Pinterest Stumbleupon Whatsapp
Advertisement

If you live in a free and democratic society, the idea that someone can control your browsing choices probably is quite disturbing. Employers blocking Facebook during working hours may be acceptable. What a free society should completely oppose, however, is censorship based on someone else’s moral code, religious belief or political ideology.

Irrespective of who does the censoring, the methods used are more or less the same. This article examines some of the most common methods used to filter content as well as emerging trends. In each case, I have provided a solution or practical workaround.

The Current State Of Internet Censorship

The Internet is being censored in several countries around the world. Over a billion people — 20 percent of the global population — are affected. Due to its large population of Internet users (over 500 million), China is the best known culprit, but certainly not the worst. Our Information Liberation Guide by Jim Rion has some useful information on global Internet censorship Avoiding Censorship: How Blocked Websites Stay Online and Accessible [MakeUseOf Explains] Avoiding Censorship: How Blocked Websites Stay Online and Accessible [MakeUseOf Explains] We've been hearing a lot about website-blocking recently, particularly with anti-piracy organizations forcing Internet service providers to block access to The Pirate Bay in the UK and elsewhere. However, when UK Internet service provider BT... Read More and lists the following countries as the worst violators:

  • North Korea
  • China
  • Iran
  • Saudi Arabia

Other countries not well known for Internet censorship include Bahrain, Belarus, Burma, Cuba, Syria, Uzbekistan, Turkmenistan and Vietnam.

Internet censorship isn’t limited to oppressive regimes. For example, it is common practice for educational institutions all over the world to implement filtering of content deemed objectionable. Companies and institutions also do the same. Many public WiFi access points block pornography or material based on hate and violence. Maybe you have also used public WiFi hotspots where access to streaming media sites was blocked and file downloads were restricted. Clearly, the Internet isn’t free.

The Methods Used For Internet Censorship

IP Blocking

This is the most basic method used to filter content. It involves blocking the IP address of the target website. Unfortunately, all websites sharing the same IP address, which is usually the case on a shared hosting server, are also blocked. This was the method used by ISPs in the UK to block The Pirate Bayfollowing a court order in April 2012. Workaround: All you need is a proxy with access to the blocked site. There are numerous free proxies online. This article by Guy McDowell lists four sites that give you a free updated proxy list 4 Sites That Give You A Free Updated Proxy List 4 Sites That Give You A Free Updated Proxy List Read More . The proxy server fetches the website for you and displays it on your browser. Your ISP only sees the IP address of the proxy and not the blocked website. Blocked websites can also beat this censorship method by adding a new IP address and letting users know about it. Users are then able to access the site without any problems.

Advertisement

DNS Filtering and Redirection

This is a much more sophisticated filtering method where the Domain Name Server (DNS) DNS Is Just A Proxy - Use A VPN To Access Region Blocked Video DNS Is Just A Proxy - Use A VPN To Access Region Blocked Video For copyright reasons, certain media companies only allow their content to be viewed in certain geographic areas. In plain English, what this means is that they are meanies who suck. And what does the Internet... Read More fails to resolve the correct domain or returns an incorrect IP address. ISPs in many countries use this method to block illegal sites, for example, Denmark and Norway use DNS filtering to block child porn websites. China and Iran have also used this method numerous times in the past to block access to legitimate sites. Read Danny’s article on how to change your DNS How To Change Your DNS Servers & Improve Internet Security How To Change Your DNS Servers & Improve Internet Security Imagine this - you wake up one beautiful morning, pour yourself a cup of coffee, and then sit down at your computer to get started with your work for the day. Before you actually get... Read More for more in-depth information.

Workaround: One way to circumvent this is to find a DNS that resolves the domain name correctly, for example, OpenDNS or Google Public DNS. To change your DNS from your ISP to OpenDNS or Google Public DNS, you must configure it in your operating system or device. Both have excellent tutorials for all types of operating systems. You can also type the numeric IP address in your URL bar instead of the actual domain name though this is less effective especially where sites share IP addresses.

URL Filtering

With URL filtering, the requested URL is scanned for targeted keywords irrespective of the actual domain name typed in the URL. Many popular content control software and filters use this method. Typical users include educational institutions, private companies and government offices.

Workaround: A highly technical method to circumvent this is to use escape characters in the URL. However, it is much simpler to use encrypted protocols such as a Virtual Private Network (VPN) service or Tor. Once the data is encrypted, the filter cannot scan the URL and you can therefore access any website.

Packet Filtering

This method is also known as static packet filtering. It is a firewall technique used to control network access. Incoming and outgoing data packets are monitored and either stopped or allowed through based on pre-determined rules such as source and destination IP addresses, keywords and ports. When used in Internet censorship, TCP packet transmissions are terminated by the ISP when targeted keywords are detected.

Workaround: Again, VPN services and Tor are the best ways to get around packet filtering. Packets sent over VPN and Tor contain dual IP headers. Firewalls are only able to apply the filtering rules to the outer header but not the inner header when these data packets are transmitted.

Man-in-the-middle (MITM) Attack

I have only heard of this method being used by some of the regimes I mentioned earlier. It is a common hacking method, but in January 2010, Chinese authorities successfully used a MITM attack to intercept and track traffic to Github.com. As the name implies, an MITM attack is based on impersonation, where the eavesdropper makes independent connections with the victims and makes them believe they are communicating with one another.

Workaround: The best defense against MITM attacks is to use encrypted network connections, such as offered by HTTPS (what is HTTPS What Is HTTPS & How To Enable Secure Connections Per Default What Is HTTPS & How To Enable Secure Connections Per Default Security concerns are spreading far and wide and have reached the forefront of most everybody's mind. Terms like antivirus or firewall are no longer strange vocabulary and are not only understood, but also used by... Read More ?) and VPN. HTTPS utilizes SSL capabilities in your browser to conceal your network traffic from snooping eyes. There are Chrome and Firefox extensions known as HTTPS Everywhere, that encrypts your communication on most major sites. When browsing on HTTPS, always take note of any browser warnings to the effect that a website’s certificate is not trusted. This could indicate a potential MITM attack. VPN and Tor technology also uses SSL, which forces the attacker to obtain the key used to encrypt the traffic.

TCP Connection Resets/Forged TCP Resets

In this method, when a TCP connection is blocked by an existing filter, all subsequent connection attempts are also blocked. It is also possible for other users or websites to be blocked, if network traffic is routed via the location of the block. TCP connection resets were originally used by hackers to create a DOS (Denial of Service) What Is a DDoS Attack? [MakeUseOf Explains] What Is a DDoS Attack? [MakeUseOf Explains] The term DDoS whistles past whenever cyber-activism rears up its head en-masse. These kind of attacks make international headlines because of multiple reasons. The issues that jumpstart those DDoS attacks are often controversial or highly... Read More condition, but Internet censors in many countries are increasingly finding the technique useful to prevent access to specific sites. In late 2007, it was reported that Comcast used this method to disable peer-to-peer communication. The US FCC ordered Comcast to terminate the practice in August 2008.

Workaround: The workaround for this mainly involves ignoring the reset packet transmitted by the firewall. Ignoring resets can be accomplished by applying simple firewall rules to your router, operating system or antivirus firewall. Configure your firewall to ignore the reset packet so that no further action or response is taken on that packet. You can take this a step further by examining the Time-to-live (TTL) values in the reset packets to establish if they are coming from a censorship device. Internet users in China have successfully used this workaround to beat the Great Firewall of China.

Deep Packet Inspection (DPI)

Now this one is really scary. Under the wings of the PRISM project What Is PRISM? Everything You Need to Know What Is PRISM? Everything You Need to Know The National Security Agency in the US has access to whatever data you're storing with US service providers like Google Microsoft, Yahoo, and Facebook. They're also likely monitoring most of the traffic flowing across the... Read More , the NSA used this method to eavesdrop and read private email communications. China and Iran use deep packet inspection for both eavesdropping and Internet censorship. DPI technology allows prying eyes to examine the data part of a packet to search for non-compliance against pre-determined criteria. These could be keywords, a targeted email address, IP address or a telephone number in the case of VoIP. While DPI was originally used to defend against spam, viruses and system intrusion, it is clear from recent developments that it is a now a weapon of choice for Internet censorship.

Workaround: To beat a Deep Packet Inspection, you need to connect to a remote server using a secure VPN link. The Tor Browser bundle is ideal to evade deep packet inspection because it conceals your location or usage from anyone carrying out network surveillance Can You Escape Internet Surveillance Programs Like PRISM? Can You Escape Internet Surveillance Programs Like PRISM? Ever since Edward Snowden blew the whistle on PRISM, the NSA's no longer secret surveillance program, we know one thing with certainty: nothing that happens online can be considered private. Can you really escape the... Read More or traffic analysis.

Conclusion & Outlook

I have mentioned VPN and Tor as a workaround to most forms of Internet censorship. However, I need to issue a caveat. Recent developments in China have demonstrated that even VPN can be blocked. In late 2012, it was widely reported that the Great Firewall of China How To Quickly Check If Your Site Is Visible Behind The Great Firewall Of China How To Quickly Check If Your Site Is Visible Behind The Great Firewall Of China The Great Firewall of China, officially known as the Golden Shield project, uses a variety of methods to block foreign websites that the Chinese government doesn’t like. The Chinese government doesn’t publish a list of... Read More is now able to learn, discover and block encrypted network traffic from several VPN systems (not all). China Unicom, one of the largest ISPs in China, is now terminating connections whenever an encrypted connection is detected.

However, it is clear that the there is an intense contest pitting VPN firms against Internet censors with each trying to stay ahead. It is a cat-and-mouse game with the VPN companies just managing to stay above water – after all that is what we pay them to do. For complete anonymity online, though, nothing beats Tor. The NSA, in documents leaked to The Guardian, has admitted that Tor is hands down “the king of high-secure, low-latency internet anonymity.

Finally, future attempts at censorship appear aimed at hacking desktops, tablets and smartphones to embed blocking software directly in users’ devices. Moving forward, powerful antivirus and anti-spyware will prove to be a sensible investment.

Have you experienced Internet censorship lately? How did you work around it? Share your experiences and comments with us below.

Leave a Reply

Your email address will not be published. Required fields are marked *