Freedom

Camouflage browsing proof of concept

What is camouflage browsing?

Camouflaged browsing is a method for bypassing censorship by using a covert channel. The goal of camouflaged browsing is not only to access blocked web sites anonymously, but also to hide the fact that any "forbidden" communication occurs. This project is a proof of concept implementation of camouflage browsing using Gmail and Gtalk services.

How it works?

When you want to visit a web site using camouflage browsing, you send the web site URL to another user running a camouflage browsing server. The server download the requested page and send you back the page content to your email address. You can view the sent page directly in your Email client or in Gmail web interface, or use the camouflage browsing client to fetch the page from Gmail server and open it in your web browser.

Response format

The camouflage server provides a response in two formats:

Embedded page
This format requires no installation in the client side and is best for anonymous browsing from a public computer. The page content is embedded in the mail reply and you can view it directly in Gmail web interface or in your email client. Note that due to lack of support for embedded CSS in Gmail web interface, some pages may not be displayed nicely as they are displayed in popular mail clients.
Attached page
This format allows better user experience but requires the installation of the camouflage client on the client computer. The server sends the page content as attachment, and the client detect a reply from the server, download the page attachment and open it with your web browser.

Camouflage browsing testing server

You are invited to try our server at "camouflage.server@gmail.com" using email or chat.

Installing

Installation is required only if you want to run the camouflage client or server.

  1. Download and install Python 2.7: http://www.python.org/download/
  2. Download and extract Freedom for Linux and Mac OS X or Windows:

The archive includes both the client and the server for GNU/Linux, Mac OS X and Windows.

Uninstalling

Stop the server or client and delete the freedom directory.

You may also delete the cache directory, located in "~/.freedom/cache" on GNU/Linux systems and Mac OS X, and "~\Application Data\freedom\cache" on Windows.

Setting up a Gmail email account for camouflage browsing

As all communication is done through emails, the email addresses is known to the communicating parties. Thus, you should use email addresses that do not expose your real identity.

If you want to run the camouflage client or server, you must enable IMAP support in your Gmail account:

  1. Log in to your Gmail camouflage browsing account
  2. Click the "Mail settings" option from the menu in the top right corner.
  3. Click the "Forwarding and POP/IMAP" tab.
  4. In the "IMAP Access" section, check the "Enable IMAP" checkbox.
  5. Click "Save Changes" button at the bottom.

Inviting camouflage server

In order to see the online status of the camouflage servers in your Gmail Chat contact list you should invite the server:

  1. Log in to your Gmail camouflage browsing account.
  2. Enter the server email address into the Gmail Chat invite text field.
  3. Click the "Invite to chat" option from the popup menu.

If the server is online, you will see the server address in your Chat contact list, marked with a green dot. If the server is offline, it will be marked as "invited". The server will accept your invitation when it logs in to Gtalk server, and it will appear in you Gmail Chat contact list whenever the server is online.

Using camouflage browsing from a public computer

Camouflage browsing from a public computer does not require any installation. Use Gmail Chat to send a page URL to the server, and read the mail reply directly in Gmail web interface:

  1. Log in to Gmail using your camouflage browsing email address.
  2. Click one of the online camouflage servers in the Gmail Chat contact list, to start a chat with the server.
  3. Copy and paste the URL you want to visit (for example, http://gnu.org) into the chat window and press the Enter key.
  4. When the server replies, (for example, Re: http://gnu.org), click the message and read the page in the web interface.

To visit links in the page, copy and paste them into the camouflage server chat window.

Big web pages may be clipped in Gmail web interface. In this case Gmail display [Message clipped] and a link: View entire message. Clicking this link will open the full page in a new window.

Running a camouflage client

Running the camouflage client provides better browsing experience, opening the pages in your web browser.

When sending a page URL to the server, add the attach option: " -a" or " --attach" after the URL. When the server receive this option, it will send the page as attachment that can be opened in a browser.

To run the camouflage client, open a shell and type this command:

./freedom-client.py email-address

Now use Gmail to send requests to the server:

  1. Log in to Gmail using your camouflage browsing email address.
  2. Click one of the online camouflage servers in the Gmail Chat friends list, to start a chat with the server.
  3. Copy and paste the URL and the attach option (for example, http://gnu.org -a) into the chat window and press Enter.
  4. When the server replies, the camouflage client will open the page in the default browser.

To visit links in the page, copy and paste them into the camouflage server chat window.

To stop the client, press Control+C. On Windows you may need to press Control+Break or close the window.

Running a camouflage server

First setup a public Gmail email address for camouflage browsing serving. Do not use your regular email address. You should publish this email address so camouflage browsing users can access your server.

To start the server, open a shell and run this command:

./freedom-server.py public-email-address

When the server ask for password, enter email-address password.

To stop the server, press Control+C. On Windows you may need to press Control+Break or close the window.

Note: A user that runs a camouflage browsing server, may be considered responsible for traffic generated by camouflage clients. You should consult the recommendations for running a Tor exit node.

Future enhancements

Name Server

  • There should be a name server, allowing detection of online servers.

Client

  • The client should find servers automatically using the name server.
  • The client should run as local proxy, redirecting requests to the server, eliminating the Chat interface and the need to send request options manually.
  • Visiting links in a received page should go to the local proxy instead of accessing the URL directly, revealing your IP address and URL to anyone monitoring the network.
  • Currently the user running a server can view all the traffic for a client. The client should choose a server randomly for each request, limiting the exposed information about client email address.

Server

  • The server should notify the name server when connecting and disconnecting.
  • The current implementation uses SMTP to send replies, revealing the IP address of the server in the email headers. The server should use Gmail web interface to send replies, as it does not disclose the IP address of the sender.
  • The server should allow web site filtering to protect the server owner from legal issues.