Scaling the firewall: Ways around government censorship online (+video)
As countries such as Turkey, China, Ethiopia, and Bahrain block online content, people are discovering ways to get around Internet censors. Their methods depend on the kind of censorship they face and what they are doing online.
When Turkey temporarily blocked more than 100 websites — including Facebook, Twitter, and YouTube — earlier this month in an effort to censor a photo that authorities there called "terrorist propaganda," the blackout generated an uproar across the Web and #twitterisblockedinturkey became a top trending hashtag on Twitter.
Online censorship is something the Turkish people are becoming accustomed to, and are increasingly finding ways around. And they are hardly the alone in facing regular online outages.
Countries such as China, Ethiopia, Bahrain, and Cuba regularly censor online content. Just like in Turkey, people discover ways to access that content anyway. That could mean changing their domain name system settings, getting a virtual private network, or downloading software that enables anonymous communication on the Web.
Which tool a user chooses depends on what kind of censorship they are up against and what they are doing online.
There are three main kinds of Internet censorship. In domain name system, or DNS, based censorship, a country changes its local servers to remove a blocked website's Internet protocol (IP) address. When countries do this, anyone trying to access a forbidden site will get an error message or be redirected to another site.
IP and port blocking are similar to DNS-based censorship. Here, a country puts a firewall in between its people and a website or online service it wants to block. This makes the blocked site or service unavailable to anyone in that country.
The third, more sophisticated, method is called deep packet inspection. Just like the first two, it can block specific Internet sites and services. But it can also filter out keywords such as “Dalai Lama” or "Falun Gong."
Using foreign DNS servers and proxies
To get around DNS censorship, users can change DNS settings by following some simple instructions (Mac and Windows). That requires the IP address of a DNS server outside of government control. Popular choices include Google’s public DNS server at 184.108.40.206 or OpenDNS at 220.127.116.11. Once set up, these changes let a user connect to banned sites without getting error messages or redirects.
To get around Internet protocol and port blocking, many people use Web-based proxies such as ProxySite.com. Proxies let people access banned websites simply by typing their address into a search window on the proxy website. Government firewalls see only the proxy, not the banned one. That lets a user access any site they want, including Twitter and Facebook. Still, proxies can’t access services such as instant messaging, which authorities may also block. Proxy.org has more information and a list of proxies.
These methods may be simple and free, but they are not secure. A repressive government can track what its citizens do on a public DNS server or a Web proxy. They are also open to more sophisticated forms of censorship.
Virtual Private Networks
A virtual private network (VPN) acts like an envelope for Internet traffic. VPNs encrypt a user’s Internet traffic and route it through their servers. That means they can get around almost every form of online censorship. They also protect against surveillance by local authorities.
Setting up a VPN is straightforward (instructions for Mac and Windows), but you will need to pay for an account on a VPN service first. If you want to stay anonymous, the Electronic Frontier Foundation recommends using Bitcoin or a pre-paid credit card bought with cash. It’s also good to use a VPN based in a country that is unlikely to hand data over to your government.
That’s not the only problem. Thanks to Edward Snowden, we know the National Security Agency has found ways around most VPN encryption. Other well-funded intelligence agencies are probably not far behind.
Enter Tor, the gold standard for anonymous, censorship-free Web browsing.
The Tor Browser Bundle is a fortified version of Mozilla’s Firefox Web browser that lets users skirt government censorship while staying anonymous. There are no accounts to buy or complicated settings to change. Users simply download and install the software. One leaked NSA presentation called Tor “The king of high-secure, low-latency anonymity.”
“I think it really basically comes down to Tor and everybody else,” says Eva Galperin, global policy analyst at the Electronic Frontier Foundation. “Tor gives you anonymity; nobody else does.”
Tor works by encrypting a user’s traffic through a series of relays. Multiple relays means there is not one fail point. That makes Tor much harder to compromise than a VPN or a proxy. (But keep your version up to date; governments sometimes find security flaws.)
Tor does have downsides. It can be quite slow, for example. And two of the biggest Internet censors, China and Iran, actively block it. While specific VPN’s may not always work in those countries, some VPN will, Galperin explained. That is not always the case with Tor.
To combat that, the Tor Project, which maintains the Tor browser, developed bridges and pluggable transports. They mask Tor traffic and make it harder for censors in China and Iran to block. It’s a constant game of cat-and-mouse between governments and developers. But Galperin sees a bigger threat to the open web. China has replaced websites such as Twitter and Facebook with highly censored, and incredibly popular, alternatives.
“The reason why very few people go through the trouble of circumventing Internet censorship in order to use Twitter or Facebook in China is because their friends aren't there,” said Ms. Galperin.
That’s not a problem software can fix.