Google's uProxy could help fight Internet censorship
October 22, 2013
At its Ideas Summit in New York, Google has announced that it is working on developing a browser extension that will act as an easy-to-use way to bypass country-specific Internet censorship and make connections safer and more private.
The tool, which was developed by the University of Washington and seeded by Google, is at its core a peer-to-peer personalized virtual private network (VPN) that redirects Internet traffic coming from an initial, less secure connection through a second, trusted connection, and then encrypts the pathway between the two terminals.
Whenever you access the Internet, the connection is routed through a number of terminals. At each step of the way the connection may be blocked, surveilled, or even tampered with (especially if the data is not encrypted). On the whole, the safety and privacy of your data is only as good as the weakest link in the chain.
Google's solution with uProxy was to develop a tool that makes it much easier to make an unsafe connection more secure, with the help of a trusted friend.
The software, which will be available as a Chrome and Firefox extension to begin with, can use existing social networks like Facebook or Google Hangouts to help find users who already have uProxy installed on their system. If two users agree to use the service in tandem, the software can begin to make data connections safer.
How it works
Let's assume that Alice, who lives in a country with an Internet censorship problem such as China or Iran, contacts Bob, who has much safer, or uncensored, or unmonitored access to the Internet.
Bob agrees to act as a proxy for Alice, and as long as his browser is open, Alice's outgoing web traffic will now be routed through Bob's connection, and so she'll now be able to access websites that she wouldn't otherwise be able to reach on her own. The connection between Alice and Bob is also encrypted.
To an external observer looking at Bob's connection, it would appear that he is simply surfing the net, while it is really Alice who's doing the browsing. Likewise, an observer looking at Alice's connection would only see a stream of encrypted data being sent from and to Bob, but would not be able to understand it, or determine whether it's "allowed" web traffic or not.
One more possible use for the software could be to proxy your own web traffic whenever you are traveling and worried about the safety of your connection (when you're connecting to an open Wi-Fi hotspot or public network, for example). In cases like these, you can use uProxy to route your web traffic back to your home computer and access the Web as if you were in your own home.
What uProxy is (and isn't)
Internet proxies already provide a similar service, but the advantage with uProxy is that it's a true P2P service, so there is no centralized server that governments can block. The data packets in the encrypted connection between Alice and Bob aren't marked in any way, and so they can't be easily flagged by a malicious user (or government).
Google cautions that users should only make use of uProxy with those they trust. If you provide someone access to your safer connection, you have to trust that they will be using the connection legally: since the traffic is routed through you, you will be responsible for their online activity.
Likewise, if you're using the service to get access from someone else, you have to trust that their connection is secure. If it isn't, you may be thinking that you're not being monitored, while really you are. In fact, if your friend's connection turns out to be less safe than your own, you'll just be making things worse for yourself.
The service doesn't anonymize traffic like Tor, and it isn't a file sharing tool as it only proxies traffic from web browsers.
Google says it is developing uProxy for the desktop versions of Chrome and Firefox to start with, and that the tool may be expanded to other browsers and mobile platforms in the future.
The software has been launched as a private beta only, and the code hasn't been made available to the public yet because Google wants to make sure that the software is indeed tamper-proof. For that, it is allowing technically-savvy beta testers to take a look at the code to iron out any bugs.
Once the software reaches the desired stability, it will be audited by Internet freedom organizations such as OpenITP, and then made freely available under an open source license.
The video below is a short introduction to the software.