Learn more about uProxy: live Q&A with Lucas Dixon from Google Ideas
You might not realize it, but every time you connect to a website, your information travels through various locations. For example, it may travel from your computer to a WiFi hotspot, an Internet service provider, and then on to an international gateway before arriving at the site. This journey matters because it is at each step that the connection may be blocked, surveilled, or misdirected.
uProxy provides a pathway through which trusted friends can get safer, more private, and more reliable access. You give access to a friend by email or chat (you can use any chat network). By accessing the Internet through uProxy, a friend’s Internet connection is routed through your computer before it continues on to the site they want to visit. uProxy helps avoid attacks on your friend’s Internet connection. You can also use uProxy when you are traveling and worried about the security of your Internet connection. By using uProxy to route your connection back to your home computer, you can access the Internet as if you were in your own home.
We have asked the uProxy team a few questions about this tool, the answers to which you will find below. You can also find the transcript of a live, online Q&A session conducted between Iranian Internet users and Lucas Dixon from Google Ideas at this link.
1. Can you please explain what uProxy is and when do you think it will be available for users?
uProxy is a browser extension that lets users share alternative more secure routes to the Internet. It’s like a personalized VPN service that you set up for yourself and your friends. uProxy helps users protect each other from third parties who may try to watch, block, or redirect users’ Internet connections.
We expect it to be available to the general public in the spring or summer of 2014.
2. Can you please tell our readers about Google Ideas and what their involvement is in uProxy?
Google Ideas explores how technology can enable people to confront threats in the face of conflict, instability or repression. We connect users, experts and engineers to conduct research and seed new technology-driven initiatives. uProxy is a collaborative project. The repository and IP are owned by the University of Washington, and all the code will be distributed under the Apache 2 open-source license that makes it free for anyone to use. Google Ideas’ seeded the project and we now provide technical assistance. Brave New Software have also made many contributions from the start of the project. When we release the public version, we will then be inviting contributions from anyone interested. But we want to get a good core part of the development done first so that other developers can make more meaningful and efficient contributions.
3. What are some of the difficulties and considerations that come with developing a circumvention tool like uProxy?
We don’t think of uProxy as a circumvention tool; we think of it as a tool for security and access. It lets people connect to the internet with a similar level of access, trust and security as if you were on your friend’s computer. This is useful in countries that don’t block access to the internet, but where user’s are concerned about attacks on their connection to the internet.
4. What is the difference between uProxy, Tor and Psiphon? (From a User)
There are lots of differences!
From the perspective of a user getting access, the main difference to Tor, is that uProxy does not give the relatively strong guarantees no point of your connection knows both your IP address and the final site that you visit (and the final site you visit doesn’t see your IP address).
For a user trying to give someone access, uProxy provides an easy way to specify a small number of users who can use your computer to get access to the internet, and you know who they are and when they are accessing the internet through you (although we don’t provide a to see what they look at). If you run what is called a Tor exit node or relay (a service to help others get anonymous access to the internet), by design, you do not know who is using your computer to access the internet and you probably don’t know what they are doing with it.
The main difference to Psiphon is that, when you use uProxy to get access, you connect only through your friend’s computer. With Psiphon, you connect through a psiphon proxy server. This means two things:
1) Psiphon can see your internet traffic and serve you advertisements. With uProxy, there are no advertisements, and your internet connection goes via your friend, not via any central collection of servers.
2) If the psiphon servers’ IP addresses get blocked, then it will stop working. For uProxy, if access to one of your friend’s IP address is blocked, then you can still get access via a different friend. If you live in the US and just want your internet connection to be as safe as your home internet, then you can leave a computer at home running uProxy and connect to it. That’s not something psiphon ties to do.
So Psiphon, Tor, and uProxy all have different, although sometimes overlapping goals.
5. Why should people use uProxy when they can buy a good VPN with just 1 USD per month in Iran?
It’s about trust. a VPN service you install on your computer has the capacity to look at all your internet traffic. It also has the capacity to redirect, block, or manipulate your internet connection, potentially sending false email on your behalf. If you trust the VPN, then 1 USD a month is a good deal. If you don’t trust it, then it’s probably a bad idea.
6. What will happen to my data when I use uProxy? Will they be stored on Google servers?
No google servers need to be involved to use uProxy. The proxying connection is encrypted between you and your friend before it goes from your friend’s computer to the final site. Your data is not logged on any google servers. But you should trust the person you are connecting through. If you want to chat to a friend on google talk, then you will connect to the google talk server for that. For uProxy you do need some way to chat to your friend to setup the peer to peer proxying connection. But this can be by email or any chat network.
7. What type of encryption will be used for uProxy? Do you provide end-to-end encryption? If yes please explain how. (From a User)
We plan to use ZRTP-style user-authentication with an obfuscated form of DTLS. So the encryption is DTLS, but the wire format in obfuscated. End-to-end encryption is supported: if you go to an encrypted site you still do the normal key exchange. The proxy you use is just an intermediate node in the same way as your WiFi hotspot or router – so we’re exploring prompting people to install https-everywhere, or to provide similar functionality directly in uProxy. Encouraging end-to-end encryption is good for the everyone.
8. Is there a way for users who do not have a friend outside of Iran to connect? Any servers they can connect to? (From a user)
No, we deliberately don’t have any centralized servers because we’d have to start playing a cat-and-mouse game of having them blocked and moving them again. We think that by crowdsourcing the provision of proxies and making them easy to setup and access with your friends we may be able to improve the security and access of many users. This means people will need to make friends with people abroad if they want see what internet access is like abroad. We actually quite like the idea of more people making friends across national boundaries. If you just want access and don’t know anyone, then using Psiphon, Tor, HotSpot Shield, or one of the many other VPN and proxy solutions is probably what you should do.
9. So I have to ask my friend to come to his computer and open his browser everytime I want to use uProxy to circumvent and access censored content? (From a User)
No, you have to ask them once. If they grant you access, you can connect anytime. The computer does need to be on, and does need to be running the browser. But in many countries, people have several spare computers and home internet connections that they spend most of their time not using. We think that they can use these old computers and internet connections to help their friends by running uProxy on them.
10. Could you explain for readers the opportunities and issues for the social network nature of peer-to-peer circumvention tools; and any thoughts you might have about how to mitigate some of the risks?
The risky situation is that someone is very desperate to get access to the internet, and then they meet someone they don’t know or trust, but who offer’s them internet access, then they might decide to use it. The person they connect through cannot see the content of HTTPS connections to sites they don’t know (e.g. encrypted connections to gmail will still be encrypted), but they do have the capacity to misdirect your HTTP internet connections, change content you see, and otherwise do bad things your internet experience. This is in fact no different to using a VPN service provided by someone you don’t trust.
Using social connections provides a way to leverage the trust you do have and mitigate risks. The opportunity is that there are many people who lack the technical knowledge, but who, if they knew how, would be able to help their friends and family have more secure and reliable connections to the internet. uProxy ties to bridge the technical-know-how gap and enable people to help each other.
One other thing you should be aware of for using uProxy: it’s not just your friend, but their internet connection that you depend on. So, you should encourage them to take digital security seriously, for example by reading things like Google’s Good To Know site. uProxy also does not help you avoid getting malware. So you should read about internet security, and use 2-step authentication too.
11. If I want to host uProxy on a dedicated server without a full desktop or web browser, will future versions of the software allow me to run it in headless mode, such as a VPN service or Tor bridge would?
Yes, we would very much like to make that happen. We are actively working to make it run easy to run uProxy in the cloud or on a router.
12. Are there plans for allowing access-providers the ability to run a more open service through allowing less direct trust relationships like permitting friends-of-friends access?
There are plans to think about it more. The challenge to extending the access network is that you weaken the level of trust. The university of Washington has also also done experiments with this before in Oneswarm. We’re also working with Brave New Software to learn from their experiments in Lantern. If, after more research, it seems like a good idea, then we’ll probably work more together and build something like that for uProxy too.