 Hello, good morning. Thanks for coming here today. If you're here for foe, you're at the right place. If you're not by mistake here, well, the door is locked. You have to wait here until I finished. Allow me to introduce myself. My name is Sho Ho. I work for Broadcasting Board of Governors. The Federal Agency, the Overseas Voice of America, Radio Free Europe, Radio Liberty, Radio Free Asia, Radio and TV Mardi, and so on. Together, those broadcasters bring news to people around the world in 60 languages and reach 175 million people every week. I do some internet anti-censorship, R&D, and other IT-related stuff, and I also create foe. Let's talk about censorship. We live in the United States, and we can browse the internet freely. Well, almost, except when you're using your company or public libraries, networks, or if you work for the DOD. However, for internet users, live in certain countries, things are not so bright. Some governments censor what their internet users can see. See, for example, you're in China, and you want to browse the Voice of America's website. You'll likely get an error message from your web browser telling you that website doesn't exist or that you cannot connect to the website. This is probably because some governments think Voice of America's website is evil. If you ever lay eyes on the Voice of America's website, the evil force will probably infect you with some terrible disease, causing you to vomit yesterday's compile chicken and make your head span like your grandfather's turntable. But seriously, governments censor the internet for different reasons. Some vow to protect their citizens from porn. Others censors the internet for their own political gains. There are many ways that a country can censor the internet. The most common method is to use some type of firewall to block IP addresses, domain names, protocols, and network packets. Most countries use blacklists to keep track of indecent websites. However, some countries, such as China, have very sophisticated censorship systems that are capable of blocking, validating web pages on the fly. In other words, if the system detects that web page contains indecent materials, the system can disconnect the connection between the user and the website on the fly. So here's the big problem. Some internet users in censored countries want to read Voice of America's news. However, the website is inaccessible, and so are the ISS fee, the Facebook page, and the tutor updates. The number of ways that a user can circumvent censorship. First, you can try to find a web-based proxy, such as the ones maintained by Siphon. However, unless you know where to look or have some social connections, web-based proxy can be hard to find. Second, you can download some circumvention programs, such as FreeGay or Ture. In many ways, these programs are more secure and offer better support for multimedia contents than web-based proxies. Third, you can purchase VPN access. This is the one case that many can buy happiness. If you can't afford the price, pay the VPN service. It's probably your best bet for circumventing censorship. VPN supports most network applications, so you can use it to browse web, streaming videos, use FTP to download files, check emails, or do almost everything with it. So now, there will be soon a new tool. It's called FODE. FODE stands for fee over email. FODE was created to serve two purposes. First, allows users to receive email contents, such as RSS feeds, documents, or small programs. Second, provides an additional channel for other circumvention tools to reach their audience. As the name implies, FODE is based on email technologies. But exactly what is FODE and how it works? I find the simplest explanation is by telling people the FODE sends contents, such as RSS feeds through emails, much like attaching a file in an email. Most people will get the idea, but we'll ask the question, why do we need FODE then? You know, that's a tough question. But I finally came up with a good reason. FODE fetches the content for you, whether it is an RSS feed or downloadable program or a document. Without FODE, you won't be able to get the content you want because the target website is blocked in the country where you live in. To many people, email is just email. There's nothing special about it. However, there's one thing that most people overlooked. It's more difficult to block an email than to block a website. Why? A website usually has a dedicated IP address or a dedicated domain name, or both. It's quite unusual that a website will change its IP address and the domain name regularly, or else your customers won't be able to find you. An email, on the other hand, can be sent from a different email address and a different mail server. The only thing that a sender needs to reach you is your email address. And additional, if you are using an email service in a free country, such as Gmail or Harmail, there's no way that a sensor can block the emails that are received, even if the sensor knows the sender's email address. So the only way for a sensor to block all or finding emails is to block all foreign email servers. So unless you live in North Korea, well, Mr. Kim is basically saying that no one needs to have contact with outside world. It is highly unlikely that a country will block all foreign email servers. And this is what FOA is betting on, that we'll always be able to obtain an email account from a service provider that is outside of your home country. So FOA can use it to fetch contents for you. Now let's look at the more complicated version of how FOA works. When a user requests a content, say, for example, an RSS feed, the FOA server will fetch the content from the RSS server, pack the content into an email, and then send the email to the user through the FOA mail server. Once the email arrives the user's mail server, the FOA client will initiate an encrypted connection to the mail server and download the email security. The FOA client will then extract the content from the email and pass it to the user. Please note, there are two critical components in the diagram. Number one, the connection between the FOA client and the user's mail server must be encrypted. The purpose of the encryption is to circumvent content futuring imposed by the government. Number two, the user's mail server is outside the sensor region. In other words, the user must obtain an email account from a service provider outside her or his home country. The reason is to prevent the sensor from forcing the service provider to block FOA emails. These two components are the keys, which allow FOA to effectively deliver contents to users in sensor countries. Now let's look at some key features that FOA offers. FOA can deliver ISS or other contents to the users. FOA is capable of circumventing internet censorship. Unlike web-based proxy, FOA does not need to keep changing its IP address or domain name in order to circumvent censorship. FOA is capable of pushing contents to the user when necessary. This is useful if FOA ever needs to patch a critical security flaw or need to make an emergency announcement. So FOA is very difficult to block. In order to effectively block the FOA service, the sensor needs to be blocked all foreign mail servers. If you are a developer and are interested in writing your FOA software, you will be delighted to know that FOA is easy to implement because it is based on email technologies. You can find a lot of software libraries on the internet that will allow you to create your own version of FOA easily. We will also make FOA source codes available to the public so you can use it in your software as well. Because of FOA relies on email technologies, it has relatively low infrastructure costs if you decided not you need to host your FOA server. So FOA is not a silver bullet for internet censorship problems. Here are some limitations. FOA needs the user to set up a foreign email accounts, although it shouldn't be too difficult. It is an extra step that users need to take in order to use FOA. FOA is not designed to deliver large size contents. For example, users cannot use FOA to get video files. FOA also is not designed for web browsing or other texts, which the users expect immediate feedbacks. Unlike web-based proxy, users need to download FOA Client in order to use the FOA service. This can become a challenge if the FOA project website is blocked in the user's home country. This is not a problem unique to FOA. Other circumvention tools also have the same challenge. Unlike TOUR, FreeGay, and Siphon, FOA is not a proxy solution. It is created to help users to receive small contents, such as RSS, small programs, documents, and new proxy addresses. Since FOA is based on email, it can easily be ported to other platforms. In its initial release, FOA will support Microsoft Windows only. However, we hope to release versions that will support other platforms in the near future. And we are particularly interested in the mobile platforms such as Android and the upcoming Windows Phone 7. We are planning to release the public beta in September. So please follow us closely on our project website. We will release the FOA Client, its source code, and the documentation at the same time. We hope that you can help us to test the FOA system after it is released. Have helpful. While we have some ambitious goals, we have very limited resource and manpower. So it would be great if you can help. So if you have the programming skill and have some free time, you might want to give it a shot and create your own full client. Another way that you can help us is to tell others about FOA. The more people know about FOA, the more supports we may get. So please spread the words. Also, if you have suggestions on how we can improve FOA, please don't hesitate to let us know. To summarize what I have talked about today, FOA is a tool to complement other circumvention tools. It can help other circumvention tool developers to keep in touch with their users. FOA is designed to deliver small contents to users. FOA is very difficult to block. And also FOA is not a proxy solution. And it can help users to obtain other proxy programs. FOA is not designed for web browsing or other activities that requires immediate feedback. If you are interested in testing or developing FOA, please check out our website regularly. I will try to keep it up to date as much as possible. Here's the address, code.google.com.pl-fo-project. Again, thank you very much for attending today's section. And I would like to also thank DefCon, for giving me the opportunity to speak in front of everyone here today. Thank you.