[tor-dev] Def Con Kaminsky talk (censorship detection)

David Fifield david at bamsoftware.com
Mon Jul 30 17:57:38 UTC 2012

I saw an interesting talk by Dan Kaminsky at Def Con that touched on
some ideas for censorship detection. He mentioned OONI-probe and talked
about his project CensorSweeper. It tests blockedness of web sites by
making cross-domain requests for favicon.ico and displaying them in a
minesweeper-like grid.


He also mentioned something, which unfortunately I didn't follow very
closely, about using Flash sockets to spoof HTTP and HTTPS headers. I
think the gag here was sending these spoofed connections to a server you
control (so you can answer the crossdomain policy requests without which
Flash Player will refuse to connect), but you give it a Host header of a
censored site or something like that.


Unfortunately I don't have the conference DVD which presumably contains
the slides he used, but videos usually show up online after some number
of months.

David Fifield

More information about the tor-dev mailing list