Last week, I went to China, for the first — and possibly the last — time.

Later, when I feel like complaining, I’ll blog about the negative things, like the evidence that someone had broken into mine and another Tor developer’s hotel room. As well as the tale of being followed by multiple plainclothes people through the streets of Kowloon, again with another Tor developer, down alleys, in and out of cabs, through electronic stores where I loudly and openly bought tiny audio/video devices to bug myself and the hotel room with. This is the first time I’ve ever worn a wire (I know, they all say that, right?): it doesn’t feel right. I felt the compulsion to warn people who walked up and started talking to me, before they spoke. And even then I still felt dirty and creepy.

When I started officially working on things for the Tor Project a couple years ago, I’d imagined that the world was like a map in an RPG, and that there were a lot of dark, hazy spots that needed filling in. I worried that, if my legal name was publicly attached to Tor, that places like China, Iran, and Syria would always remain dark spots. The idea that I might be prevented from seeing and experiencing those cultures and regions firsthand, that I would not be able to see the homelands of people I wanted to empower, merely because a (corrupt would be redundant) government had gotten wise to some name I don’t answer to — it seemed daunting, and a bit heartbreaking.

I’ve been thinking a lot more about borders lately. Ashamed as I am to admit it (it’s not like I was ever in favour of having borders), until now I’ve held a very privileged perspective on them. Sure, borders suck. Got it. Yep, people should be allowed to work wherever they want. Freedom of association, right? And yet it had never occurred to me: that an invisible line drawn in the sand could keep you away from your home, or that an arbitrary date on a slip of paper could decide how long you were permitted to see someone you loved.

After living in Germany and France for precisely the number of days my tourist visa would allow, (Oops. I’d been counting, and thought I was still a week under. I should probably script that.) I took off for Hong Kong, where OpenITP had generously offered me a travel grant to attend the third Censorship Circumvention Summit. Jumping from France to China to somewhere-undetermined-that-is-not-Schengen definitely presented some interesting security challenges, since I had to take all of the things I own with me. (It all fits in a backpack, so it’s not a space/money issue, it’s a

“%&$#@! I’m carrying devices which normally have access to thousands of computers, including some Tor Project infrastructure and repositories, and I have to keep them safe from a government that is going to hate me more than the United States, while eating nothing but plain rice and travelling 24,671 kilometers?!”
issue.

Since part of this security setup involved not connecting to anything while inside China, I tried as best as I could to remove network capability from my laptop, including recompiling my kernel with most of the CONFIG_[*NET|IP*] settings disabled. Without internet and only IRL people to talk to, I got bored pretty fast (kidding! ♡ ) and resorted to pen and paper technology, because I had some ideas on Tor bridge distribution regarding a system for having clients connect to a bridge Distributor, and the Distributor authenticating the clients or requiring a valid Proof-of-Work computation. If the authcheck or PoW doesn’t pass, the Distributor should instruct an OONI Data Collector node to connect to the client, to scan for censorship events (I wonder if we can actually get a network vantage point from the DPI boxes? :D ), else if the client check passes, the Distributor should instruct a Tor Bridge to connect to the client.

Here are my notes.

Obviously, the Distributors are going to get blocked, but if we were to use something like David Fifield’s FlashProxy, with it’s Facilitator as our Distributor (notice how all these words are oh-so-cleverly suffixed with Tor…), to contact the Distributor through a “normal” browser, the client should still be able to compute the auth/PoW and the Bridge or OONI Collector connect back to them. The Proof-of-Work should be necessary for protecting the Facilitator/Distributor from getting blocked, as well as significantly increase the cost of scanning for bridges.