do the same.

The only solution I think has even a remote chance of working in both cases is wireless and mobility. You connect without a wire and you move around enough both in space and time that the authorities can't get a bead on you. And given that the authorities can, IF necessary, put an intelligence gathering aircraft with sophisticated SIGINT gear over your city, this can be quite a problem. But I think it's doable by hackers given proper tradecraft and misdirection techniques.

Not so for ordinary people under censorship.

OTOH, if there are enough such ordinary people, the state has the usual problem of tracking down enough of them to make a difference in the behavior of the rest. So overwhelming the censorship system probably has a degree of success - or it could just result in a worse crackdown.

I notice a news item yesterday, something about China having shut down some humongous number of Web sites. Aggravating them more with systems like this may be counter-productive in the long run.

The larger question once again becomes: Is this sort of thing a good idea? While censorship is "bad", having other countries trying to interfere with it just ratchets up hostility between countries. It's on a par with spending money to support the "Green Movement" in Iran - not to mention funding Jundallah and M.E.K. terrorists to murder Iranians. While the degree of subversion obviously is not the same as running a Telex server, it's still in the eyes of the censorship state a direct attack on their prerogative of controlling their population.

To put it another way, how would the US react if Iran put up a radio station in Mexico broadcasting English-language propaganda into the US? The US government would go berserk and probably bomb it.

In other words, schemes of this sort, while noble-minded, don't address the larger issues.

And in any event, I suspect the hundreds of thousand of Chinese hackers have the situation well in hand, anyway.

tommyJuly 19, 2011 10:26 PM

@ Richard Steven Hack and All Else:

"And in any event, I suspect the hundreds of thousand of Chinese hackers have the situation well in hand, anyway."

I expect that the Chinese already have keyloggers, viruses, etc. in the machines of suspected dissidents --- and everyone else, for that matter. The machines are made in China, the routers are made in China...

OMG! I'm typing on a Chinese-made machine going through a Chinese-made router! CUallL8R!

Richard Steven HackJuly 20, 2011 1:59 AM

Tommy: I'm thinking more along the lines that those hundreds of thousands of Chinese hackers know how to get around "the great firewall" and probably are happy to show anyone who asks how to do it - and clean off or subvert the Chinese state malware.

After all, a lot of Linux is used in China...I bet a lot of Linux live CDs are used to circumvent state malware.

tommyJuly 20, 2011 2:09 AM

@ Richard Steven Hack:

It would be interesting to know how many Chinese hackers would risk jail, torture, and death to help dissidents, vs. those who help the Gov.

The Live CD is a great idea, assuming you get a "clean" one, not a counterfeit with the malware already in it. Hmm... where have we talked about Live CDs in security recently? (coughbankcough) ;-D

HansiJuly 20, 2011 2:26 AM

To me that sounds a little bit like the old saying about NSA publications and announcements: If you want to know more about it, just call your mother and ask...

renoXJuly 20, 2011 2:26 AM

@Richard Steven Hack: Linux live CDs don't prevent the government to log your IP address if the proxy you are using is known by the government..

And how these Chinese hackers would know whether the government monitor a proxy or not?

They wouldn't! But with Telex (implemented by an ISP or by a website as I suggested), the government wouldn't know if you are a normal user or someone who try to get around the firewall.

WooJuly 20, 2011 2:49 AM

Am I the only one who needed significant time to realize that the "Telex" mentioned here is NOT the archaic phone-typewriter-punchtape thingie?

Richard Steven HackJuly 20, 2011 7:01 AM

Woo: Nope, I'm old enough to remember the term - and to have actually punched cards on a keypunch and used a Teletype terminal to talk to a computer. And played games on an Altair and a Radio Shack Model One. :-)

Tommy: Hackers being who they are, I suspect quite a few would like to access sites not allowed. Also, it's not only dissidents who they might help but the more average person who'd like to see more of the world than the state allows. In other words, I suspect most Chinese hackers aren't just helping the Chinese government get secrets from the US even if the US and the US IT security industry has a stake in promoting that view. I suspect not every Chinese hacker is necessarily a black hat.

And my suggestion is that such hackers might be more in touch with and able to help their own citizens evade state censorship more than some well-meaning external anti-censorship effort in another country.

RenoX: "Linux live CDs don't prevent the government to log your IP " No, but a suggestion was made that the Chinese state could put surveillance software on many machines. A live CD - provided it was sourced from a safe location - could.

As to whether the state could penetrate the Telex system, I think the consensus view here is that they probably could to at least some degree with some effort. Whether that effort would be effective has to be conjecture in the absence of the system being implemented.

FOKJuly 20, 2011 7:33 AM

I am affraid that this will not work. There are two problems in this implementation.
1) according to the schema in the original post. It seems that it will require that ISP's route be able to detect telex sessions. So it will require carrier grade routers with modified fimware. Or router much closer to decoy website and then easier blocking from censor.
2) if it will be implemented on tier 1 or 2 providers infrastructure, then it will be very easy to detect such attempts just by making changes in routing.
There might be another problem. If the "telex marker" is on predefined position in the message, then it can be detected too.

Richard Steven HackJuly 20, 2011 8:35 AM

FOK: "If the "telex marker" is on predefined position in the message, then it can be detected too."

This from the post would seem to address that issue: "We construct this tag using a mechanism called public-key steganography. This means anyone can tag a connection using only publicly available information, but only the Telex service (using a private key) can recognize that a connection has been tagged."

Since the entire transaction is SSL encrypted, this presumably protects it. The only thing the censor nominally has to look at it is the remote end SSL connection site and that is innocent.

However: "We envision that some of these ISPs would deploy equipment we call Telex stations. These devices hold a private key that lets them recognize tagged connections from Telex clients and decrypt these HTTPS connections."

Which means if the state obtains one of these Telex private keys by ANY means, they can also detect the transactions tagged as Telex - and decrypt them. A determined state would find a way to obtain one of those keys.

In any event, the state can undoubtedly obtain the Telex client software and probably construct some way to recognize it's effects by some sort of "signature" in terms of how it constructs its SSL requests or other characteristics, similar to the way Nmap and similar software passively "fingerprints" operating systems.

It's clever, but I doubt it's robust enough to withstand a determined state's effort to breach it. Again, the question of interest is whether such a breach could be done effectively and efficiently enough to make the effort worth while on the state's part.

And the larger issues I raised are not addressed.

embassiesJuly 21, 2011 11:46 PM

I've often thought that the embassies of pro-democracy countries or their military bases should play some part in offering Internet gateways in oppressive countries. Would they want to get onboard with Telex, rather than ISPs? Microsoft could also offer a covert service for those needing lots of Windows updates.

tomasAugust 4, 2011 3:29 PM

I'm a westerner who've been living in China for many years. Is very annoying to see comments like "It would be interesting to know how many Chinese hackers would risk jail, torture, and death to help dissidents, vs. those who help the Gov." People outside of China is clueless about how censorship and control works in China. Many chinese people use methods to "jump the wall" (as they say it in Chinese), from VPN to SSH tunnels to HTTP-based (CGI) proxies (although most Chinese people just dont care about facebook or twitter, and the Chinese alternatives are better anyway). The censors do what they can to block websites like youtube, twitter, facebook, and to edit content in chinese social networks. Torture? Death? Over "firewall jumping"?! That's a very ridiculous idea and many Chinese people would feel offended over this suggestion.

doubterOctober 30, 2012 11:01 PM

to tomas:

If you are a westerner I am guessing that English is not your native language..
I would even say that your native language is Chinese. Why else would you be using "is" vs "are" and "feel offended" vs "be offended" ? These are dead giveaways..

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.