MassBrowser is a state-of-the-art system designed to circumvent Internet censorship. MassBrowser is open-source and free-to-use. It has been designed and developed by the Secure, Private Internet (SPIN) Research Group at the University of Massachusetts Amherst. MassBrowser operates with the help of normal Internet users with open access to the Internet who volunteer to help censored Internet users.
You can reach us with your questions and feedback by emailing at firstname.lastname@example.org.
Follow us on Twitter for updates Follow @massbrowser
If you live in a censored country like China, you can use MassBrowser to bypass censorship. Note that MassBrowser is currently in the beta release mode, and you need to obtain an invitation code from us to use it.
Know the limitation of MassBrowser: Due to certain optimizations that we need to perform for different websites, currently, MassBrowser can only be used to browse a limited set of websites, but not arbitrary websites! The list of currently supported websites includes popular websites like Facebook, Twitter, CNN, Google, and YouTube. You can also tunnel your Tor traffic through MassBrowser (if you do not know a working Tor bridge). We will continuously add support for new websites.
Know your privacy guarantees: Using MassBrowser you will have the same level of privacy as using public VPNs or public HTTPS proxies. Therefore, the volunteer who is proxying your traffic will know your IP address as well as the websites you are browsing. For HTTPS websites (e.g., any URL starting with "https://"), the volunteer proxy will not be able to see your passwords or other data that you exchange with those websites. This is not true for HTTP websites. Therefore, use MassBrowser as a replacement for public VPNs and HTTPS proxies. If you plan to do something sensitive on the Internet that makes you worried about your anonymity, use a software like Tor (your connections will be much slower on Tor) or tunnel Tor over MassBrowser.
Know the security of your local certificate: During installation, MassBrowser asks you to install a local certificate in your Firefox browser. This local certificate is required for MassBrowser to implement an essential optimization technique called CDNBrowsing (which is described in the geek's section). Note that the certificate is locally created in your browser, is unique for each client, and never leaves your computer. Therefore no one, not even us, will be able to use that local certificate to eavesdrop your traffic. Make sure you do not share this local certificate with others. You can simply remove the certificate at any time by going to your Firefox settings.
If you are living in a country with open Internet like US and European countries, we need your help to fight Internet censorship! MassBrowser relies on help from volunteers who share their open Internet access with users in censored countries for a good cause. If you'd like to volunteer, you need to install a software called MassBuddy on your computer. Installing MassBuddy is absolutely harmless to your privacy and safety, and you will have full control over how censored users will share your Internet (they can only use your computer to get to websites that you approve, like Facebook, Google, etc.). Also, recall that MassBrowser is open-source. Watch this video (Coming Soon!) on how you can become a Buddy!
Sooo! If you'd like to help censored Internet users, download the MassBuddy software and become a Buddy:
MassBrowser is an academic censorship circumvention system. This Technical Report describes the details of its design, the ideas behind its blocking resistance, and it privacy and security guarantees. A shorter version of the technical description is followed.
Censorship circumvention tools traditionally work by relaying the user's traffic through proxy servers outside of the censoring region. The proxy servers have open access to the Internet and are able to retrieve the requested pages on behalf of the user. Unfortunately, this simple scheme has two downsides.
To provide a robust and cost-effective solution, we have designed MassBrowser. MassBrowser uses a number of different techniques to provide censorship circumvention which is hard to block by the censors, not too expensive to maintain and delivers performance comparable to that of traditional circumvention systems.
Instead of relying solely on publicly hosted proxy servers, MassBrowser utilizes volunteers which we call MassBuddys. Volunteers are users residing outside the censored regions who are willing to help censored users gain open access to the Internet by allowing them to proxy their traffic through their devices. In concept, volunteer relays are very similar to traditional proxies, however they have two beneficial properties
Blocking volunteers is more difficult for censors than traditional public proxies, however it is far from perfect and censors may still block volunteer relays. A typical approach against censors used in many circumvention systems is to avoid announcing all available proxies (or volunteer relays) to the users. Similarly, in MassBrowser each client will only have access to a small number of all available relays. This way, even if the censors mimic benign users, they will only every be able to block a small portion of all available relays.
In the Volunteer Relays section we mentioned that each censored user will only have access to a small subset of all available volunteer relays. However, if the censors manage to block all the relays a particular user has access to, the user will be stuck with blocked relays and will be unable to use the system. The user cannot be assigned another non-blocked relay, since the censors would take advantage and start blocking more relays.
To mitigate this problem, the MassBrowser network has a number of public backup proxies which will be assigned to users if all the users available relays have been blocked. Of course, if we simply use a traditional proxy there is nothing keeping the censors from blocking those as well. Instead, we use a recently proposed technique called Domain Fronting to keep the proxies from being blocked.
Domain Fronting is a technique in which the proxy server is hosted behind a Content Delivery Network (CDN) and is accessed through the CDNs IP addresses in a way which avoids any unencrypted mentioning of the desired service (i.e. the proxy server). In order to block this proxy server, the censors would have to block access to any website hosted on that CDN which is a highly undesirable. You can learn more about Domain Fronting through the original paper linked below.
You might be thinking this seems great, why not make a circumvention system based solely on Domain Fronting? While Domain Fronting does make a very robust system against censors blocking proxies, it still requires a high maintenance cost. In fact, there already is a widely used Domain Fronting based system, named meek, deployed as a Pluggable Transport for Tor. In its approximately three years of operation, the total cost for operating meek's servers have reached over $50,000.
CDNBrowsing is another recent technique in censorship circumvention which takes advantage of CDNs. Unlike Domain Fronting in which we access a proxy hosted behind a CDN, CDNBrowsing is used to directly access website content from CDNs without revealing to the censors what content is being accessed. You can read more about how CDNBrowsing works in the papers linked below.
CDNBrowsing can be used with virtually no extra cost as it accesses content directly without needing any hosted proxies. Similar to Domain Fronting, it is also unblockable by the censors. It's main disadvantage however is that it can only retrieve CDN hosted content. So on its own it is only suitable for websites which are completely hosted on CDNs. Even though many websites do satisfy this requirement, as of now the majority of websites only have their media content (e.g. images, videos,...) hosted on CDNs leaving their HTML pages inaccessible to CDNBrowsing systems.
While limited on its own, CDNBrowsing can prove to be hugely beneficial when used in conjunction with the other methods described above. Images, videos and other CDN hosted content are actually the bulk of most websites. Using CDNBrowsing techniques, MassBrowser obtains any CDN hosted content directly from CDN edge servers without going through any proxies or volunteer relays. This reduces the traffic load on volunteer relays, allowing them to serve more censored users with the same amount of used bandwidth, and also reduces the traffic on our backup proxy servers.
MassBrowser's code is available on GitHub. If you are a geek, we welcome your contribution to the code.