Circumvention Tools Analysis

February 10,2016

Cecile Basnage and David Fifield

Overview

4 tools overviewed

•  Psiphon
•  Lantern
•  Ultrasurf
•  Freegate

User Flow investigated

• Set Up & Download
• Main Screen and/ or Demo Site Visit
• Settings
• Additional Functionality
• Bugs
• Usability Summary

• Pros, Cons, Further Questions

Summary

• On 1/28, used Window 7 on a VM to investigate 4 circumvention tools (note that IE was set as the default browser)

High-Level Insights

• Common usability issues:

• unclear/ long installation (Freegate, Ultrasurf)
• security by obscurity/ non-transparent operations (Freegate, Ultrasurf)
• unclear exit (Lantern)

• Usability  “nice-to-have”s:

• Accessible Settings page
• “About”, “Feedback” pages  

• Lantern, Psiphon in general more usable than Freegate, Ultrasurf.

1. Psiphon

Download 

Set Up

• ~5 MB

• No installer, just ran

• Download, run exe, starts automatically

Main Screen/ Site Visit

• Opens IE to https://www.facebook.com/pages/Psiphon

Settings

• Automatically sets proxy settings (*note: this was reset every time)

• example:HTTP/HTTPS: 49196

• SOCKS: 49195

• Psiphon changes Windows system proxy setting

• even though IE launched automatically, Chrome used the proxy as well.

• IP address came up as 45.79.85.58, Linode, New Jersey

Additional Features: Feedback

Additional Features: About  

Additional Features: Language

Bugs

None Seen?

Usability Pro’s / Cons

(+) Automatic proxy settings -> hypothetically reduces cognitive load

(+) Options for Feedback, About, Language

        -clear location

Questions to Investigate:

Psiphon sets system wide proxy. Is this what users expect, or is this confusing?

2. Lantern

Download 

• 4.4 MB
• Signed download.
• Ran the exe, opened an IE window

Main Screen

• Ran the exe, opened an IE window.
• http://127.0.0.1:16823/ with title "{{ 'LANTERN' | translate }}"
• came up automatically

Homepage: 2nd try

• Pasted the URL into Chrome, worked.

Demo Site Visit

        • "Log in to use your Facebook account with "lantern-ui".

• Clicking on "lantern-ui" brings to an error page.

Settings

• Barely any settings

 * Run automatically

 * Proxy all traffic

 * Report usage statistics

Additional Features

        -About

        -Proxy Settings

• Changes the system proxy settings, automatic proxy URL http://127.0.0.1:16823/proxy_on.pac
• Exempts certain domains, LAN IP addresses,
• proxy IP:port is 127.0.0.1:8787.

PAC File

Question to consider: How are other domains getting exempted from Lantern?

Bugs: Demo Site Visit

• Clicking on "Manoto1" option gives a cert error.

• NET::ERR_CERT_COMMON_NAME_INVALID: www.manoto1.com ≠ www.manototv.com

•surprising because Manoto is on their homepage.

-> is the translation proxied?

-> could this inadvertently leak what website you are visiting because of google translate?

Usability Issues

Pros

(+) “nice” visual design

(+) about page (offers privacy policy, disclaimer, licenses)

Cons

(-) Unclear how to stop it from running: there is no “Exit” button

        Closing the tabs doesn't change the proxy settings.

lantern.exe will still run

(We had to kill the process in order to stop lantern from running)

(-) Unclear: Which sites are proxied?

        • Inconsistency between sites on homepage and other sites

• What is my IP address gave us a Berkeley IP address.

• But Clicking on YouTube gave us "YouTube NL".

Advertises that it proxies 6 sites, are these the only accessible ones?

(-) No option to change language

        although it does have translation capability

Further Questions:

When people use Lantern, what are their expectations about their proxied connections?

        • Do they think re all their websites are being proxied?

        • Do they try to access a website when Lantern is not running?

        • Do they think Lantern will be running the next time they turn on their computer?

        • Is translation being proxied?

        • Is OCSP being proxied? (OCSP.verisign.com was in the PAC file)

        • Where are the 6 proxied domains set (not in PAC file?)

3. Ultrasurf

Download

        • Very unclear

• Signed executable wrapped inside unsigned file

• Created several new files/ directories

Opened a explorer window and didn't do anything

Log\Content.IE5\AL0XH9YD\u[1]

Double-clicked on "u1504", now it's a signed exe.

Double-clicked that,

opened a little main window,

opened IE to http://ultrasurfing.com/,

Main Screen

• opened firewall error (see below).

•Unclear: three progress bars ("99.8%") seem to allow you to choose

one from three servers.

Additional Features:

• Home, Retry, Option, Help, Exit, Feedback

Additional Features: Feedback

        •"Feedback" gives a base64 blob just like Freegate.

Additional Features: Help

        "Help" gives a user guide.

Additional Features: Options

•Question: what do these 3 options do? Auto-detect also looks like it is manual.

•These overlap with IE settings. (could be to address linkability?)

Proxy Settings

        Proxy settings offers: Auto-Detect, Manual, Directly use UltraSurf

IE Blocking Ultrasurf

Proxy Settings

        Checked IP as 64.62.219.162

Fremont, California, Hurricane Electric.

Additional Pages : Exit

Exiting disabled system-wide proxy.

Bugs / Weirdness

Weird golden lock icon on the desktop that you can drag around.

Draws itself on top of everything else.

You can right-click to get a dropdown menu

"Help" gives a user guide.

4. Freegate/Dynaweb

Download 

• Correct download was not obvious. First link was wikipedia page.
• 2.5 MB exe download. fg757p.exe
• Signed executable.

Main Screen

First thing that appears is a EULA (End user License Agreement)

• prohibits reverse engineering and network analysis.

• Accepting agreement yields a control panel  

“Control Panel”

Options:

1. All websites (everything goes through proxy)
2. Blacklist of proxy sites (everything goes through proxy unless in this list)
3. Whitelist of proxy sites (these sites use proxy)

Main Screen: Freegate Panel

Buttons for Dynaweb home, Turn OFF, Settings, Exit, Help, About, Feedback.

"Connected to 7 Servers, port: 8580, Tunnel(A)"

Proxy Settings

        Changed windows proxy settings to 127.0.0.1:8580, looks like HTTP/HTTPS only.

Feature: Feedback

• Clicking Feedback gives you a base64 blob to send in.

Doesn't even tell you where to send it.

Demo Site Visit

Opened IE window to www.dongtaiwang.com/loc/phome.php?v=7.57p&l=409

Offers a form to enter a URL, then dongtaiwan.com serves a redirect to what you asked for. Entering "whatever” gives you a broken redirect.

Redirect URL

http://dongtaiwang.com/log/redirect.php?pm=y&URL=...

•Discrepency between behavior when URL was typed in different places

• When we entered URL in regular URL bar, it detected that we weren’t in China.

Another Site Demo: Berkeley Page

        •When when tried to visit Berkeley page, only HTML loaded.

Settings

• Unclear Settings

• Control panel said “you can make changes under Settings” panel, but Settings looks completely different

• What is the A tunnel vs. F Tunnel?

Additional Pages : Help, User Guide, Exit

Support

Clicking Support takes you to GIFC forums.

User Guide

Clicking Help gives a local HTML page, user guide. 

Exit

Clicking Turn Off gives a warning that the proxy setting is reset.

Bugs /Side Effects

        Windows Firewall tries to block Freegate

Usability Summary

        Cons:

                • Several bugs

• Overall lack of clarity in layout.

Questions to Consider

        • What is the difference between Freegate and Dynaweb?

        •What is the significance in the different URL form vs. regular URL?  

Conclusion

• 4 types of circumvention tools
• Freegate,Ultrasurf, Lantern all had clarity issues

• Lantern: Which of 6 sites are proxied?
• Freegate: What is the difference between two URL bars?
• Ultrasurf: Why can the user not reverse-engineer the product?

•  Psiphon seemed most usable, could be looked into more.