Return to protonvpn.com Facebook   Twitter   Reddit   ProtonMail

How to beat the most common forms of Internet censorship

Posted on August 16th, 2018 by in How-to, Privacy & Security, Security.

 

Censorship goes against two of the founding ideals of the Internet: freedom and openness. Yet closed regimes around the world, such as North Korea, China, and Saudi Arabia, have always worked to limit their citizens’ access to information they have deemed inappropriate.

This behavior has only accelerated on the Internet. In Freedom House’s most recent assessment of Freedom on the Net, 49 of the 65 countries evaluated engage in state censorship of the Internet.

Even more concerning is that private enterprises are also starting to engage in censorship. Now that the net neutrality regulations have been repealed in the United States, major Internet service providers (ISPs) and media companies will be allowed to throttle traffic to their competitors’ sites. And even well-meaning measures to protect users’ personal data have had unintended consequences: in response to the EU’s recent GDPR legislation, several American media companies, including Tronc, which owns the Los Angeles Times and The New York Daily News, have simply denied access to the entire EU rather than invest in compliance.

But while technology provides the tools of Internet censorship, it also provides ways to fight back. We believe in the freedom of information and an open Internet. To help you overcome obstacles to these ideals, we have prepared this guide on how to unblock websites. Internet censorship is usually implemented through one of the following methods. We will briefly explain each of these methods and solutions to bypass them.

Domain Name System (DNS) filtering and redirection

In countries where authorities have control over DNS servers, they can alter or eliminate the registry of a domain hosting illicit content. This makes the site invisible to browsers and causes them to fail to resolve to the correct domain name or to return an incorrect IP address.

Solution: Changing the DNS
You can unblock websites by telling your device to use DNS servers that are not compromised. One way to find a DNS that will resolve the domain name correctly is to use some of the most common and widely supported domain names, such as Google Public DNS, quad9, or cloudflare 1.1.1.1. While using these services means you need to reconfigure your operating systems, both Google Public DNS and Quad9 come with thorough tutorials.

Internet Protocol (IP) address blocking

If a government has control of an ISP, or if an ISP itself wishes to blacklist certain websites, IP address blocking is a fairly simple way of doing it. First, the censor creates a list of the IP addresses of all the websites to be blocked. Then, as browsers request to reach a website, the ISP will check each request against the list. If there is a match the ISP will drop the connection. Any websites that are on the same shared hosting server, and thus sharing the same IP address, will also be blocked. IP address blocking is also the most common way to geo-block content.

Uniform Resource Locator (URL) filtering

When using (URL) filtering, Internet censors can deny access to specific websites based on the information contained in a URL list. Then, anytime someone requests to view a website, the Internet blockers scan the requested URL string for targeted keywords from the list, regardless of the actual domain name typed in the URL.

Solution: Virtual private network (VPN) or the Tor browser
A VPN can bypass URL filtering and IP address blocking. VPNs create an encrypted tunnel between your device and the VPN server. Your Internet activity is then routed through the VPN server and not traceable back to you. Once it is established, a VPN can be used to access websites, instant messengers, email, and any other service available on the Internet. ProtonVPN provides a free unlimited VPN to bypass censorship and you can get it here.

Another option is the open-source software Tor, which is effective against most censorship techniques. The Tor browser routes your Internet connection through the Tor anonymity network. The program encrypts your Internet connection and bounces it through Tor nodes across the globe. The website will only see the IP address of the last Tor server pinged, and not the IP address of your device. Unfortunately, Tor can be slow and cumbersome to work with, but it remains an excellent option for anyone trying to access censored sites and to anonymize their web activity.

Deep packet inspection (DPI)

DPI is an advanced form of censorship used by certain states with strict Internet controls. It works by inspecting the metadata of packets sent between servers to discern the type of traffic that is being transferred. Based on what they find, the authorities can then block, re-route, or log the Internet traffic. This can be effective in blocking encrypted traffic. Sophisticated firewalls using DPI (such as the Great Firewall of China), can even detect VPN or Tor traffic, making it possible to prevent the use of VPN and Tor.

Solution: Tor bridges
There is not always a reliable way to bypass more sophisticated censorship regimes. One solution that can sometimes work is Tor bridges. To work around ISPs blocking Tor’s public network, the Tor Project created “bridges.” A Tor bridge is a Tor relay that is not listed in the main Tor directory. Since they are unknown, it is impossible for an ISP to block their IP address. To mask the TLS cipher lists from DPI, the Tor Project developed pluggable transports (PT). PTs transform the communication between a Tor client and a bridge, making it look like standard traffic to DPI. Obfs4 is currently the most effective transport to run with a bridge to bypass internet blockers. Using a bridge requires some configuration of the Tor browser and locating a bridge. The Tor Project can help you find bridges and help you configure your browser here. Bridges make Tor even more complicated to set up and even slower to run but together they are sometimes the only way to evade Internet censorship.

For most Internet users, a trustworthy VPN service will be a good way to bypass online censorship. Simpler to set up and faster than the Tor browser, while also being more robust than simply changing your DNS, VPNs are powerful tools. This is why we provide ProtonVPN as a free VPN service, to ensure that dissidents and activists can still reach ProtonMail and other Internet services even when governments are attempting to block them.

ProtonVPN is based in Switzerland, home of some of the strongest data protection legislation in the world. By default, ProtonVPN also protects your DNS queries, preventing any possible DNS leakage from disclosing your browsing activities. As an added layer of security, ProtonVPN also provides VPN servers with enhanced security via our Secure Core architecture, which routes your traffic through several countries with strong data protection laws, making it harder to intercept your traffic. For privacy reasons, ProtonVPN is also a no-logs VPN service, meaning we don’t keep any logs of your browsing activity.

Tools like ProtonVPN and Tor play an important role in keeping the Internet free and open and help you stay one step ahead of those that would deny you access to information. As the poet Yevgeny Yevtushenko said, “When truth is replaced by silence, the silence is a lie.” We hope you use these tools to fight through the silence and find the truth.

Best Regards,
The ProtonVPN Team

You can follow us on social media to stay up to date on the latest ProtonVPN releases:

Twitter Facebook | Reddit

To get a free ProtonMail encrypted email account, visit: protonmail.com

Post Comment

1 comments

  1. MeH

    Keep up the good work 😉

Leave a Reply

Your email address will not be published. Required fields are marked *

Knowledge base

 

Secure Your Internet Today

Get ProtonVPN