Pinterest Stumbleupon Whatsapp
Ads by Google

If you live in a free and democratic society, the idea that someone can control your browsing choices probably is quite disturbing. Employers blocking Facebook during working hours may be acceptable. What a free society should completely oppose, however, is censorship based on someone else’s moral code, religious belief or political ideology.

Irrespective of who does the censoring, the methods used are more or less the same. This article examines some of the most common methods used to filter content as well as emerging trends. In each case, I have provided a solution or practical workaround.

The Current State Of Internet Censorship

The Internet is being censored in several countries around the world. Over a billion people — 20 percent of the global population — are affected. Due to its large population of Internet users (over 500 million), China is the best known culprit, but certainly not the worst. Our Information Liberation Guide by Jim Rion has some useful information on global Internet censorship Avoiding Censorship: How Blocked Websites Stay Online and Accessible [MakeUseOf Explains] Avoiding Censorship: How Blocked Websites Stay Online and Accessible [MakeUseOf Explains] We've been hearing a lot about website-blocking recently, particularly with anti-piracy organizations forcing Internet service providers to block access to The Pirate Bay in the UK and elsewhere. However, when UK Internet service provider BT... Read More and lists the following countries as the worst violators:

  • North Korea
  • China
  • Iran
  • Saudi Arabia

Other countries not well known for Internet censorship include Bahrain, Belarus, Burma, Cuba, Syria, Uzbekistan, Turkmenistan and Vietnam.

Internet censorship isn’t limited to oppressive regimes. For example, it is common practice for educational institutions all over the world to implement filtering of content deemed objectionable. Companies and institutions also do the same. Many public WiFi access points block pornography or material based on hate and violence. Maybe you have also used public WiFi hotspots where access to streaming media sites was blocked and file downloads were restricted. Clearly, the Internet isn’t free.

The Methods Used For Internet Censorship

IP Blocking

This is the most basic method used to filter content. It involves blocking the IP address of the target website. Unfortunately, all websites sharing the same IP address, which is usually the case on a shared hosting server, are also blocked. This was the method used by ISPs in the UK to block The Pirate Bayfollowing a court order in April 2012. Workaround: All you need is a proxy with access to the blocked site. There are numerous free proxies online. This article by Guy McDowell lists four sites that give you a free updated proxy list 4 Sites That Give You A Free Updated Proxy List 4 Sites That Give You A Free Updated Proxy List Read More . The proxy server fetches the website for you and displays it on your browser. Your ISP only sees the IP address of the proxy and not the blocked website. Blocked websites can also beat this censorship method by adding a new IP address and letting users know about it. Users are then able to access the site without any problems.

Ads by Google

DNS Filtering and Redirection

This is a much more sophisticated filtering method where the Domain Name Server (DNS) DNS Is Just A Proxy - Use A VPN To Access Region Blocked Video DNS Is Just A Proxy - Use A VPN To Access Region Blocked Video For copyright reasons, certain media companies only allow their content to be viewed in certain geographic areas. In plain English, what this means is that they are meanies who suck. And what does the Internet... Read More fails to resolve the correct domain or returns an incorrect IP address. ISPs in many countries use this method to block illegal sites, for example, Denmark and Norway use DNS filtering to block child porn websites. China and Iran have also used this method numerous times in the past to block access to legitimate sites. Read Danny’s article on how to change your DNS How To Change Your DNS Servers & Improve Internet Security How To Change Your DNS Servers & Improve Internet Security Imagine this - you wake up one beautiful morning, pour yourself a cup of coffee, and then sit down at your computer to get started with your work for the day. Before you actually get... Read More for more in-depth information.

Workaround: One way to circumvent this is to find a DNS that resolves the domain name correctly, for example, OpenDNS or Google Public DNS. To change your DNS from your ISP to OpenDNS or Google Public DNS, you must configure it in your operating system or device. Both have excellent tutorials for all types of operating systems. You can also type the numeric IP address in your URL bar instead of the actual domain name though this is less effective especially where sites share IP addresses.

URL Filtering

With URL filtering, the requested URL is scanned for targeted keywords irrespective of the actual domain name typed in the URL. Many popular content control software and filters use this method. Typical users include educational institutions, private companies and government offices.

Workaround: A highly technical method to circumvent this is to use escape characters in the URL. However, it is much simpler to use encrypted protocols such as a Virtual Private Network (VPN) service or Tor. Once the data is encrypted, the filter cannot scan the URL and you can therefore access any website.

Packet Filtering

This method is also known as static packet filtering. It is a firewall technique used to control network access. Incoming and outgoing data packets are monitored and either stopped or allowed through based on pre-determined rules such as source and destination IP addresses, keywords and ports. When used in Internet censorship, TCP packet transmissions are terminated by the ISP when targeted keywords are detected.

Workaround: Again, VPN services and Tor are the best ways to get around packet filtering. Packets sent over VPN and Tor contain dual IP headers. Firewalls are only able to apply the filtering rules to the outer header but not the inner header when these data packets are transmitted.

Man-in-the-middle (MITM) Attack

I have only heard of this method being used by some of the regimes I mentioned earlier. It is a common hacking method, but in January 2010, Chinese authorities successfully used a MITM attack to intercept and track traffic to Github.com. As the name implies, an MITM attack is based on impersonation, where the eavesdropper makes independent connections with the victims and makes them believe they are communicating with one another.

Workaround: The best defense against MITM attacks is to use encrypted network connections, such as offered by HTTPS (what is HTTPS What Is HTTPS & How To Enable Secure Connections Per Default What Is HTTPS & How To Enable Secure Connections Per Default Security concerns are spreading far and wide and have reached the forefront of most everybody's mind. Terms like antivirus or firewall are no longer strange vocabulary and are not only understood, but also used by... Read More ?) and VPN. HTTPS utilizes SSL capabilities in your browser to conceal your network traffic from snooping eyes. There are Chrome and Firefox extensions known as HTTPS Everywhere, that encrypts your communication on most major sites. When browsing on HTTPS, always take note of any browser warnings to the effect that a website’s certificate is not trusted. This could indicate a potential MITM attack. VPN and Tor technology also uses SSL, which forces the attacker to obtain the key used to encrypt the traffic.

TCP Connection Resets/Forged TCP Resets

In this method, when a TCP connection is blocked by an existing filter, all subsequent connection attempts are also blocked. It is also possible for other users or websites to be blocked, if network traffic is routed via the location of the block. TCP connection resets were originally used by hackers to create a DOS (Denial of Service) What Is a DDoS Attack? [MakeUseOf Explains] What Is a DDoS Attack? [MakeUseOf Explains] The term DDoS whistles past whenever cyber-activism rears up its head en-masse. These kind of attacks make international headlines because of multiple reasons. The issues that jumpstart those DDoS attacks are often controversial or highly... Read More condition, but Internet censors in many countries are increasingly finding the technique useful to prevent access to specific sites. In late 2007, it was reported that Comcast used this method to disable peer-to-peer communication. The US FCC ordered Comcast to terminate the practice in August 2008.

Workaround: The workaround for this mainly involves ignoring the reset packet transmitted by the firewall. Ignoring resets can be accomplished by applying simple firewall rules to your router, operating system or antivirus firewall. Configure your firewall to ignore the reset packet so that no further action or response is taken on that packet. You can take this a step further by examining the Time-to-live (TTL) values in the reset packets to establish if they are coming from a censorship device. Internet users in China have successfully used this workaround to beat the Great Firewall of China.

Deep Packet Inspection (DPI)

Now this one is really scary. Under the wings of the PRISM project What Is PRISM? Everything You Need to Know What Is PRISM? Everything You Need to Know The National Security Agency in the US has access to whatever data you're storing with US service providers like Google Microsoft, Yahoo, and Facebook. They're also likely monitoring most of the traffic flowing across the... Read More , the NSA used this method to eavesdrop and read private email communications. China and Iran use deep packet inspection for both eavesdropping and Internet censorship. DPI technology allows prying eyes to examine the data part of a packet to search for non-compliance against pre-determined criteria. These could be keywords, a targeted email address, IP address or a telephone number in the case of VoIP. While DPI was originally used to defend against spam, viruses and system intrusion, it is clear from recent developments that it is a now a weapon of choice for Internet censorship.

Workaround: To beat a Deep Packet Inspection, you need to connect to a remote server using a secure VPN link. The Tor Browser bundle is ideal to evade deep packet inspection because it conceals your location or usage from anyone carrying out network surveillance Can You Escape Internet Surveillance Programs Like PRISM? Can You Escape Internet Surveillance Programs Like PRISM? Ever since Edward Snowden blew the whistle on PRISM, the NSA's no longer secret surveillance program, we know one thing with certainty: nothing that happens online can be considered private. Can you really escape the... Read More or traffic analysis.

Conclusion & Outlook

I have mentioned VPN and Tor as a workaround to most forms of Internet censorship. However, I need to issue a caveat. Recent developments in China have demonstrated that even VPN can be blocked. In late 2012, it was widely reported that the Great Firewall of China How To Quickly Check If Your Site Is Visible Behind The Great Firewall Of China How To Quickly Check If Your Site Is Visible Behind The Great Firewall Of China The Great Firewall of China, officially known as the Golden Shield project, uses a variety of methods to block foreign websites that the Chinese government doesn’t like. The Chinese government doesn’t publish a list of... Read More is now able to learn, discover and block encrypted network traffic from several VPN systems (not all). China Unicom, one of the largest ISPs in China, is now terminating connections whenever an encrypted connection is detected.

However, it is clear that the there is an intense contest pitting VPN firms against Internet censors with each trying to stay ahead. It is a cat-and-mouse game with the VPN companies just managing to stay above water – after all that is what we pay them to do. For complete anonymity online, though, nothing beats Tor. The NSA, in documents leaked to The Guardian, has admitted that Tor is hands down “the king of high-secure, low-latency internet anonymity.

Finally, future attempts at censorship appear aimed at hacking desktops, tablets and smartphones to embed blocking software directly in users’ devices. Moving forward, powerful antivirus and anti-spyware will prove to be a sensible investment.

Have you experienced Internet censorship lately? How did you work around it? Share your experiences and comments with us below.

  1. Roderick
    July 7, 2016 at 6:20 pm

    Rod
    Referance comment by Tim above; TalkTalk here in the UK happily censor some sites.
    Blandly stating they have been told to "by the courts"

  2. baback
    February 6, 2016 at 10:57 pm

    I live in IRAN ,85% of the world sites are blocked , Not a single form of video is allowed ,there are VPNs sold out but these PERMITtED VPNs!! = 2 agents sitting right next to me , or they are rats ear ( there is an expression in Persian saying : THE WALL HAS MOUSE AND THE MOUSE HAS EARS ! != be careful what you say! (or click)
    The article is perfect clearing filtering tasks .makes me read a lot to make my own fragile anonymity( would take months ,a pilot ,not much of internet) then through that a tor or something .
    I tried almost all the above didn't work ,Why? any site containing VPN , PROXY , TOR , CISCO.....are blocked and local vpns bring tons of cookies, malwares , trojans , ... that would take years to get rid of, but i am not giving up , thanks for the article again

  3. Herbert Coleman
    July 25, 2015 at 12:58 pm

    Blocking VPN services seems trivial to me. Most publish their DNS and IP entries publicly (see PrivateInternetAccess.com - which is what I use).

    I realized this accidentally, when my VPN service was refusing to connect at a local university.

    It turns out the university used OpenDNS (which I did too), and the default OpenDNS filter for Pornography interestingly includes anonymization and proxy services - including my VPN service!

    Very trivial indeed. I replicated the issue by setting my home router to use OpenDNS DNS IPs, then logged in to confirm I was using the default filters. Sure enough - no VPN service.

    I contacted PrivateInternetAccess.com via webchat to see if they had any ideas to get around this, and their official reply is "We can do nothing about networks that employ advanced security..." Advanced?!! More like child's play.

    I can see it being trivial as well for companies to simply scrape sites that list open proxies, etc. and shut those down as well. Wouldn't be surprised if OpenDNS already did that.

  4. Harriet Logan
    June 6, 2015 at 9:38 am

    I'm amazed at how many people in the US do not realize that the US censors many types of pornography. The net result is that most porn is now made by essentially paid prostitutes instead of amateurs who enjoy sex, and the audience for porn is stuck with essentially being directed to prostitutes and public prostitution by the government! It these prostitutes merely plied their trade in private, it would be considered an illegal act of prostitution though.

    Amateur producers of porn cannot protect themselves from the government's harassment of what they are filming, so porn production is left in the hands of a few giant COMMERCIAL purveyors of acts of prostitution being filmed, who can group and access legal resources when the government comes their way, The result is a very ugly and consistently offensive 'sex' being sent our way by teams of prostitutes and those that pay them their salaries. Prostitutes are not very sensual at all since it is merely a business transaction and not an erotic one.

  5. Tim
    February 18, 2015 at 8:25 pm

    The United Kingdom also censors the internet, dont forget to list the western countries !

  6. Lisa M
    December 13, 2013 at 9:00 pm

    What about websites that "censor" in their own way by "requiring" real names and social media logins before commenting, thus contributing to "group-think" and gutting the "online dis-inhibition effect"? Or companies that fire you for posting something online that they "don't like" for whatever reason, i.e. if you work for Chick-Fil-A and post something favorable about gay marriage? What can be done about this problem, which is a very significant problem in the so-called "land of the free" United States? Congress is no help, of course...

  7. Carl C
    November 13, 2013 at 4:09 pm

    I live in Mexico, and while Mexico itself doesn't block any sites, there any many sites that don't allow visitors from outside the US (Pandora, for example). The best way that I've found to circumvent these restrictions is an extension for Chrome called Hola Unblocker. It's available in the Chrome store, and it works perfectly: it allows you to visit US-only sites from anywhere in the world.

    • kihara
      November 14, 2013 at 4:13 pm

      Carl, that's sounds interesting, I'll definitely check it out!

  8. AndreG
    November 13, 2013 at 12:17 pm

    I have not yet looked into its use to circumvent DNS blocking, but, there is a DNS encryption client free from OpenDNS (source is on GITHUB) .

    Also in your article a quick read would suggest that OpenDNS is used to circumvent controls, when actually it is a control, and a good one at that... I have the pleasure of reviewing their umbrella service too, and again a quick review suggests a very good first defence for minimal outlay..

  9. Nabil
    November 13, 2013 at 9:51 am

    just use ultrasurf.us

    • Unknown
      December 30, 2014 at 7:18 pm

      blocked in my country :v

Leave a Reply

Your email address will not be published. Required fields are marked *