Prediction: if this does take off and become a serious problem for the Chinese government, they will approach the CDNs and force them to implement blocking or get filtered. A few may take an ideological stand, but most CDNs will comply, as if they don't, their customers who need to reach China will simply switch to those that do. If they don't care about the Chinese market and refuse, they'll simply get blocked.

Of course the more likely scenario is that this simply doesn't catch on in the first place, or not to a significant enough degree that it requires a response.

> Censors tend to leave content delivery networks alone because their servers host many different sites, most of which they don’t want to block, says Houmansadr.

That has changed since last year. Many CDNs are now indeed blocked, or at least interfered with by the GFW within China.

No, this would only make things worse. A lot of major websites used Google's services, but Google was nevertheless blocked.

Aside from CDNs being blocked, some regions' network conections to foreign servers (like VPS for proxies) are slowed down a lot recently.

I'm surprised the article doesn't mention `meek`, which is a pluggable transport for Tor which also takes advantage of the way CDNs work in order to circumvent censorship.

Clients take advantage of domain fronting, where they send a request to "google.com" with a Host header pointing to a Google App Engine instance which is a Tor bridge: http://www.icir.org/vern/papers/meek-PETS-2015.pdf

Section 7.1.1 in the CacheBrowser paper references the paper you linked.

Are there any steganographic content sites running now? One could probably run HTML/images only sites purely through steganographically disguised data on imgur, tumblr, Facebook, and others. (Images would be lowered resolution, and involve the combination of 2 or 3 images.) A secret browser extension would be needed for recombination. This browser extension could come in multiple variants, in such a way that it would be hard for one agency to know all of the content channels.

> The core idea of CacheBrowser is to grab censored content cached by Content Delivery Networks such as Akamai and CloudFlare directly from their CDN edge servers…

Isn't this what websites do in the first place? They put their assets on CDNs, so that it can be delivered faster.

What about dynamic pages? CDNs cover static assets, but the dynamic pages have to be generated on the origin servers.

Link to original paper: https://people.cs.umass.edu/~amir/papers/CacheBrowser.pdf

i fail to see how that's useful except for sites that _have_ a CDN cache. And also, couldn't the firewall block those paths to the CDN cache directly (seeing as they do deep packet inspection) just as easily?

"i fail to see how that's useful except for sites that _have_ a CDN cache."

It doesn't.

"And also, couldn't the firewall block those paths to the CDN cache directly (seeing as they do deep packet inspection) just as easily"

The paper addresses this: make an HTTPS connection to the CDN's edge server, and make a request. The GFW doesn't know the URI, so doesn't know whether you are accessing forbidden or legit content.

Oh I get it, "If you try to kill me, you'll have to kill your friends first, or just let me in, your choice."

The GFW started to take off when I was in college somewhere in Beijing, China. In almost two decades, not a single tech trick can survive and grow to a meaningful scale. One technology might work for either limited case or very limited audience, or just get blocked completely.

Technology can't fix politics.

Maybe so but I would argue that censored google is not the same google we know.

http://www.traininginsholinganallur.in/oracle-training-in-ch...

I remember Houmansadr for his papers on steganography over Tor. Glad to see he's scratching his itch.

See: collateral freedom