A pair of researchers behind a system for avoiding internet censorship wants to deliver banned websites inside of cat videos. Their system uses media from popular, innocuous websites the way a high schooler might use the dust jacket of a textbook to hide the fact that he’s reading a comic book in class. To the overseeing authority—in the classroom, the teacher; on the internet, a government censor—the content being consumed appears acceptable, even when it’s illicit.
The researchers, who work at the University of Waterloo’s cryptography lab, named Slitheen after a race of aliens from Doctor Who who wear the skins of their human victims to blend in. The system uses a technique called decoy routing, which allows users to view blocked sites—like a social-networking site or a news site—while generating a browsing trail that looks exactly as if they were just browsing for shoes or watching silly videos on YouTube.
Slitheen’s web browser starts the process by sending off a normal request for a harmless, “overt” site—but in it, it embeds a secret tag: an encrypted, second request for the user’s true target, a sensitive “covert” website. Website requests pass through relay stations built into the internet’s infrastructure on their way from a browser to a web server. If a relay station were to install Slitheen software, when the request passes through it, the station would detect the secret request and decode it using its secret key. (A non-Slitheen relay station that doesn’t have the right secret key wouldn’t even be able to tell that there is a secret request bundled inside of the traffic, let alone decrypt it.)