Draft "PoObjectStore" binding to relay parcels over Object Stores like Amazon S3

[gnarea]

Executive summary

Relaynet-Internet Gateway operators could offer the option to bypass their servers altogether and communicate via object stores such as Amazon S3 instead. Censors wouldn't be able to block Relaynet traffic without blocking the entire S3/GCS/etc service. This is technically a form of domain fronting, but one that is unlikely to be prohibited by cloud providers -- Though we must double check before going too far.

The problem you're trying to solve

Domain fronting is a powerful censorship circumvention technique, but it's often implemented as an L4/L7 reverse proxy to a blocked service, which infringes the T&Cs of cloud providers like AWS, GCP and CloudFlare.

The solution you'd like

Use the object store APIs from the top cloud providers (i.e., S3, GCS and ABS) to send and receive parcels. And make sure to do it using the vendor SDKs.

Translating the PoWeb binding to use using object stores should be fairly straightforward.

Before starting to design or implement this, we should check OONI's dataset to make sure S3/GCS/ABS API endpoints aren't already blocked in many countries (as of early 2021, this data doesn't seem to be captured or reported, but I could be wrong).

Collateral damage / Ethical considerations

This may "force" the censor to block object stores from major providers (e.g., AWS, GCP), or the more powerful censors (e.g., China) may bully Relaycorp providers into blocking us (regionally at least).

Any alternatives you've considered?

See relaycorp/relayverse#4