Bypass firewall using Ultrasurf

Ultrasurf is a freeware Internet censorship circumvention product created by Ultrareach Internet Corporation. The software enables its users to bypass censorship and firewalls using an HTTP proxy, and employs encryption protocols for privacy...

The software was developed by Chinese dissidents as a means of allowing internet users to bypass the Great Firewall of China. It currently boasts as many as 11 million users worldwide. The tool has been lauded as "one of the most important free-speech tools on the Internet" by Wired magazine, and as the "best performing" circumvention tool by Harvard University in a 2007 study; a 2011 study by Freedom House ranked it fourth. Critics in the open source community have expressed concern about the software's closed-source nature and alleged security through obscurity design; Ultrasurf says their security considerations mean they prefer third party expert review to open source review.^[1]

Overview

Ultrareach was founded by Silicon Valley technologists in 2002. The group's founders were Chinese dissidents associated with the Falun Gong spiritual movement, and Ultrasurf was initially designed to allow internet users in China to evade government censorship and monitoring online.^[2] Use of Ultrareach has since grown to as many as eleven million users worldwide.^[3] During the Arab Spring, Ultrareach recorded a 700 percent spike in traffic from Tunisia.^[3] Similar spikes appear during times of unrest in other regions, such as Tibet and Burma during the Saffron Revolution.^[2] Wired magazine in 2010 called Ultrasurf "one of the most important free-speech tools on the Internet" for enabling citizens of repressive countries to access and share information during times of humanitarian or human rights crises.^[2]
Ultrasurf is funded, in part, through contracts with the U.S. government's Broadcasting Board of Governors, which administers Voice of America and Radio Free Asia.^[3] As of 2012, the funding however has trouble keeping up with traffic.^[4]

Operation

The software works by creating an encrypted HTTP tunnel between the user's computer and a central pool of proxy servers, enabling users to bypass firewalls and censorship.^[5] Ultrareach hosts all of its own servers.^[5] The software makes use of sophisticated, proprietary anti-blocking technology to overcome filtering and censorship online.^[5] According to Wired magazine, Ultrasurf changes the "IP addresses of their proxy servers up to 10,000 times an hour."^[2] On the server-side, a 2011 analysis found that the Ultrareach network employed squid and ziproxy software, as well as ISC BIND servers bootstrapping for a wider network of open recursive DNS servers, the latter not under Ultrareach control.^[6]
Ultrasurf is designed primarily as an anti-censorship tool, but also offer privacy protections in the form of industry standard encryption, with an added layer of obfuscation built in.^[7] Ultrareach uses an internal content filter which blocks some sites, such as those deemed pornographic or otherwise offensive.^[5] According to Wired magazine: "That's partly because their network lacks the bandwidth to accommodate so much data-heavy traffic, but also because Falun Gong frowns on erotica."^[2] Additionally, the Falun Gong criticism website facts.org.cn, alleged to be operated by the Chinese government, is also unreachable through Ultrasurf.^[6]

Client software

Ultrasurf is free to download, and requires the installation of a local u.exe file. Ultrasurf does not install any additional files on the user's computer, and leaves no registry after it exits.^[5] To uninstall the software, a user needs only to delete the u.exe file. It is only available on a Windows platform, and runs through Internet Explorer by default, with an optional plug-in for Firefox.^[8]
The Ultrareach website notes that "Some anti-virus software companies misclassify Ultrasurf as a malware or Trojan because Ultrasurf encrypts the communications and circumvents internet censorship."^[9] Some security companies have agreed to whitelist Ultrasurf.^[10] According to Applebaum, the Ultrasurf client uses anti-debugging techniques and also employs executable compression.^[6] The client acts as a local proxy which communicates with the Ultrareach network through what appears to be an obfuscated form of TLS/SSL.^[6]

Evaluation

In a 2007 study, Harvard University's Berkman Center for Internet & Society found Ultrasurf to be the "best performing" of all tested circumvention tools during in-country tests, and recommended it for widespread use. In particular, the report found that Ultrasurf effectively bypassed various forms of censorship and blocking, include IP block, DNS block, and keyword filtering. It was also the fastest tool during in-country tests, and was noted for being easy to use and install with a simple user interface.^[5]
The report noted, however, that Ultrareach is designed primarily as a circumvention product, rather than as an anonymity tool, and suggested that users concerned about anonymity should disable browser support for active content when using Ultrasurf.^[5]
A 2011 report by the U.S.-based human rights group Freedom House ranked Ultrasurf fourth overall among censorship circumvention and privacy tools, as measured by a combination of performance, usability, support and security. In particular, the tool was recommended for users interested in downloading or viewing information, who required a relatively high degree of privacy, and who favored a fast connection speed.^[11]
Some technologists have expressed reservations about the Ultrareach model, however. In particular, its developers have been criticized by proponents of open-source software for not allowing peer review of the tool's design, except at the discretion of its creators. Moreover, because Ultrareach operates all its own servers, their developers have access to user logs. This architecture means that users are simply required to trust Ultrareach not to reveal user data.^[2][5] Ultrareach maintains that it keeps logs for a short period of time, and uses them only for the purpose of analyzing traffic for signs of interference or to monitor overall performance and efficacy; the company says it does not disclose user logs to third parties.^[2][7] According to Jacob Appelbaum with the Tor Project, an Ultrasurf competitor, this essentially amounts to an example of "privacy by policy".^[6]
In an April 2012 report, Appelbaum further criticized Ultrasurf for its use of internal content filtering (including blocking pornographic websites), and for its willingness to comply with subpoenas from U.S. law enforcement officials.^[6] Appelbaum's report also noted that Ultrasurf pages employed Google Analytics, which had the potential to leak user data, and that its systems were not all up to date with the latest security patches and did not make use of forward security mechanisms.^[6] Further more Applebaum claims that "The Ultrasurf client uses Open and Free Software including Putty and zlib. The use of both Putty and zlib is not disclosed. This use and lack of disclosure is a violation of the licenses."^[6] In a response posted the same day, Ultrareach wrote that it had already resolved these issues, and asserted that Appelbaum's report had misrepresented or misunderstood other aspects of its software. Ultrasurf argued that the differences between the software approaches to Internet censorship represented by Tor and Ultrasurf were at base philosophical, being different approaches to censorship circumvention.^[7]