CreditsLast Updated 2014-03
This Activity and Discussion will outline how internet proxies work to disguise IP addresses, moving through three different scenarios: traffic routed over HTTP, traffic routed through a VPN, and traffic routed over the Tor network.
Leave a note anywhere on this page - look for the Hypothes.is toolbar in the upper right-hand corner.
You can “amplify” this activity by bringing in elements from How Does Email Work? [LINK] if you feel bringing in more routing elements won’t interfere with the basic concepts below.
Have participants gather in a U-shape, a circle, or any suitable shape that permits them to still be able to see everyone else in the room. Hand each participant a numbered post-it to wear on their shirt. Assign someone to be a Sender of a message and a Recipient: - e.g.: Trainee A is Sender, Trainee B is Recipient; - e.g.: Trainer is Sender, Trainee A is Recipient
With a pen or marker, write the name of the Recipient on the piece of paper and hand this to the next person in line. Ask them to hand it on down the line until the paper reaches the Recipient:
- At this point, explain that this is typically how we reach websites. Our PC connects to something nearby, perhaps to a Wi-Fi hotspot, and then to our service provider, and then to many other players in a chain.
- All of these learn what website we want to visit thanks to information we provide when we open our browser and type an address, or click on a link.
- If someone - say, our service provider, does not want us to visit a website, they can stop us by looking at our request.
Using the same piece of paper again, place it inside one of the small envelopes (representing a VPN) and write the number of a participant who is in the middle of the ‘chain’. Hand the envelope to the person closest to you and ask them to “send” the message down to the person with the number you have chosen (the person should be several “steps” away). - When the envelope arrives at the person with the number you have chosen, ask that person to open the envelope. When they see the name of the Recipient, they should then pass the message along. - Have the Recipient open the envelope and read what’s in it; trainer(s) should provide extra explanations as needed. - At this point, explain that this is how a VPN can help us to reach websites that otherwise may be blocked. When we use a VPN, our PC visits the location of the un-blocked VPN instead of the website. - Our ‘real’ request is protected until it reaches the VPN, and the VPN can pass our request along.
Explain that a VPN is like a “tunnel” with an exit point, and that exit point is usually a server at a point where the pages are being requested.
- The VPN you’re using knows what you’re requesting, as well as the sites delivering your requests online.
- Send down papers with a variety of types of data and protocols down the line in the VPN envelope, in order to illustrate the difference between a VPN and having an HTTP connection to a website in a browser (for example, an HTTP request; a PGP/GPG-encrypted email; an IM message).
- Try to use protocols and data types that your participants are likely to already be familiar with at this point in the training.
Place the piece of paper inside one of the small envelopes and, picking at random, write the number of one of the participants on the outside. Place the small envelope inside the medium envelope, this time writing the number of a different participant on the outside. - Repeat with the large envelope: place the medium sized envelope inside the large one and write a third participant’s number on the outside. - As in the previous demonstrations, “send” the message down the line.
When the large envelope reaches the participant holding the correct number, ask that person to open only the large envelope and call out the number they see on the medium envelope. Before they pass the envelope on, ask them: - Who sent the large envelope? (Answer: You); - Then ask: Who is my final recipient? (Answer: They do not know); - Thank them and ask them to continue sending the medium envelope along the line.
When the medium envelope reaches the next participant, ask them to open only the medium envelope and call out the number they see on the small envelope inside. Before they pass the envelope on, ask them: - Who sent the medium envelope? (Answer: The previous participant); - Then ask: Who is (the previous participant’s) final recipient? (Answer: They do not know). - Thank them and ask them to continue sending the small envelope along the line.
When the small envelope reaches the next participant, ask that person to open it. Before they pass the piece of paper to its final destination, ask them: - Who sent the message? (Answer: The previous participant); - Then ask: Who is (the previously participant)’s final recipient? (Answer: Now, they know); - Thank them and ask them to continue sending the message
At this point, explain that this is a very simplified representation of how the Tor network can help us reach blocked websites while also making it difficult for people on the Internet to determine where we are located.
Ask participants to describe their observations about how the message was sent in each demonstration. - How was the VPN demonstration different from the first one? - How was it different from using Tor?
Participants may observe issues like: having to know where final recipient is, but path can be random and non-sequential; at any point along the journey of the message being sent the message could be seen; etc.
- Did this show participants anything they didn’t know about the Internet?
- Are there examples in which circumvention may be useful?