Modern field guide to security and privacy

Scaling the firewall: Ways around government censorship online

As countries such as Turkey, China, Ethiopia, and Bahrain block online content, people are discovering ways to get around Internet censors. Their methods depend on the kind of censorship they face and what they are doing online.

|
Dado Ruvic/Reuters
Turkish Twitter error messages are seen through a Twitter logo in this file photo illustration.

When Turkey temporarily blocked more than 100 websites — including Facebook, Twitter, and YouTube — earlier this month in an effort to censor a photo that authorities there called "terrorist propaganda," the blackout generated an uproar across the Web and #twitterisblockedinturkey became a top trending hashtag on Twitter.

Online censorship is something the Turkish people are becoming accustomed to, and are increasingly finding ways around. And they are hardly the alone in facing regular online outages. 

Countries such as China, Ethiopia, Bahrain, and Cuba regularly censor online content. Just like in Turkey, people discover ways to access that content anyway. That could mean changing their domain name system settings, getting a virtual private network, or downloading software that enables anonymous communication on the Web.

Which tool a user chooses depends on what kind of censorship they are up against and what they are doing online.

There are three main kinds of Internet censorship. In domain name system, or DNS, based censorship, a country changes its local servers to remove a blocked website's Internet protocol (IP) address. When countries do this, anyone trying to access a forbidden site will get an error message or be redirected to another site. 

IP and port blocking are similar to DNS-based censorship. Here, a country puts a firewall in between its people and a website or online service it wants to block. This makes the blocked site or service unavailable to anyone in that country.

The third, more sophisticated, method is called deep packet inspection. Just like the first two, it can block specific Internet sites and services. But it can also filter out keywords such as “Dalai Lama” or "Falun Gong."

Using foreign DNS servers and proxies

To get around DNS censorship, users can change DNS settings by following some simple instructions (Mac and Windows). That requires the IP address of a DNS server outside of government control. Popular choices include Google’s public DNS server at 8.8.8.8 or OpenDNS at 208.67.222.22. Once set up, these changes let a user connect to banned sites without getting error messages or redirects.

To get around Internet protocol and port blocking, many people use Web-based proxies such as ProxySite.com. Proxies let people access banned websites simply by typing their address into a search window on the proxy website. Government firewalls see only the proxy, not the banned one. That lets a user access any site they want, including Twitter and Facebook. Still, proxies can’t access services such as instant messaging, which authorities may also block. Proxy.org has more information and a list of proxies.

These methods may be simple and free, but they are not secure. A repressive government can track what its citizens do on a public DNS server or a Web proxy. They are also open to more sophisticated forms of censorship.

Virtual Private Networks

A virtual private network (VPN) acts like an envelope for Internet traffic. VPNs encrypt a user’s Internet traffic and route it through their servers. That means they can get around almost every form of online censorship. They also protect against surveillance by local authorities.

Setting up a VPN is straightforward (instructions for Mac and Windows), but you will need to pay for an account on a VPN service first. If you want to stay anonymous, the Electronic Frontier Foundation recommends using Bitcoin or a pre-paid credit card bought with cash. It’s also good to use a VPN based in a country that is unlikely to hand data over to your government.

The website TorrentFreak surveyed VPNs about their privacy policies, but you will have to take the VPNs’ word for it. All traffic on a VPN passes through a central server. Whoever owns the VPN can simply log user traffic or build in a government backdoor, no matter what their privacy policy says.

That’s not the only problem. Thanks to Edward Snowden, we know the National Security Agency has found ways around most VPN encryption. Other well-funded intelligence agencies are probably not far behind.

Enter Tor, the gold standard for anonymous, censorship-free Web browsing.

Tor

The Tor Browser Bundle is a fortified version of Mozilla’s Firefox Web browser that lets users skirt government censorship while staying anonymous. There are no accounts to buy or complicated settings to change. Users simply download and install the software. One leaked NSA presentation called Tor “The king of high-secure, low-latency anonymity.”

“I think it really basically comes down to Tor and everybody else,” says Eva Galperin, global policy analyst at the Electronic Frontier Foundation. “Tor gives you anonymity; nobody else does.”

Tor works by encrypting a user’s traffic through a series of relays. Multiple relays means there is not one fail point. That makes Tor much harder to compromise than a VPN or a proxy. (But keep your version up to date; governments sometimes find security flaws.)

Tor does have downsides. It can be quite slow, for example. And two of the biggest Internet censors, China and Iran, actively block it. While specific VPN’s may not always work in those countries, some VPN will, Galperin explained. That is not always the case with Tor.

To combat that, the Tor Project, which maintains the Tor browser, developed bridges and pluggable transports. They mask Tor traffic and make it harder for censors in China and Iran to block. It’s a constant game of cat-and-mouse between governments and developers. But Galperin sees a bigger threat to the open web. China has replaced websites such as Twitter and Facebook with highly censored, and incredibly popular, alternatives.

“The reason why very few people go through the trouble of circumventing Internet censorship in order to use Twitter or Facebook in China is because their friends aren't there,” said Ms. Galperin.

That’s not a problem software can fix.

For more information on getting around government censorship, visit Surveillance Self-Defense and Security in a Box.

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Scaling the firewall: Ways around government censorship online
Read this article in
https://www.csmonitor.com/World/Passcode/2015/0420/Scaling-the-firewall-Ways-around-government-censorship-online
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe