Ultrasurf

from Wikipedia, the free encyclopedia
Ultrasurf
Basic data

developer UltraReach
Publishing year 2002
Current  version 16.03
operating system Windows
category Security software
License Freeware
German speaking No
ultrasurf.us

Ultrasurf is a freeware product from the Internet company UltraReach. The software enables its users to bypass Internet censorship and a firewall with an HTTP proxy (computer network) and uses Encryption Control Protocol (encrypted protocols) for privacy.

The software was developed in 2002 by Chinese dissidents , mostly Falun Gong practitioners, who immigrated abroad after the persecution of Falun Gong began in China in 1999. Initially, Ultrasurf was supposed to allow internet users in China to bypass the Golden Shield project (also called the Great Firewall of China). Later, more and more users started using the software outside of China; in 2012 there were already over eleven million users worldwide. Ultrasurf was recognized by Wired magazine as "one of the most important tools for freedom of expression on the Internet", and in a study by Harvard University in 2007 it was considered the "most powerful" evasion tool. In a 2011 study, Freedom House placed Ultrasurf in fourth place. Critics within the open source community have expressed concern about the nature of closed source software and its construction of supposed security through secrecy . UltraReach noted on the other hand that they prefer expert advice over the opinions of the open source community in their security considerations.

overview

UltraReach was founded in 2002 by Chinese dissidents in Silicon Valley . Shortly thereafter, Ultrasurf was created to enable internet users in China to evade internet censorship in the People's Republic of China . In 2011 Ultrasurf reported to have eleven million users worldwide. During the Arab Spring , UltraReach saw a 700 percent increase in traffic from Tunisia. Similar increases in data traffic often occur during times of regional unrest, such as the wave of arrests in Tibet, the SARS outbreak across China or during the Saffron Revolution in Burma. In 2010, Ultrasurf was described by Wired magazine as “one of the most important means of freedom of expression on the Internet”, as it helps citizens to access information from oppressed countries and to exchange it with others in times of humanitarian or human rights crises .

Ultrasurf is funded in part through contracts with the Broadcasting Board of Governors , an independent division of the US government that manages Voice of America and Radio Free Asia radio stations . In 2012 UltraReach struggled to service its growing user base due to insufficient funding.

business

Client software

Ultrasurf is free to download and does not require installation. The software does not install any files on the user's computer and does not leave any entries in the registry of the operating system after use. In other words, it leaves no trace of its use. To completely remove the software from the computer, a user just needs to delete the exe file named u.exe. Ultrasurf is only available for Windows platforms and runs with Internet Explorer as standard . With the help of a plug-in, it can also be used with Firefox and Chrome .

The UltraReach website noted that "some antivirus software companies classify Ultrasurf as malware or trojans because Ultrasurf encrypts communications and bypasses internet censorship". Some security companies have, however, agreed UltraSurf to the White List to be set. According to Jacob Appelbaum , the Ultrasurf client uses anti- debugger techniques and also uses executable compression. The client acts as a local proxy communicating with the UltraReach network, which appears to be an obfuscative form of TLS / SSL .

Ultrasurf server

The software works by creating an encrypted HTTP tunnel between the user's computer and a central pool of proxy servers so that users can bypass firewalls and censorship. UltraReach manages all of its own servers itself. Ultrasurf uses sophisticated, proprietary anti-blocking technology to overcome filtering and censorship online. According to Wired , Ultrasurf changes the "Internet protocol addresses of their proxy servers up to 10,000 times an hour". An analysis in 2011 showed that on the server side, the UltraReach network uses Squid and Ziproxy software as well as BIND servers to leverage a wider network of open recursive DNS servers, the latter not being under UltraReach's control.

Ultrasurf was primarily designed as an anti-censorship tool, but thanks to its industry standard encryption it also functions as a privacy protection with an additional built-in layer of obfuscation. UltraReach uses an internal content filter that blocks some websites, such as pornographic, otherwise objectionable, etc. This is done for several reasons, according to Wired , "partly because their network lacks the bandwidth to handle so much heavy traffic," but also because Falun Gong disapprove of offensive eroticism. This also applies to the website facts.org.cn, which criticizes Falun Gong and is said to be run by the Chinese government and which is therefore not accessible via Ultrasurf either.

rating

In a 2007 study, the Berkman Center for Internet & Society at Harvard University found that Ultrasurf was the "most powerful" of all the evasion tools tested during trials in their own country and recommended it for widespread use. In particular, the report found that Ultrasurf was able to effectively bypass various types of censorship and blocking, including IP blocking, DNS blocking, and keyword filtering. It was also the fastest software during the domestic trials and was known for being easy to use and install with a simple user interface.

The report also noted that UltraReach was designed primarily as a bypass product rather than an anonymity tool, and suggested that anonymity-conscious users should disable browser support for active content when using Ultrasurf.

In 2011, the US human rights group Freedom House carried out a test with censorship evasion and data protection software. The criteria tested were performance, ease of use, support and security. Freedom House awarded Ultrasurf fourth place. In particular, the tool was recommended to users who were interested in downloading or viewing information, who needed a relatively high level of privacy, and who preferred a fast connection speed.

However, there were also reservations about the UltraReach model. In particular, the developers have been criticized by proponents of open source software for not allowing peer review of the tool design except at the discretion of the developers. In addition, the developers would have access to user logs because UltraReach operates its own servers. According to the critics, such an architecture means that users simply have to rely on UltraReach to trust that no user data will be revealed. According to UltraReach, the logs are only kept for a short period of time and are only used for the purpose of analyzing the data traffic for signs of malfunctions and monitoring or to check the overall performance and effectiveness. The company announced that it would not disclose user data to third parties. According to Hal Roberts of the Berkman Center for Internet & Society, this happens all the time: “Ultrasurf and Freegate are blocked very aggressively in China. In response, both are in a very demanding arms race. "

In April 2012, UltraReach was criticized by Jacob Appelbaum, who promotes the Tor network , for its internal filtering of content (including blocking pornographic websites) and for its willingness to comply with any summons from US law enforcement agencies. In his report, Appelbaum found that Ultrasurf sites used Google Analytics , which could leak user data . In addition, UltraReach's systems are not all up-to-date, not equipped with the latest security patches and do not use any perfect-forward secrecy mechanisms. In addition, Appelbaum alleged that the Ultrasurf client used open and free software, including PuTTY and zlib , whose use of putty and zlib was not disclosed, which was a violation of licenses. On the same day, UltraReach replied that these problems had already been resolved and that Appelbaum had misrepresented or misunderstood aspects of their software in his report. Although Appelbaum presented Ultrasurf as unsafe, he was unable to prove that the user's session content could be monitored.

UltraReach argued that the different methods used by Tor and Ultrasurf to circumvent internet censorship are just different approaches to circumventing censorship. In contrast to Tor, Ultrasurf is not a program for securing privacy, even if it has a sufficient number of protective measures in place. Ultrasurf represents a scalable and highly effective tool for bypassing internet censorship, which allows users in closed social systems to gain access to news, political and religious information, social networks and other blocked content.

Web links

Individual evidence

  1. https://www.ultrasurf.us/about.html
  2. Ultrasurf Privacy.Security.Freedom. , UltraReach Internet Corp. Retrieved February 2, 2018
  3. a b c d e f g h i Vince Beiser: Digital Weapons Help Dissidents Punch Holes in China's Great Firewall , Wired magazine, November 1, 2010, accessed on February 2, 2018
  4. a b c d e UltraSurf, Tor's critique of UltraSurf: A reply from the UltraSurf developers , April 16, 2012, webarchiv.org, accessed on February 2, 2018
  5. ^ A b c Anne Applebaum: Why has the State Department run into a firewall on Internet freedom? , The Washington Post, April 4, 2011, accessed December 16, 2016
  6. James Ball: Tools to skirt web censors swamped by demand , The Washington Post via The Independent, October 22, 2012, accessed December 16, 2016
  7. a b c d e f g h John Palfrey, Ethan Zuckerman, Hal Roberts: 2007 Circumvention Landscape Report: Methods, Uses and Tools, Berkman Klein Center for Internet and Society at Harvard University , March 5, 2009, accessed December 16 2016
  8. UltraSurf: Your Security , accessed December 16, 2016
  9. UltraSurf: User Center , accessed December 16, 2016
  10. Tim Greene: Developer denies software to beat Chinese censors is malicious: UltraSurf programmer says the software acts suspiciously, but it's just trying to put one over on the Great Firewall of China ( Memento from August 30, 2009 in the Internet Archive ), Network World , August 28, 2009, accessed December 16, 2016
  11. a b c d e f Jacob Appelbaum: Technical analysis of the UltraSurf proxying software , The Tor Project, April 16, 2012, Blog announcement with updates , accessed on December 16, 2016
  12. ^ Cormac Callanan, Hein Dries-Ziekenheiner, Alberto Escudero-Pascual, Robert Guerra: eaping Over the Firewall: A Review of Censorship Circumvention Tools , Freedom House, 2011, accessed December 16, 2016