Internet censorship circumvention
This article may require copy editing for grammar, style, cohesion, tone, or spelling. (November 2023) |
Internet censorship circumvention, also referred to as going over the wall (Chinese: 翻墙; pinyin: fān qiáng)[1][2] or scientific browsing (Chinese: 科学上网; pinyin: kēxué shàngwǎng)[3] in China, is the use of various methods and tools to bypass internet censorship.
There are many different techniques to bypass such censorship, each with unique challenges regarding ease of use, speed, and security risks. Examples of tools commonly used include
An arms race has developed between censors and developers of circumvention software, resulting in more sophisticated blocking techniques by censors and the development of harder-to-detect tools by tool developers.[8] Estimates of adoption of circumvention tools vary substantially and are disputed, but are widely understood to be in the tens of millions of monthly active users.[9][10][11][12] Barriers to adoption can include usability issues,[13] difficulty finding reliable and trustworthy information about circumvention,[14] lack of desire to access censored content,[15] and risks from breaking the law.[7]
Circumvention methods
There are many methods available that may allow the circumvention of Internet filtering, which can widely vary in terms of implementation difficulty, effectiveness, and resistance to detection.
Alternate names and addresses
Filters may block specific domain names, either using DNS hijacking or URL filtering. Sites are sometimes accessible through alternate names and addresses that may not be blocked.[4]
Some websites may offer the same content at multiple pages or domain names.[5] For example, the English Wikipedia is available at Main Page, and there is also a mobile-formatted version at Wikipedia, the free encyclopedia.
If DNS resolution is disrupted but the site is not blocked in other ways, it may be possible to access a site directly through its IP address or modifying the host file. Using alternative DNS servers, or public recursive name servers (especially when used through an encrypted DNS client), may bypass DNS-based blocking.[4]
Censors may block specific IP addresses. Depending on how the filtering is implemented, it may be possible to use different forms of the IP address, such as by specifying the address in a different base.[16] For example, the following URLs all access the same site, although not all browsers will recognize all forms: http://1.1.1.1/ (dotted decimal), http://16843009/ (decimal), http://0001.0001.0001.0001/ (dotted octal), [1] (hexadecimal), and http://0x01.0x01.0x01.0x01/[permanent dead link] (dotted hexadecimal).
Blockchain technology is an attempt to decentralize namespaces outside the control of a single entity.[17][18] Decentralized namespaces enable censorship resistant domains. The BitDNS discussion began in 2010 with a desire to achieve names that are decentralized, secure and human readable.[19]
Mirrors, caches, and copies
Cached pages: Some search engines keep copies of previously indexed webpages, or cached pages, which are often hosted by search engines and may not be blocked.[7] For example, Google allows the retrieval of cached pages by entering "cache:some-url" as a search request.[20]
Mirror and archive sites: Copies of web sites or pages may be available at
RSS aggregators: RSS aggregators such as Feedly may be able to receive and pass on RSS feeds that are blocked when accessed directly.[7]
Alternative platforms
Decentralized Hosting: Content creators may publish to an alternative platform which is willing to host ones content.
Anonymity Networks: The anonymity
Federated: Being semi-decentralized, federated platforms such as
See: Darknets
Proxying
Web proxies: Proxy websites are configured to allow users to load external web pages through the proxy server, permitting the user to load the page as if it is coming from the proxy server and not the (blocked) source.[7] However, depending on how the proxy is configured, a censor may be able to determine the pages loaded and/or determine that the user is using a proxy server.[5]
For example, the mobile Opera Mini browser uses a proxy-based approach employing encryption and compression in order to speed up downloads. This has the side effect of allowing it to circumvent several approaches to Internet censorship. In 2009 this led the government of China to ban all but a special Chinese version of the browser.[25]
Domain fronting: Circumvention software can implement a technique called domain fronting, where the destination of a connection is hidden by passing the initial requests through a content delivery network or other popular site which censors may be unwilling to block.[26] This technique was used by messaging applications including Signal and Telegram. Tor's meek uses Microsoft's Azure cloud. However, large cloud providers such as Amazon Web Services and Google Cloud no longer permit its use.[27] Website owners can use a free account to use a Cloudflare domain for fronting.[28][29]
SSH tunneling: By establishing an SSH tunnel, a user can forward all their traffic over an encrypted channel, so both outgoing requests for blocked sites and the response from those sites are hidden from the censors, for whom it appears as unreadable SSH traffic.[30]
Virtual private network (VPN): Using a
Tor: More advanced tools such as
Traffic obfuscation
A censor may be able to detect and block use of circumvention tools through
Internet alternatives
Functionality that people may be after might overlap with non-internet services, such as traditional mail, Bluetooth, or walkie-talkies. The following are some detailed examples:
Alternative data transport
Datacasting allows transmission of Web pages and other information via satellite broadcast channels bypassing the Internet entirely. This requires a satellite dish and suitable receiver hardware but provides a powerful means of avoiding censorship. Because the system is entirely receive only for the end user, a suitably air-gapped computer can be impossible to detect.[33]
Sneakernets
A sneakernet is the transfer of electronic information, especially computer files, by physically carrying data on storage media from one place to another. A sneakernet can move data regardless of network restrictions simply by not using the network at all.[34] One example of a widely adopted sneakernet network is El Paquete Semanal in Cuba.[35]
Adoption of circumvention tools
Circumvention tools have seen spikes in adoption in response to high-profile blocking attempts,[36][37][38] however, studies measuring adoption of circumvention tools in countries with persistent and widespread censorship report mixed results.[9]
In response to persistent censorship
Measures and estimates of circumvention tool adoption have reported widely divergent results. A 2010 study by Harvard University researchers estimated that very few users use censorship circumvention tools—likely less than 3% of users even in countries that consistently implement widespread censorship.[9] Other studies have reported substantially larger estimates,[10] but have been disputed.[11]
In China, anecdotal reports suggest that adoption of circumvention tools is particularly high in certain communities, such as universities,
In Thailand, internet censorship has existed since 2002, and there is sporadic and inconsistent filtering.[44] In a small-scale survey of 229 Thai internet users, a research group at the University of Washington found that 63% of surveyed users attempted to use circumvention tools, and 90% were successful in using those tools. Users often made on-the-spot decisions about use of circumvention tools based on limited or unreliable information, and had a variety of perceived threats, some more abstract and others more concrete based on personal experiences.[14]
In response to blocking events
In response to the 2014 blocking of Twitter in
After an April 2018 ban on the Telegram messaging app in Iran, web searches for VPN and other circumvention software increased as much as 48x for some search terms, but there was evidence that users were downloading unsafe software. As many as a third of Iranian internet users used the Psiphon tool in the days immediately following the block, and in June 2018 as many as 3.5 million Iranian users continued to use the tool.[37]
Anonymity, risks, and trust
Circumvention and anonymity are different. Circumvention systems are designed to bypass blocking, but they do not usually protect identities. Anonymous systems protect a user's identity, and while they can contribute to circumvention, that is not their primary function. Open public proxy sites do not provide anonymity and can view and record the location of computers making requests as well as the websites accessed.[7]
In many jurisdictions accessing blocked content is a serious crime, particularly content that is considered to be child pornography, a threat to national security, or an incitement of violence. Thus it is important to understand the circumvention technologies and the protections they do or do not provide and to use only tools that are appropriate in a particular context. Great care must be taken to install, configure, and use circumvention tools properly. Individuals associated with high-profile rights organizations, dissident, protest, or reform groups should take extra precautions to protect their online identities.[7]
Circumvention sites and tools should be provided and operated by trusted third parties located outside the censoring jurisdiction that do not collect identities and other personal information. Trusted family and friends personally known to the circumventor are best, but when family and friends are not available, sites and tools provided by individuals or organizations that are only known by their reputations or through the recommendations and endorsement of others may need to be used. Commercial circumvention services may provide anonymity while surfing the Internet, but could be compelled by law to make their records and users' personal information available to law enforcement.[7]
Software
There are five general types of Internet censorship circumvention software:
CGI proxies use a script running on a web server to perform the proxying function. A CGI proxy client sends the requested url embedded within the data portion of an HTTP request to the CGI proxy server. The CGI proxy server pulls the ultimate destination information from the data embedded in the HTTP request, sends out its own HTTP request to the ultimate destination, and then returns the result to the proxy client. A CGI proxy tool's security can be trusted as far as the operator of the proxy server can be trusted. CGI proxy tools require no manual configuration of the browser or client software installation, but they do require that the user use an alternative, potentially confusing browser interface within the existing browser.
HTTP proxies send
Application proxies are similar to HTTP proxies, but support a wider range of online applications.
Peer-to-peer systems store content across a range of participating volunteer servers combined with technical techniques such as re-routing to reduce the amount of trust placed on volunteer servers or on social networks to establish trust relationships between server and client users. Peer-to-peer system can be trusted as far as the operators of the various servers can be trusted or to the extent that the architecture of the peer-to-peer system limits the amount of information available to any single server and the server operators can be trusted not to cooperate to combine the information they hold.
Re-routing systems send requests and responses through a series of proxying servers, encrypting the data again at each proxy, so that a given proxy knows at most either where the data came from or is going to, but not both. This decreases the amount of trust required of the individual proxy hosts.
Below is a list of different Internet censorship circumvention software:
Name |
Type |
Developer |
Cost |
Notes |
---|---|---|---|---|
alkasir[46] | HTTP proxy | Yemeni journalist Walid al-Saqaf | free | Uses 'split-tunneling' to only redirect to proxy servers when blocking is encountered. Is not a general circumvention solution and only allows access to certain blocked websites. In particular it does not allow access to blocked websites that contain pornography, nudity or similar adult content. |
Anonymizer[47] | HTTP proxy | Anonymizer, Inc. | paid | Transparently tunnels traffic through Anonymizer. |
CGIProxy[48] | HTTP proxy | James Marshall | free | Turns a computer into a personal, encrypted proxy server capable of retrieving and displaying web pages to users of the server. CGIProxy is the engine used by many other circumvention systems. |
Flash proxy[49] | HTTP proxy | Stanford University | free | Uses ephemeral browser-based proxy relays to connect to the Tor network. |
Freegate[50] | HTTP proxy | Dynamic Internet Technology, Inc. | free | Uses a range of open proxies to access blocked web sites via DIT's DynaWeb anti-censorship network.
|
Freenet[51] |
peer-to-peer | Ian Clarke | free | A decentralized, distributed data store using contributed bandwidth and storage space of member computers to provide strong anonymity protection. |
I2P[52] (originally Invisible Internet Project) |
re-routing | I2P Project | free | Uses a pseudonymous overlay network to allow anonymous web browsing, chatting, file transfers, amongst other features. |
Java Anon Proxy[53] (also known as JAP or JonDonym) | re-routing (fixed) | Jondos GmbH | free or paid | Uses the underlying anonymity service AN.ON to allow browsing with revocable Universität Regensburg, and the Privacy Commissioner of Schleswig-Holstein .
|
Psiphon[54][55] | CGI proxy | Psiphon, Inc. | free | A simple-to-administer, open-source Internet censorship circumvention system in wide-scale use, with a cloud-based infrastructure serving millions. |
Proxify[56] | HTTP proxy | UpsideOut, Inc. | free or paid | An encrypted, public, web-based circumvention system. Because the site is public, it is blocked in many countries and by most filtering applications. |
StupidCensorship[57] |
HTTP proxy | Peacefire | free | An encrypted, public, web-based circumvention system. Because the site is public, it is blocked in many countries and by most filtering applications. mousematrix.com is a similar site based on the same software. |
Tor[58] |
re-routing (randomized) | The Tor Project | free | Wikinews has related news:
|
Ultrasurf[59] | HTTP proxy | Ultrareach Internet Corporation | free | Anti-censorship product that allows users in countries with heavy internet censorship to protect their internet privacy and security. |
See also
- Anonymous P2P
- Bypassing content-control filters
- Computer surveillance
- Content-control software
- Crypto-anarchism
- Cypherpunk
- Electronic Frontier Foundation – an international non-profit digital rights advocacy and legal organization
- Freedom of information
- Freedom of speech
- Global Internet Freedom Consortium (GIFC) – a consortium of organizations that develop and deploy anti-censorship technologies
- Bypassing the Great Firewall of China
- Internet freedom
- Internet privacy
- Mesh networking
- Open Technology Fund (OTF) – a U.S. Government funded program created in 2012 at Radio Free Asia to support global Internet freedom technologies
- Proxy list
- Tactical Technology Collective – a non-profit foundation promoting the use of free and open source software for non-governmental organizations, and producers of NGO-in-A-Box
References
- ^ "只剩下门缝的VPN何去何从". 新华网. 北京商报. 7 February 2017. Archived from the original on 16 December 2018. Retrieved 16 December 2018.
- ^ "翻墙,突破各类限制的尝试". 南都周刊. 3 July 2009. Archived from the original on 1 June 2010. Retrieved 30 January 2010.
- ^ "貝銳蒲公英X5一分鐘異地組網". 新浪新聞中心. 7 December 2019. Archived from the original on 4 November 2020. Retrieved 21 December 2019.
- ^ a b c d e Callanan, Cormac; Dries-Ziekenheiner, Hein; Escudero-Pascual, Alberto; Guerra, Robert (11 April 2011). "Leaping Over the Firewall: A Review of Censorship Circumvention Tools" (PDF). freedomhouse.org. Archived (PDF) from the original on 3 May 2019. Retrieved 11 December 2018.
- ^ a b c "How to: Circumvent Online Censorship". Surveillance Self-Defense. 5 August 2014. Archived from the original on 23 December 2018. Retrieved 1 November 2018.
- ^ New Technologies Battle and Defeat Internet Censorship Archived 27 October 2011 at the Wayback Machine, Global Internet Freedom Consortium, 20 September 2007
- ^ a b c d e f g h Everyone's Guide to By-passing Internet Censorship Archived 15 September 2011 at the Wayback Machine, The Citizen Lab, University of Toronto, September 2007
- ^ S2CID 1338390.
- ^ a b c "2010 Circumvention Tool Usage Report". Berkman Klein Center. 19 June 2018. Archived from the original on 15 December 2018. Retrieved 15 November 2018.
- ^ a b c Hedencrona, Sebastian (27 September 2012). "China: The Home to Facebook and Twitter?". GlobalWebIndex Blog. Archived from the original on 15 December 2018. Retrieved 13 December 2018.
- ^ a b c Ong, Josh (26 September 2012). "Report: Twitter's Most Active Country Is China (Where It Is Blocked)". The Next Web. Archived from the original on 15 December 2018. Retrieved 11 December 2018.
- ^ a b Marcello Mari. How Facebook's Tor service could encourage a more open web Archived 10 June 2016 at the Wayback Machine. The Guardian. Friday 5 December 2014.
- ISSN 2299-0984.
- ^ S2CID 11637736.
- ISBN 978-92-3-104188-4
- ^ "Circumventing Network Filters Or Internet Censorship Using Simple Methods, VPNs, And Proxies" Archived 14 November 2011 at the Wayback Machine, Not As Cool As It Seems, 16 December 2009, accessed 16 September 2011
- ^ Kalodner, Harry; Carlsten, Miles; Ellenbogen, Paul; Bonneau, Joseph; Narayanan, Arvind. "An empirical study of Namecoin and lessons for decentralized namespace design" (PDF). Princeton University: 1–4.
- ^ "Squaring the Triangle: Secure, Decentralized, Human-Readable Names (Aaron Swartz's Raw Thought)". aaronsw.com. Archived from the original on 5 March 2016. Retrieved 3 May 2020.
- ^ "BitDNS and Generalizing Bitcoin | Satoshi Nakamoto Institute". satoshi.nakamotoinstitute.org. Retrieved 3 May 2020.
- ^ "View web pages cached in Google Search Results – Google Search Help". support.google.com. Archived from the original on 14 December 2018. Retrieved 11 December 2018.
- S2CID 21160524.
- ^ "Docker Registry". Docker Documentation. 12 July 2022. Retrieved 12 July 2022.
- ISSN 1999-5903.
- ^ Kent University: http://www.medianet.kent.edu/surveys/IAD06S-P2PArchitectures-chibuike/P2P%20App.%20Survey%20Paper.htm
- ^ Steven Millward (22 November 2009). "Opera accused of censorship, betrayal by Chinese users". CNet Asia. Archived from the original on 3 November 2013.
- ISSN 2299-0984.
- ^ Bershidsky, Leonid (3 May 2018). "Russian Censor Gets Help From Amazon and Google". Bloomberg L.P. Archived from the original on 18 November 2018. Retrieved 9 November 2018.
- ^ "How to unblock websites in China for web owners | GreatFire Analyzer". en.greatfire.org. Archived from the original on 25 March 2020. Retrieved 6 January 2020.
- ^ "CloudFlare Domain Fronting: an easy way to reach (and hide) a malware C&C". Medium. 11 August 2017. Archived from the original on 19 November 2019. Retrieved 6 January 2020.
- ^ Hoffman, Chris (14 February 2017). "How to Use SSH Tunneling to Access Restricted Servers and Browse Securely". How-To Geek. Archived from the original on 15 December 2018. Retrieved 11 December 2018.
- ^ Bateyko, Dan (February 2022). "Censorship-Circumvention Tools and Pluggable Transports". Georgetown Law Technology Review. Retrieved 2 December 2023.
- S2CID 1199826.
- ^ Tanase, Stefan (9 September 2015). "Satellite Turla: APT Command and Control in the Sky". Kaspersky. Retrieved 17 August 2020.
- ^ Sullivan, Bob (13 April 2006) Military Thumb Drives Expose Larger Problem Archived 6 December 2010 at the Wayback Machine MSNBC Retrieved on 25 January 2007.
- ^ Kwong, Matt (12 April 2016). "When Cubans want internet content, black-market El Paquete delivers". Canadian Broadcasting Corporation. Archived from the original on 8 January 2019. Retrieved 11 December 2018.
- ^ a b Edwards, John (21 March 2014). "From Pac-Man to Bird Droppings, Turkey Protests Twitter Ban". The Wall Street Journal. Archived from the original on 15 December 2018. Retrieved 15 November 2018.
- ^ SSRN 3244046.
- .
- ^ "VPN crackdown a trial by firewall for China's research world". South China Morning Post. Archived from the original on 18 December 2018. Retrieved 15 November 2018.
- from the original on 16 December 2018. Retrieved 11 December 2018.
- from the original on 10 June 2016. Retrieved 13 December 2018.
- ^ Russell, Jon (5 July 2016). "Twitter estimates that it has 10 million users in China". TechCrunch. Archived from the original on 28 January 2019. Retrieved 11 December 2018.
- from the original on 3 December 2023.
- OCLC 773034864.
- ^ Souppouris, Aaron (21 March 2014). "Turkish citizens use Google to fight Twitter ban". The Verge. Archived from the original on 8 January 2019. Retrieved 15 November 2018.
- ^ "About alkasir". alkasir. Archived from the original on 10 September 2011. Retrieved 16 September 2011.
- ^ "Hide IP and Anonymous Web Browsing Software — Anonymizer". anonymizer.com. Archived from the original on 23 September 2011. Retrieved 16 September 2011.
- ^ "CGIProxy", James Marshall, accessed 17 September 2011. Archived 21 September 2011 at the Wayback Machine.
- ^ "Flash proxies", Applied Crypto Group in the Computer Science Department at Stanford University, accessed 21 March 2013. Archived 10 March 2013 at the Wayback Machine.
- ^ "About D.I.T." Dynamic Internet Technology. Archived from the original on 26 September 2011. Retrieved 16 September 2011.
- ^ "What is Freenet?". The Freenet Project. Archived from the original on 16 September 2011. Retrieved 16 September 2011.
- ^ "I2P Anonymous Network", I2P Project, accessed 16 September 2011
- ^ "Revocable Anonymity" Archived 25 September 2011 at the Wayback Machine, Stefan Köpsell, Rolf Wendolsky, Hannes Federrath, in Proc. Emerging Trends in Information and Communication Security: International Conference, Günter Müller (Ed.), ETRICS 2006, Freiburg, Germany, 6–9 June 2006, LNCS 3995, Springer-Verlag, Heidelberg 2006, pp.206-220
- ^ "About Psiphon" Archived 16 March 2016 at the Wayback Machine, Psiphon, Inc., 4 April 2011
- ^ "Psiphon Content Delivery Software" Archived 4 March 2016 at the Wayback Machine, Launchpad, accessed 16 September 2011
- ^ "About Proxify", UpsideOut, Inc., accessed 17 September 2011
- ^ About StupidCensorship.com, Peacefire, accessed 17 September 2011
- ^ "Tor: Overview" Archived 6 June 2015 at the Wayback Machine, The Tor Project, Inc., accessed 16 September 2011
- ^ "About UltraReach" Archived 25 September 2011 at the Wayback Machine, Ultrareach Internet Corp., accessed 16 September 2011
External links
- Casting A Wider Net: Lessons Learned in Delivering BBC Content on the Censored Internet Archived 3 October 2022 at the Wayback Machine, Ronald Deibert, Canada Centre for Global Security Studies and Citizen Lab, Munk School of Global Affairs, University of Toronto, 11 October 2011
- Censorship Wikia, an anti-censorship site that catalogs past and present censored works, using verifiable sources, and a forum to discuss organizing against and circumventing censorship
- "Circumvention Tool Evaluation: 2011", Hal Roberts, Ethan Zuckerman, and John Palfrey, Berkman Centre for Internet & Society, 18 August 2011
- "Circumvention Tool Usage Report: 2010", Hal Roberts, Ethan Zuckerman, Jillian York, Robert Faris, and John Palfrey, Berkman Centre for Internet & Society, 14 October 2010
- Digital Security and Privacy for Human Rights Defenders, by Dmitri Vitaliev, Published by Front Line – The International Foundation for the Protection of Human Rights Defenders
- "Digital Tools to Curb Snooping", The New York Times, 17 July 2013
- "DNS Nameserver Swapping", Methods and Scripts useful for evading censorship through DNS filtering
- How to Bypass Internet Censorship, also known by the titles: Bypassing Internet Censorship or Circumvention Tools, a
- "Leaping over the Firewall: A Review of Censorship Circumvention Tools" Archived 15 September 2011 at the Wayback Machine, by Cormac Callanan (Ireland), Hein Dries-Ziekenheiner (Netherlands), Alberto Escudero-Pascual (Sweden), and Robert Guerra (Canada), Freedom House, April 2011
- "Media Freedom Internet Cookbook" by the OSCE Representative on Freedom of the Media, Vienna, 2004
- "Online Survival Kit", We Fight Censorship project of Reporters Without Borders
- "Selected Papers in Anonymity", Free Haven Project, accessed 16 September 2011