This is actually me tooting my own horn for a past project.. but I’ve been meaning to do it for so long I’ve lost all the good screenshots :(

I used to attend a very specific boarding school, and one of the more annoying school policies was blocking software called “Websense” which some of you may be familiar with. Websense blocked access to a lot of sites, some legit (porn), some not (Facebook, MySpace, and anything about guns or Dick Cheney). On top of this, the internet cut off at midnight every night, again thanks to Websense. Every student at the school understood that midnight was far too early to lose internet access, and while I was there we went to great odds to find proxy servers to connect to on the internet to access the internet after midnight and to get to Facebook during the day.

When I graduated I had friends still there, notably my girlfriend, and I wasn’t going to settle for letting them suffer through what I went through. I set out to design a proxy server that would be secure, easy to use, and most importantly, undetectable by the IT department. While I was there we discovered that ssh could be used to obfuscate proxy services.

I opened The Senseless Web soon after my Freshman year began. The Senseless Web offered a shell account on my desktop to any NCSSM student. The student verified his identity by providing an NCSSM email to which the site sent a verification code. He then provided an alternate email for future communication so that the domain wouldn’t attract too much attention from ITS.

The shell accounts were neutered with a nonfunctional python shell and restrictive permissions. The account’s password was changed every ten minutes by a cron job and the user would enter his email in the only box on the homepage, receive the password via email, and sign in to the single shared account. I had instructions on the site and after a one-time setup the connection was simple. Everything was encrypted and I did little logging besides a counter to see how much it was being used so that the users had assurance of privacy.

Early on, ITS caught on to SSH forwarding that was going on to other sites, and blocked all outgoing ports except HTTP, HTTPS, POP, and IMAP. Since the others were all being used, I set up SSH to serve on port 143 (IMAP). I told users to change their settings and the site continued undisturbed until the end of the year. The command to connect was ssh -D 8080 efas@trantor.boldlygoingnowhere.org -p 143 if in Linux or a similar setup using putty in Windows. Then Firefox was told to look for a SOCKS proxy on localhost at port 8080. Clever! I wrote a script (since lost) that would set up the whole thing for Linux users, and Windows users could use a modified shortcut for putty and foxyproxy to make it a very short setup for a free-internet session.

By the end, we had over 5600 individual sessions. The whole thing was a huge success. Every user was allowed unfiltered, free internet whenever he or she wanted. From what I understand, the school has since lifted the more draconian of the rules, and students do not need/want such a service any longer.

Below are the only remaining screenshots, unfortunately, I have reinstalled all of my PCs since then and managed to lose all other screenshots. However I do have the code in a tarball if anyone is interested in seeing it.

This is the homepage. Note the use (not hit) counter, bottom left, and the one-box sign-in form at the bottom right.

This is the homepage. Note the use (not hit) counter, bottom left, and the one-box sign-in form at the bottom right.

This is the short registration page.

This is the short registration page.

Long live free internet!