
Tunneling Internet traffic over FB chat - franze
https://github.com/matiasinsaurralde/facebook-tunnel
======
milankragujevic
Couldn't you just use Facebook's "Fetch as FacebookBot" feature and just fetch
the pages yourself? Example:
[https://developers.facebook.com/tools/debug/og/echo?q=https%...](https://developers.facebook.com/tools/debug/og/echo?q=https%3A%2F%2Fnews.ycombinator.com%2Fitem%3Fid%3D9203946)
I was thinking about doing this since on my network Facebook access is free
but Internet isn't. (2nd world country, but barely)

~~~
hippich
It looks like it is more general purpose, than just html browser.

~~~
spiritplumber
Potentially a problem that internet = web, at zeroth approximation.

------
Liquix
To me, the worst part of this is that there are places where Facebook is free
but you need to pay for an internet connection. If the average user can only
access the mindless corporate money-making machines and not the real internet,
we are moving in the wrong direction.

~~~
randartie
They went from having no free internet to having Free facebook + other core
sites like wikipedia through Facebook's internet.org, but it's moving in the
wrong direction?

>If the average user can only access the mindless corporate money-making
machines and not the real internet

They can, but it's not free, and a lot of people have no other option but to
use what is free. This corporate money-making machine just provided pure value
to a ton of people, there's no downside to having this additional option
available.

~~~
nitrogen
_there 's no downside to having this additional option available._

Sure there's a lot of value in communicating with other Facebook users, but if
you can't see the possible downside of having a large group of people's first
and only connection being through a corporate-controlled view of the world,
you're not using your imagination.

~~~
icelancer
Can you actually make the argument that access to Facebook/Wikipedia/etc is
worse than no Internet whatsoever?

~~~
andreyf
Yes, absolutely, and it's not a new idea, e.g. "sending shirts destroys local
textile economies by flooding the market with free goods and undercutting
local t-shirt producers" [1].

1\. [http://freakonomics.com/2011/02/15/what-happens-to-all-
those...](http://freakonomics.com/2011/02/15/what-happens-to-all-those-super-
bowl-t-shirts-a-guest-post-by-dean-karlan/)

~~~
themusicgod1
This allows those communities to dedicate resources that would have gone
towards shirt manufacturing into something more valueable. Textile economies
are a mostly waste of human ingenuity and time, and have been since the
Jacquard Loom at least.

~~~
andreyf
Within our lifetimes, this reasoning will apply to more professions than you
might think. "Dignity is more important than wealth" and all...

------
zx2c4
Back in the day when Skype was a pretty cool peer-to-peer encrypted mesh
network, that successfully evaded firewalls and traffic analysis, I wrote a
tool to proxy Internet traffic ontop of the Skype mesh. I was quite young when
I wrote it, but I managed to dust off an old demo screencast I made (and
convert the swf to an mp4), which gave me a laugh. If you're curious:

[http://data.zx2c4.com/skypeproxydemo.mp4](http://data.zx2c4.com/skypeproxydemo.mp4)

~~~
orangebread
That is very cool. Does Skype not have a direct peer to peer connection
anymore?

~~~
zx2c4
Supposedly since the Microsoft buy-out, everything is gradually becoming
centralized.

------
WhitneyLand
I've been wondering if something like this could be helpful to breach the
great firewall.

Find some high traffic site in China and smuggle in content via various site
features such as chat, messaging, forums, etc.

The content could be obfuscated to appear benign while embedding hidden data
in text, images, or binary attachments.

~~~
andrepd
I don't know the specifics about how the surveilance is implemented, but
embedding encrypted payload in benign files is a neat idea to bypass internet
censorship, at least in principle.

~~~
DickingAround
Inconvenient Message Detection:
[https://github.com/DickingAround/InconvenientMessageDetectio...](https://github.com/DickingAround/InconvenientMessageDetection)

~~~
sukilot
FYI github renders readme.txt as preformatted code, but your readme.txt is not
preformatted, so it is very hard to read (one line per paragraph).

------
p1mrx
This looks similar to the "IPv6 over Social Networks" RFC, published
2009-04-01:

[https://tools.ietf.org/html/rfc5514](https://tools.ietf.org/html/rfc5514)

------
fitzwatermellow
Wonderful proof-of-concept!

Humanity needs steganography-as-a-service. But think how difficult it is to
implement in a regime where all networks are monitored and even Android phones
are assumed to be backdoored. Most services will re-encode data during
transmission, potentially munging whatever secret happens to be embedded. And
more generally, its the metadata that often de-anonymizes, not the data
itself. If all the dissidents one day begin communicating via Lutheran Insult
memes, its simply becomes a matter of picking one up and applying "rubber-
hose" cryptanalysis to put an end to the party.

------
cheesedoodles
This is really cool! In so many 2nd and 3rd world/poor countries internet is a
luxury, as the price of bandwith is so high. Philippines for instance, a
country that mainly provides connectivity through limited 3G and LTE, have a
monthly price of about 30 beers from the local bar. In comparison, I pay
around the price of 4-5 local beers, for 100/100 fiber.

Its sucks so hard that people cant afford to get knowledge from internet.
Especially considering they would benefit greatly as schoolbooks are expensive
and in some countries, censored.

~~~
matiasb
Hack author here, in my country, Paraguay, you get 10 MBPS for ~140 U$ per
month. I discovered the Internet through my father, because he is a journalist
and the press had really early access to this kind of tech, 20 years later I'm
still crazy about it. Thanks for the comment!

~~~
cheesedoodles
Wow! Thats really expensive! Hard do access stuff often sparks creative ideas
and solutions :) Keep on hacking!

------
anticodon
Facebook limits number of messages you can send. After passing some secret
threshold, your profile would be put in 'restricted' mode.

------
k__
I once read a story about tunneling IP over DNS. Something about free
Internet/DNS for Microsoft-Update. But I can't find it.

~~~
Afforess
You are thinking of iodine.

[http://code.kryo.se/iodine/](http://code.kryo.se/iodine/)

~~~
k__
No, what I read was from the 90s. But the guy probably did what iodine does.

------
JoshTriplett
Interesting, but wouldn't you need a server somewhere to act as the other end
of the tunnel, for which you'd have to pay for hosting and/or bandwidth
anyway?

~~~
wongarsu
But hosting and bandwith for servers is extremely cheap if you don't care
about reliability and trendyness. You can get a vps with 1Tb bandwidth/month
for $4 (probably even less if you look around more than I did). Try getting
mobile bandwidth for anything near that price.

------
acd
Some mobile operators offer unlimited Facebook and whatsapp traffic doesn't
count towards the monthly data transfer limit.

~~~
userbinator
I've heard this is also true for Twitter and a few other social networking
sites, so you could potentially tunnel your traffic through them too.

However, these tunnels are going to be relatively low-bandwidth (especially if
they start throttling it) and high-latency, so the "unlimited" would in
reality be "how much can you transfer continuously in a month?"

------
purringmeow
I am pretty much a beginner dev, so can anyone briefly explain how this works?
It's not really clear to me from the code.

It's mentioned in the README that packets are being sent as base64. Let's say
I would like to send a GET request to google.com. How does Facebook Chat serve
me with google's page?

~~~
miduil
As far as I understood:

\- They are using virtual network kernel device (TUN/TAP,
[https://github.com/matiasinsaurralde/facebook-
tunnel/blob/ma...](https://github.com/matiasinsaurralde/facebook-
tunnel/blob/master/tun.cpp) )

\- encode it as base64

\- communicate with the http/web facebook client
[https://github.com/matiasinsaurralde/facebook-
tunnel/blob/ma...](https://github.com/matiasinsaurralde/facebook-
tunnel/blob/master/facebook.cpp)

Between that they do authentication things at facebook with "gumbo". And later
on everything the other way round at the server side.

So if you GET google.com your traffic goes through a virtual ethernet like
device.
[https://www.kernel.org/doc/Documentation/networking/tuntap.t...](https://www.kernel.org/doc/Documentation/networking/tuntap.txt)

There is no cryptography involved, they could try to use openvpn to enable
this feature.
[https://community.openvpn.net/openvpn/wiki/BridgingAndRoutin...](https://community.openvpn.net/openvpn/wiki/BridgingAndRouting)

------
swah
I was just reading about gumbo parser yesterday! h/t @nostrademons

Very nice hack... its just fun to do something like this.

Reminds me when I used to fiddle w/ "phreaking" when it was really easy. I
didn't think about ethical implications - just got a really big thrill when I
got a free call.

~~~
nostrademons
Thanks! I'm glad to see it used for things...when I wrote it (and decided to
open-source it), it was very much a "Well, I have one immediate need for this,
but it seems like people could do a lot with a robust HTML5 parser with a
simple API."

------
greggman
interesting given FB keeps chat history forever

~~~
szatkus
I wonder if they have any flood protection...

Also HTTPS packets should be quite safe.

~~~
corndoge
It'd be more interesting if this was done over Google's chat, since Chrome
trusts the Google Internet Authority cert...

~~~
modeless
What makes this interesting is the fact that Facebook chat traffic is
subsidized by Facebook and free of charge in some countries as part of their
anti-net-neutrality "Internet.org" initiative. This project allows you to
hijack the Facebook subsidy for purposes they didn't intend. Of course, if it
becomes popular then Facebook will have to block it, emphasizing the self-
serving commercial nature of the subsidy.

~~~
nl
Internet.org might not be net neutral, but that doesn't make it bad. Much of
the world isn't the US, and differently structured markets need to be
considered differently.

~~~
zanny
So if you are in an impoverished area your packets are different from first
world packets, magically making it harder to send them to 207.241.224.2
(archive.org) than 173.252.120.6 (facebook.com)?

No, that is not the case. Instead, Facebook will pay for you to get Internet
if that is Internet that _only lets you access Facebook_. And that is not an
Internet at all. The infrastructure, the physical reality, means that if you
have _any_ connection, you _can_ have _all_ connections, and in these
circumstances only profit hungry greedy monsters would consider effectively
blacklisting every site but their own to guarantee them revenues to show to
shareholders for providing network connectivity to you - or I guess it should
be more appropriately called Facebook connectivity.

~~~
Dylan16807
They're not blacklisting anything.

The only bad thing they do is call it "internet". It's not internet access.
Free access to things like wikipedia is a good thing, as long as it's not
taking money away from actual free internet initiatives.

Price gouging actual internet access would also be bad, but that would be
someone else doing it, and I don't think it's happening here.

------
schlarpc
I did something very similar to this last summer, written in Python. No idea
what state the code is in at this point because it's been months, but here's
the code I had sitting around:
[https://gist.github.com/schlarpc/86e20aa3f3aaf3d78269](https://gist.github.com/schlarpc/86e20aa3f3aaf3d78269)

~~~
matiasb
Really cool, I'll give it a try soon!

------
andrepd
With a built-in encryption layer (on top of eventual HTTPS) it could be a
useful "hack" for the kinds of situations mentioned in the readme. I wonder
how facebook and the telecos will feel about this. All in all, a cool concept
but unlikely to work in practice if either facebook or the telecos do not want
to.

~~~
vincentclair
It would be cool if a company such as facebook supported this. Seeing them as
an enabler for free/uncensored internet, given that the country was chosen for
a internet.org campaign.

~~~
jakejake
If Facebook wanted to support it they would probably just implement a standard
proxy server that would be more efficient. If anybody can handle the traffic
it would be Facebook, but I bet their chat services are not really tuned for
this kind of usage.

~~~
vincentclair
It would certainly be interesting if facebook started to provide proxy access

~~~
cmdrfred
The question then is, do you trust facebook more than your isp?

~~~
icelancer
For those of us with Comcast, it's a pretty close race...

------
vskarine
I tried something like this over gchat but they throttled pretty soon so
didn't work well. But it worked for me over Firebase. Here is simple project
to demo how to do VNC over Firebase:
[https://github.com/vskarine/fireport](https://github.com/vskarine/fireport)

------
hartror
Dear Australian Government,

Please add this to your list of reasons why your wrong headed "meta"-data
retention plan can not work.

Rory

------
nly
Uses Gumbo... from the README

> Gumbo was initially designed for a product that worked with trusted input
> files only. We're working to harden this and make sure that it behaves as
> expected even on malicious input, but for now, Gumbo should only be run on
> trusted input or within a sandbox.

~~~
nostrademons
That's mostly historical at this point - Gumbo passed a security review as of
0.9.1, has had several rounds of fuzz testing, and is used by a bunch of other
libraries now. It's been struck out of the README at HEAD, though I think it
was listed in several earlier versions' READMEs.

------
fugyk
While I find this project awesome, but I don't think telecos or even facebook
will allow this in long run. I think that it even breaks facebook TOS.

------
ValdikSS
[https://github.com/pasis/pppoat](https://github.com/pasis/pppoat)

------
fallat
Base64 encoding is such a useful tool. I used it to transfer binary over IRC
once.

~~~
lo96z
Why not just use DCC?

~~~
appleflaxen
What is DCC, in this context?

I tried to find it in google, but the acronym is very ubiquitous.

~~~
heinrich5991
First hit of this query:
[https://www.google.com/search?q=irc+dcc](https://www.google.com/search?q=irc+dcc)

------
r0naa
That's a really neat hack, love it.

------
jaimehrubiks
Wow didn't see this was so old

------
tzakrajs
No, please no this is terrible.

~~~
shkkmo
Why?

------
0x0
We need screenshots here! :D

------
9984894172
9984894172

------
ape4
Nice hack

------
ankitrai
nice

------
erodingvar
This is the kind of hacking I find to be abusive. Finding clever uses for
things is fine, but not when it's misuse with potential for harm. This reminds
me of when someone exploited TinyURL to make TinyDisk.

------
rushijadhav
rush I jadhav

------
logicallee
I think this is kind of abusive of FB's infrastructure TBH. It must be hard to
keep real-time messaging up for ... okay, I was going to say for 1 billion
users, looked it up and it's 1.3 billion monthly actives - 890 million daily
actives (Jan 2014 figure). So tell you what, on second thought I think they
can handle your data.

however there's a good chance you'll cause some infrastructure problems since
I'm sure there are assumptions baked in, regarding how often a user will send
new messages, queuing, caching, etc. so I'm still not totally sure how I feel
about this.

at the end of the day FB is just a php script. i wouldn't be surprised if you
break it.

~~~
ForHackernews
Maybe if it becomes popular, it'll make facebook rethink wanting to store
everyone's messages until the end of time.

~~~
sitkack
If facebook can see this traffic, they would love it, not discourage it.

~~~
ForHackernews
I think a good implementation of this would encrypt the traffic between the
proxy server and the client.

