Questions & Answers
Traditional proxying work by relaying your web browser's requests for webpages to a third-party server that makes the request and provides the response on your behalf. Citzens in Internet-censored countries can use proxies like these to access websites blocked by their government. However, the government censor can just as easily block these proxies as it can the blocked websites they are used to access — by blocking the IP address that hosts the proxy server. The proxy may change IP addresses to subvert this block, but this ultimately results in a cat-and-mouse game, where citizens are constantly searching for and using new proxies, while the censor finds and blocks them.
Telex avoids this problem by locating devices at friendly ISPs between the user and popular websites that aren't blocked by the censor. These devices — called Telex stations — can intercept the user's connection to any uncensored website and stealthily redirect it to proxy server that allows access to censored sites. (We call this technique “end-to-middle” proxying.) In effect, Telex works like a proxy server with no IP address, making blocking it much more difficult.
Telex and Tor provide different, complementary features. Tor is primarily designed to provide anonymous communication, while Telex aims to provide unblockable communication. Unlike with Tor, the Telex system operators can see the user's IP address and what content the user is requesting. However, users who require anonymity could get it by using Telex to access Tor.
While Tor is currently used for anticensorship, it suffers the same cat-and-mouse game described above and has been blocked by several countries that discourage its use. Tor currently maintains a collection of bridge relays whose addresses are not publicly listed to allow users in these countries to connect. Telex may provide an alternate solution to this problem, by acting as an unblockable bridge relay.
In order for Telex to be difficult to block, it must be deployed at ISPs that carry traffic that the censor would not want to block. These could be ISPs near the edge of the network that each serve a single important website, or a smaller number of core network ISP that each serve millions of websites. Incentive for deploying Telex stations could come from governments or private organizations.
The code or specifications to run a Telex station would be made public, so it is possible for the censor to run their own Telex station. However, without the private key used by the real Telex stations, the censor will be unable to detect or block tagged connections.
Having multiple Telex stations requires a way to share a private key between trusted stations, while keeping it secret from the censor. This could be done by a central "Telex authority" that provides a vetting of potential stations, and provides the private key only to trusted parties. While the use of a single private key may increase the risk of (or damage caused by) a compromised Telex station, we note that large content distribution networks must also replicate their private keys used for HTTPS across multiple servers in different physical locations.
Telex stations can also be given a new private key every so often (e.g. every 5 minutes). Future private keys would be stored in a single secure location, and sent to trusted stations shortly before use. The corresponding public keys could be given to clients years in advance; almost 25,000 public keys can be stored in 1MB.
Alternatively, each station could generate their own private and public key, and a Public Key Infrastructure (PKI) similar to X.509 could be used to authenticate and distribute the trusted public keys to clients.
When establishing a normal HTTPS connection, the client sends a random number (called the ClientHello nonce). To create a Telex connection, the client replaces this number with what we call a tag — essentially, an encrypted value that looks random until it's decrypted. Decrypting Telex tags requires a private key contained in Telex stations. Since the censor doesn't have this key, it can't tell the difference between tags and the random numbers used in normal connections.
In addition to marking connections that are requests for anticensorship service, Telex tags convey information that allows Telex stations to decrypt the secure HTTPS connection that the client establishes with the non-blacklisted destination website. This lets the Telex station replace the contents of the connection with data from a blacklisted site.
For full details, see our technical paper.
Telex requires users to run client software on their computers. However, unlike previous proxy-based anticensorship systems, users don't need to know any secret information (e.g., an IP address or secret key) to access the system. We need to distribute the client software to users without it being blocked or tampered with, but nothing about it needs to be kept secret from the censor.
We believe providing a downloadable Telex client would be sufficient in most cases. While download websites may ultimately be blocked by the censor, users may be able to use intermittent and short-lived proxies to access it. Users could also obtain the Telex software by Sneakernet from friends or others they trust.
Our proof-of-concept implementation requires the user to specify an unblocked website to use, although curently there is only one server that works for this purpose (NotBlocked.telex.cc).
If Telex becomes widely deployed by ISPs, finding Telex stations could be made a part of normal browsing, where the client attempts to (secretly) hail Telex when accessing sites the user visits. If Telex responds, then the client has found a NotBlocked candidate, which can be later used to reliably communicate with Telex.
We could also choose to publish the list of Telex stations publically. Since paths can't be blocked as easily as traditional proxies, it isn't neccessary to keep their location secret from an adversary.
There are various characteristics that a censor might try to use to distinguish Telex connections from normal traffic. These include header fields and options at various network protocol layers, as well as the overall size, duration, and pattern of communication. While this is possible, detecting Telex using these methods is more difficult than simply finding and blocking proxies by IP address.
To combat this class of attack by the censor, Telex implementations could observe the behavior of normal traffic and emulate it by adjusting Telex traffic to match. Matching normal behavior with high fidelity is tricky and has performance costs, but implementations could gradually deploy better mimicry to counter increases in the sophistication (and cost!) of the censor's detection techniques.
For more details, see our technical paper.
No, Telex does not currently support IPv6, though there is no technical reason why it couldn't.
Telex provides the equivalent of a normal Internet connection at the location of the Telex station being used. Users can access material that is legal there but illegal in their home countries.
Telex is not designed to provide complete anonymity. ISPs that operate Telex stations learn the user's IP address and the contents of their traffic (just as they do with regular Internet traffic), which gives them powerful tools to respond to abuse.
No. Our prototype is not intended for real users, and it currently has several technical limitations that could allow a censor to detect use of Telex. We designed our proof-of-concept implementation to demonstrate the concept of Telex and to facilitate experimentation by other researchers.
Furthermore, Telex has not yet been deployed at any real ISPs. For now, clients can only use a single demonstration website as the non-blocked destination, which, of course, censors could easily block.
If your question isn't answered here, you can contact the Telex team.