Circumvention Tools Analysis
February 10,2016
Cecile Basnage and David Fifield
Overview
4 tools overviewed
User Flow investigated
Summary
High-Level Insights
1. Psiphon
Download
Set Up
• ~5 MB
• No installer, just ran
• Download, run exe, starts automatically
Main Screen/ Site Visit
• Opens IE to https://www.facebook.com/pages/Psiphon
Settings
• Automatically sets proxy settings (*note: this was reset every time)
• example:HTTP/HTTPS: 49196
• SOCKS: 49195
• Psiphon changes Windows system proxy setting
• even though IE launched automatically, Chrome used the proxy as well.
• IP address came up as 45.79.85.58, Linode, New Jersey
Additional Features: Feedback
Additional Features: About
Additional Features: Language
Bugs
None Seen?
Usability Pro’s / Cons
(+) Automatic proxy settings -> hypothetically reduces cognitive load
(+) Options for Feedback, About, Language
-clear location
Questions to Investigate:
Psiphon sets system wide proxy. Is this what users expect, or is this confusing?
2. Lantern
Download
Main Screen
Homepage: 2nd try
Demo Site Visit
• "Log in to use your Facebook account with "lantern-ui".
• Clicking on "lantern-ui" brings to an error page.
Settings
• Barely any settings
* Run automatically
* Proxy all traffic
* Report usage statistics
Additional Features
-About
-Proxy Settings
PAC File
Question to consider: How are other domains getting exempted from Lantern?
Bugs: Demo Site Visit
• Clicking on "Manoto1" option gives a cert error.
• NET::ERR_CERT_COMMON_NAME_INVALID: www.manoto1.com ≠ www.manototv.com
•surprising because Manoto is on their homepage.
-> is the translation proxied?
-> could this inadvertently leak what website you are visiting because of google translate?
Usability Issues
Pros
(+) “nice” visual design
(+) about page (offers privacy policy, disclaimer, licenses)
Cons
(-) Unclear how to stop it from running: there is no “Exit” button
Closing the tabs doesn't change the proxy settings.
lantern.exe will still run
(We had to kill the process in order to stop lantern from running)
(-) Unclear: Which sites are proxied?
• Inconsistency between sites on homepage and other sites
• What is my IP address gave us a Berkeley IP address.
• But Clicking on YouTube gave us "YouTube NL".
Advertises that it proxies 6 sites, are these the only accessible ones?
(-) No option to change language
although it does have translation capability
Further Questions:
When people use Lantern, what are their expectations about their proxied connections?
• Do they think re all their websites are being proxied?
• Do they try to access a website when Lantern is not running?
• Do they think Lantern will be running the next time they turn on their computer?
• Is translation being proxied?
• Is OCSP being proxied? (OCSP.verisign.com was in the PAC file)
• Where are the 6 proxied domains set (not in PAC file?)
3. Ultrasurf
Download
• Very unclear
• Signed executable wrapped inside unsigned file
• Created several new files/ directories
Opened a explorer window and didn't do anything
Log\Content.IE5\AL0XH9YD\u[1]
Double-clicked on "u1504", now it's a signed exe.
Double-clicked that,
opened a little main window,
opened IE to http://ultrasurfing.com/,
Main Screen
• opened firewall error (see below).
•Unclear: three progress bars ("99.8%") seem to allow you to choose
one from three servers.
Additional Features:
• Home, Retry, Option, Help, Exit, Feedback
Additional Features: Feedback
•"Feedback" gives a base64 blob just like Freegate.
Additional Features: Help
"Help" gives a user guide.
Additional Features: Options
•Question: what do these 3 options do? Auto-detect also looks like it is manual.
•These overlap with IE settings. (could be to address linkability?)
Proxy Settings
Proxy settings offers: Auto-Detect, Manual, Directly use UltraSurf
IE Blocking Ultrasurf
Proxy Settings
Checked IP as 64.62.219.162
Fremont, California, Hurricane Electric.
Additional Pages : Exit
Exiting disabled system-wide proxy.
Bugs / Weirdness
Weird golden lock icon on the desktop that you can drag around.
Draws itself on top of everything else.
You can right-click to get a dropdown menu
"Help" gives a user guide.
4. Freegate/Dynaweb
Download
Main Screen
First thing that appears is a EULA (End user License Agreement)
• Accepting agreement yields a control panel
“Control Panel”
Options:
Main Screen: Freegate Panel
Buttons for Dynaweb home, Turn OFF, Settings, Exit, Help, About, Feedback.
"Connected to 7 Servers, port: 8580, Tunnel(A)"
Proxy Settings
Changed windows proxy settings to 127.0.0.1:8580, looks like HTTP/HTTPS only.
Feature: Feedback
Doesn't even tell you where to send it.
Demo Site Visit
Opened IE window to www.dongtaiwang.com/loc/phome.php?v=7.57p&l=409
Offers a form to enter a URL, then dongtaiwan.com serves a redirect to what you asked for. Entering "whatever” gives you a broken redirect.
Redirect URL
http://dongtaiwang.com/log/redirect.php?pm=y&URL=...
•Discrepency between behavior when URL was typed in different places
• When we entered URL in regular URL bar, it detected that we weren’t in China.
Another Site Demo: Berkeley Page
•When when tried to visit Berkeley page, only HTML loaded.
Settings
• Unclear Settings
• Control panel said “you can make changes under Settings” panel, but Settings looks completely different
• What is the A tunnel vs. F Tunnel?
Additional Pages : Help, User Guide, Exit
Support
Clicking Support takes you to GIFC forums.
User Guide
Clicking Help gives a local HTML page, user guide.
Exit
Clicking Turn Off gives a warning that the proxy setting is reset.
Bugs /Side Effects
Windows Firewall tries to block Freegate
Usability Summary
Cons:
• Several bugs
• Overall lack of clarity in layout.
Questions to Consider
• What is the difference between Freegate and Dynaweb?
•What is the significance in the different URL form vs. regular URL?
Conclusion
• Psiphon seemed most usable, could be looked into more.