Internet censorship circumvention

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Internet censorship circumvention is the use of various methods and tools to bypass internet censorship.

Various techniques and methods are used to bypass Internet censorship, and have differing ease of use, speed, security, and risks. Some methods, such the use of alternate DNS servers, evade blocking by using an alternate address or address lookup system to access the site.[1][2] Techniques using website mirrors or archive sites rely on other copies of the site being available at different locations.[3] Additionally, there are solutions that rely on gaining access to an Internet connection that is not subject to filtering, often in a different jurisdiction not subject to the same censorship laws, using technologies such as proxying, Virtual Private Networks, or anonymization networks.[4]

An arms race has developed between censors and developers of circumvention software, resulting in more sophisticated blocking techniques by censors and the development of harder-to-detect tools by researchers.[5] Estimates of adoption of circumvention tools vary substantially and are disputed.[6][7][8][9] Barriers to adoption can include usability issues,[10] difficulty finding reliable and trustworthy information about circumvention,[11] lack of desire to access censored content,[12] and risks from breaking the law.[3]

Circumvention methods[edit]

There are many methods available that may allow the circumvention of Internet filtering, which can widely vary in terms of implementation difficulty, effectiveness, and resistance to detection.

Alternate names and addresses[edit]

Filters may block specific domain names, either using DNS hijacking or URL filtering. Sites are sometimes accessible through alternate names and addresses that may not be blocked.[1]

Some websites may offer the same content at multiple pages or domain names.[2] For example, the English Wikipedia is available at https://en.wikipedia.org/, and there is also a mobile-formatted version at https://en.m.wikipedia.org/.

If DNS resolution is disrupted but the site is not blocked in other ways, it may be possible to access a site directly through its IP address. Using alternative DNS servers, or public recursive name servers may bypass DNS-based blocking.[1]

Censors may block specific IP addresses. Depending on how the filtering is implemented, it may be possible to use different forms of the IP address, such as by specifing the address in a different base.[13] For example, the following URLs all access the same site, although not all browsers will recognize all forms: http://208.80.152.2 (dotted decimal), http://3494942722 (decimal), http://0320.0120.0230.02 (dotted octal), http://0xd0509802 (hexadecimal), and http://0xd0.0x50.0x98.0x2 (dotted hexadecimal).

Mirrors, caches, and copies[edit]

Cached pages: Some search engines keep copies of previously indexed webpages, or cached pages, which are often hosted by search engines and may not be blocked.[3] For example, Google allows the retrieval of cached pages by entering "cache:some-url" as a search request.[14]

Mirror and archive sites: Copies of web sites or pages may be available at mirror or archive sites such as the Internet Archive's Wayback Machine.

RSS aggregators: RSS aggregators such as Feedly may be able to receive and pass on RSS feeds that are blocked when accessed directly.[3]

Proxying[edit]

Web proxies: Proxy websites are configured to allow users to load external web pages through the proxy server, permitting the user to load the page as if it is coming from the proxy server and not the (blocked) source.[3] However, depending on how the proxy is configured, a censor may be able to determine the pages loaded and/or determine that the user is using a proxy server.[2]

For example, the mobile Opera Mini browser uses a proxy-based approach employing encryption and compression in order to speed up downloads. This has the side effect of allowing it to circumvent several approaches to Internet censorship. In 2009 this led the government of China to ban all but a special Chinese versions of the browser.[15]

Domain fronting: Circumvention software can implement a technique called domain fronting, where the destination of a connection is hidden by passing the initial requests through a content delivery network or other popular site.[16] This technique was used by messaging applications including Signal and Telegram, but large cloud providers such as Amazon Web Services and Google Cloud no longer permit its use.[17]

SSH tunneling: By establishing an SSH tunnel, a user can forward all their traffic over an encrypted channel, so both outgoing requests for blocked sites and the response from those sites are hidden from the censors, for whom it appears as unreadable SSH traffic.[18]

Virtual private network (VPN): Using a VPN, A user who experiences internet censorship can create a secure connection to a more permissive country, and browse the internet as if they were situated in that country.[1] Some services are offered for a monthly fee; others are ad-supported. According to GlobalWebIndex, over 400 million people use virtual private networks to circumvent censorship or for increased level of privacy.[9]

Tor: More advanced tools such as Tor route encrypted traffic through multiple servers to make the source and destination of traffic less traceable. It can in some cases be used to avoid censorship, especially when configured to use traffic obfuscation techniques.[5]

Directions for Tor Pluggable Transports, which use traffic obfuscation techniques to increase censorship resistance.

Traffic obfuscation[edit]

A censor may be able to detect and block use of circumvention tools. There are efforts to make circumvention tools less detectable by randomizing the traffic, attempting to mimic a non-blocked protocol, or tunneling traffic through a whitelisted service by using techniques including domain fronting.[5] Tor and other circumvention tools have adopted multiple obfuscation techniques that users can use depending on the nature of their connection, which are sometimes called "Pluggable Transports."[19]

Sneakernets[edit]

A sneakernet is the transfer of electronic information, especially computer files, by physically carrying data on storage media from one place to another. A sneakernet can move data regardless of network restrictions simply by not using the network at all.[20] One example of a widely adopted sneakernet network is El Paquete Semanal in Cuba.[21]

Adoption of circumvention tools[edit]

Circumvention tools have seen spikes in adoption in response to high-profile blocking attempts,[22][23][24] however, studies measuring adoption of circumvention tools in countries with persistent and widespread censorship report mixed results.[6]

In response to persistent censorship[edit]

Measures and estimates of circumvention tool adoption have reported widely divergent results. A 2010 study by Harvard University researchers estimated that very few users use censorship circumvention tools—likely less than 3% of users even in countries that consistently implement widespread censorship.[6] Other studies have reported substantially larger estimates,[7] but have been disputed.[8]

In China, anecdotal reports suggest that adoption of circumvention tools is particularly high in certain communities, such as universities,[25][26] and a survey by Freedom House found that users generally did not find circumvention tools to be difficult to use.[27] Market research firm GlobalWebIndex has reported that there are over 35 million Twitter users and 63 million Facebook users in China (both services are blocked).[7] However, these estimates have been disputed;[28] Facebook's advertising platform estimates 1 million users in China,[8] and other reports of Twitter adoption estimate 10 million users.[29] Other studies have pointed out that efforts block circumvention tools in China have reduced adoption of those tools; the Tor network previously had over 30,000 users connecting from China but as of 2014 had only approximately 3,000 Chinese users.[30]

In Thailand, internet censorship has existed since 2002, and there is sporadic and inconsistent filtering.[31] In a small-scale survey of 229 Thai internet users, a research group at the University of Washington found that 63% of surveyed users attempted to use circumvention tools, and 90% were successful in using those tools. Users often made on-the-spot decisions about use of circumvention tools based of limited or unreliable information, and had a variety of perceived threats, some more abstract and others more concrete based on personal experiences.[11]

In response to blocking events[edit]

In response to the 2014 blocking of Twitter in Turkey, information about alternate DNS servers was widely shared, as using another DNS server such as Google Public DNS allowed users to access Twitter.[32] The day after the block, the total number of posts made in Turkey was up 138%, according to Brandwatch, an internet measurement firm.[22]

After a April 2018 ban on the Telegram messaging app in Iran, web searches for VPN and other circumvention software increased as much as 48x for some search terms, but there was evidence that users were downloading unsafe software. As many as a third of Iranian internet users used the Psiphon tool in the days immediately following the block, and in June 2018 as many as 3.5 million Iranian users continued to use the tool.[23]

Anonymity, risks, and trust[edit]

Circumvention and anonymity are different. Circumvention systems are designed to bypass blocking, but they do not usually protect identities. Anonymous systems protect a user's identity. And while they can contribute to circumvention, that is not their primary function. It is important to understand that open public proxy sites do not provide anonymity and can view and record the location of computers making requests as well as the websites accessed.[3]

In many jurisdictions accessing blocked content is a serious crime, particularly content that is considered child pornography, a threat to national security, or an incitement of violence. Thus it is important to understand the circumvention technologies and the protections they do or do not provide and to use only tools that are appropriate in a particular context. Great care must be taken to install, configure, and use circumvention tools properly. Individuals associated with high-profile rights organizations, dissident, protest, or reform groups should take extra precautions to protect their online identities.[3]

Circumvention sites and tools should be provided and operated by trusted third parties located outside the censoring jurisdiction that do not collect identities and other personal information. Best are trusted family and friends personally known to the circumventor, but when family and friends are not available, sites and tools provided by individuals or organizations that are only known by their reputations or through the recommendations and endorsement of others may need to be used. Commercial circumvention services may provide anonymity while surfing the Internet, but could be compelled by law to make their records and users' personal information available to law enforcement.[3]

Software[edit]

There are five general types of Internet censorship circumvention software:

CGI proxies use a script running on a web server to perform the proxying function. A CGI proxy client sends the requested url embedded within the data portion of an HTTP request to the CGI proxy server. The CGI proxy server pulls the ultimate destination information from the data embedded in the HTTP request, sends out its own HTTP request to the ultimate destination, and then returns the result to the proxy client. A CGI proxy tool's security can be trusted as far as the operator of the proxy server can be trusted. CGI proxy tools require no manual configuration of the browser or client software installation, but they do require that the user use an alternative, potentially confusing browser interface within the existing browser.

HTTP proxies send HTTP requests through an intermediate proxying server. A client connecting through an HTTP proxy sends exactly the same HTTP request to the proxy as it would send to the destination server unproxied. The HTTP proxy parses the HTTP request; sends its own HTTP request to the ultimate destination server; and then returns the response back to the proxy client. An HTTP proxy tool's security can be trusted as far as the operator of the proxy server can be trusted. HTTP proxy tools require either manual configuration of the browser or client side software that can configure the browser for the user. Once configured, an HTTP proxy tool allows the user transparently to use his normal browser interface.

Application proxies are similar to HTTP proxies, but support a wider range of online applications.

Peer-to-peer systems store content across a range of participating volunteer servers combined with technical techniques such as re-routing to reduce the amount of trust placed on volunteer servers or on social networks to establish trust relationships between server and client users. Peer-to-peer system can be trusted as far as the operators of the various servers can be trusted or to the extent that the architecture of the peer-to-peer system limits the amount of information available to any single server and the server operators can be trusted not to cooperate to combine the information they hold.

Re-routing systems send requests and responses through a series of proxying servers, encrypting the data again at each proxy, so that a given proxy knows at most either where the data came from or is going to, but not both. This decreases the amount of trust required of the individual proxy hosts.

Below is a list of different Internet censorship circumvention software:

Name
Type
Developer
Cost
Web site
Notes
alkasir[33] HTTP proxy Yemeni journalist Walid al-Saqaf free www.alkasir.com Uses 'split-tunneling' to only redirect to proxy servers when blocking is encountered. Is not a general circumvention solution and only allows access to certain blocked websites. In particular it does not allow access to blocked websites that contain pornography, nudity or similar adult content.
Anonymizer[34] HTTP proxy Anonymizer, Inc. paid www.anonymizer.com/ Transparently tunnels traffic through Anonymizer.
CGIProxy[35] HTTP proxy James Marshall free www.jmarshall.com/ Turn a computer into a personal, encrypted proxy server capable of retrieving and displaying web pages to users of the server. CGIProxy is the engine used by many other circumvention systems.
Flash proxy[36] HTTP proxy Stanford University free crypto.stanford.edu/flashproxy/ Uses ephemeral browser-based proxy relays to connect to the Tor network.
Freegate[37] HTTP proxy Dynamic Internet Technology, Inc. free www.dit-inc.us Uses a range of open proxies to access blocked web sites via DIT's DynaWeb anti-censorship network.
Freenet[38] peer-to-peer Ian Clarke free freenetproject.org A decentralized, distributed data store using contributed bandwidth and storage space of member computers to provide strong anonymity protection.
I2P[39]
(originally Invisible Internet Project)
re-routing I2P Project free geti2p.net Uses a pseudonymous overlay network to allow anonymous web browsing, chatting, file transfers, amongst other features.
Java Anon Proxy[40] (also known as JAP or JonDonym) re-routing (fixed) Jondos GmbH free or paid anonymous-proxy-servers.net Uses the underlying anonymity service AN.ON to allow browsing with revocable pseudonymity. Originally developed as part of a project of the Technische Universität Dresden, the Universität Regensburg, and the Privacy Commissioner of Schleswig-Holstein.
Psiphon[41][42] CGI proxy Psiphon, Inc. free psiphon.ca A simple-to-administer, open-source Internet censorship circumvention system in wide-scale use, with a cloud-based infrastructure serving millions.
Proxify[43] HTTP proxy UpsideOut, Inc. free or paid proxify.com/ An encrypted, public, web-based circumvention system. Because the site is public, it is blocked in many countries and by most filtering applications.
StupidCensorship[44] HTTP proxy Peacefire free stupidcensorship.com/ An encrypted, public, web-based circumvention system. Because the site is public, it is blocked in many countries and by most filtering applications. mousematrix.com is a similar site based on the same software.
Tor[45] re-routing (randomized) The Tor Project free www.torproject.org Allows users to bypass Internet censorship while providing strong anonymity.
Ultrasurf[46] HTTP proxy Ultrareach Internet Corporation free www.ultrasurf.us/ Anti-censorship product that allows users in countries with heavy internet censorship to protect their internet privacy and security.

See also[edit]

References[edit]

  1. ^ a b c d Callanan, Cormac; Dries-Ziekenheiner, Hein; Escudero-Pascual, Alberto; Guerra, Robert (2011-04-11). "Leaping Over the Firewall: A Review of Censorship Circumvention Tools" (PDF). freedomhouse.org. Retrieved 2018-12-11.
  2. ^ a b c "How to: Circumvent Online Censorship". Surveillance Self-Defense. 2014-08-05. Retrieved 2018-11-01.
  3. ^ a b c d e f g h Everyone's Guide to By-passing Internet Censorship, The Citizen Lab, University of Toronto, September 2007
  4. ^ New Technologies Battle and Defeat Internet Censorship, Global Internet Freedom Consortium, 20 September 2007
  5. ^ a b c Dixon, Lucas; Ristenpart, Thomas; Shrimpton, Thomas (14 December 2016). "Network Traffic Obfuscation and Automated Internet Censorship". IEEE Security & Privacy. 14 (6): 43–53. arXiv:1605.04044. doi:10.1109/msp.2016.121. ISSN 1540-7993.
  6. ^ a b c "2010 Circumvention Tool Usage Report". Berkman Klein Center. Retrieved 2018-11-15.
  7. ^ a b c "China: The Home to Facebook and Twitter?". GlobalWebIndex Blog. 2012-09-27. Retrieved 2018-12-13.
  8. ^ a b c Ong, Josh (2012-09-26). "Report: Twitter's Most Active Country Is China (Where It Is Blocked)". The Next Web. Retrieved 2018-12-11.
  9. ^ a b Marcello Mari. How Facebook's Tor service could encourage a more open web. The Guardian. Friday 5 December 2014.
  10. ^ Lee, Linda; Fifield, David; Malkin, Nathan; Iyer, Ganesh; Egelman, Serge; Wagner, David (2017-07-01). "A Usability Evaluation of Tor Launcher". Proceedings on Privacy Enhancing Technologies. 2017 (3): 90–109. doi:10.1515/popets-2017-0030. ISSN 2299-0984.
  11. ^ a b Gebhart, Genevieve; Kohno, Tadayoshi (26 April 2017). Internet Censorship in Thailand: User Practices and Potential Threats. 2017 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE. doi:10.1109/eurosp.2017.50. ISBN 9781509057627.
  12. ^ Freedom of connection, freedom of expression: the changing legal and regulatory ecology shaping the Internet, Dutton, William H.; Dopatka, Anna; Law, Ginette; Nash, Victoria, Division for Freedom of Expression, Democracy and Peace, United Nations Educational, Scientific and Cultural Organization (UNESCO), Paris, 2011, 103 pp., ISBN 978-92-3-104188-4
  13. ^ "Circumventing Network Filters Or Internet Censorship Using Simple Methods, VPNs, And Proxies" Archived 14 November 2011 at the Wayback Machine, Not As Cool As It Seems, 16 December 2009, accessed 16 September 2011
  14. ^ "View web pages cached in Google Search Results - Google Search Help". support.google.com. Retrieved 2018-12-11.
  15. ^ Steven Millward (22 November 2009). "Opera accused of censorship, betrayal by Chinese users". CNet Asia. Archived from the original on 3 November 2013.
  16. ^ Fifield, David; Lan, Chang; Hynes, Rod; Wegmann, Percy; Paxson, Vern (2015-06-01). "Blocking-resistant communication through domain fronting". Proceedings on Privacy Enhancing Technologies. 2015 (2): 46–64. doi:10.1515/popets-2015-0009. ISSN 2299-0984.
  17. ^ Bershidsky, Leonid (3 May 2018). "Russian Censor Gets Help From Amazon and Google". Bloomberg. Retrieved 9 November 2018.
  18. ^ Hoffman, Chris. "How to Use SSH Tunneling to Access Restricted Servers and Browse Securely". How-To Geek. Retrieved 2018-12-11.
  19. ^ Shahbar, K.; Zincir-Heywood, A. N. (2015-11-09). Traffic flow analysis of tor pluggable transports. 2015 11th International Conference on Network and Service Management (CNSM). pp. 178–181. doi:10.1109/CNSM.2015.7367356. ISBN 978-3-9018-8277-7.
  20. ^ Sullivan, Bob (13 April 2006) Military Thumb Drives Expose Larger Problem Archived 6 December 2010 at the Wayback Machine MSNBC Retrieved on 25 January 2007.
  21. ^ Apr 12, Matt Kwong · CBC News · Posted:; April 12, 2016 5:00 AM ET | Last Updated:; 2016. "When Cubans want internet content, black-market El Paquete delivers | CBC News". CBC. Retrieved 2018-12-11.
  22. ^ a b Edwards, John (2014-03-21). "From Pac-Man to Bird Droppings, Turkey Protests Twitter Ban". WSJ. Retrieved 2018-11-15.
  23. ^ a b Kargar, Simin; McManamen, Keith (2018). "Censorship and Collateral Damage: Analyzing the Telegram Ban in Iran". doi:10.2139/ssrn.3244046. ISSN 1556-5068. SSRN 3244046.
  24. ^ Al-Saqaf, Walid (2016). "Internet Censorship Circumvention Tools: Escaping the Control of the Syrian Regime". Media and Communication. 4 (1): 39. doi:10.17645/mac.v4i1.357.
  25. ^ "VPN crackdown a trial by firewall for China's research world". South China Morning Post. Retrieved 2018-11-15.
  26. ^ Branigan, Tania (2011-02-18). "China's Great Firewall not secure enough, says creator". The Guardian. ISSN 0261-3077. Retrieved 2018-12-11.
  27. ^ Callanan, Cormac; Dries-Ziekenheiner, Hein; Escudero-Pascual, Alberto; Guerra, Robert (2011-04-11). "Leaping Over the Firewall: A Review of Censorship Circumvention Tools" (PDF). freedomhouse.org. Retrieved 2018-12-11.
  28. ^ Mari, Marcello (2014-12-05). "How Facebook's Tor service could encourage a more open web". The Guardian. ISSN 0261-3077. Retrieved 2018-12-13.
  29. ^ "Twitter estimates that it has 10 million users in China". TechCrunch. Retrieved 2018-12-11.
  30. ^ Crandall, Jedidiah R.; Mueen, Abdullah; Winter, Philipp; Ensafi, Roya (2015-04-01). "Analyzing the Great Firewall of China Over Space and Time". Proceedings on Privacy Enhancing Technologies. 2015 (1): 61–76. doi:10.1515/popets-2015-0005.
  31. ^ Access contested : security, identity, and resistance in Asian cyberspace information revolution and global politics. Deibert, Ronald. Cambridge, MA: MIT Press. 2012. p. 85. ISBN 9780262298919. OCLC 773034864.
  32. ^ "Turkish citizens use Google to fight Twitter ban". The Verge. Retrieved 2018-11-15.
  33. ^ "About alkasir" Archived 10 September 2011 at the Wayback Machine, alkasir.com, accessed 16 September 2011
  34. ^ www.anonymizer.com/, Anonymizer, Inc., accessed 16 September 2011
  35. ^ CGIProxy", James Marshall, accessed 17 September 2011
  36. ^ "Flash proxies", Applied Crypto Group in the Computer Science Department at Stanford University, accessed 21 March 2013
  37. ^ "About D.I.T." Archived 26 September 2011 at the Wayback Machine, Dynamic Internet Technology, accessed 16 September 2011
  38. ^ "What is Freenet?" Archived 16 September 2011 at the Wayback Machine, The Freenet Project, accessed 16 September 2011
  39. ^ "I2P Anonymous Network", I2P Project, accessed 16 September 2011
  40. ^ "Revocable Anonymity", Stefan Köpsell, Rolf Wendolsky, Hannes Federrath, in Proc. Emerging Trends in Information and Communication Security: International Conference, Günter Müller (Ed.), ETRICS 2006, Freiburg, Germany, 6–9 June 2006, LNCS 3995, Springer-Verlag, Heidelberg 2006, pp.206-220
  41. ^ "About Psiphon", Psiphon, Inc., 4 April 2011
  42. ^ "Psiphon Content Delivery Software", Launchpad, accessed 16 September 2011
  43. ^ "About Proxify", UpsideOut, Inc., accessed 17 September 2011
  44. ^ About StupidCensorship.com, Peacefire, accessed 17 September 2011
  45. ^ "Tor: Overview", The Tor Project, Inc., accessed 16 September 2011
  46. ^ "About UltraReach", Ultrareach Internet Corp., accessed 16 September 2011

External links[edit]