MarketInternet censorship circumvention
Company Profile

Internet censorship circumvention

Internet censorship circumvention is the use of various methods and tools by technically skilled users to bypass Internet censorship—the legal control or suppression of access to, publication of, or viewing of content on the Internet. Commonly used software tools include Lantern and Psiphon, which can bypass multiple types of restrictions. Some methods evade less sophisticated blocking tools by using alternate Domain Name System (DNS) servers, false IP addresses, or address lookup systems. However, such methods become ineffective if censors block not only the DNS but also the IP addresses of restricted domains, thereby rendering a potential bypass ineffective. Other tools can tunnel the network traffic to proxy servers in jurisdictions that don't have censorship. Through pluggable transports, traffic obscuration, website mirrors, or archive sites, users can access copies of websites even in areas with Internet censorship.

Circumvention methods
Major circumvention methods include alternate names and addresses; mirrors, caches, and copies; alternative platforms; proxying; and traffic obfuscation. Alternate names and addresses Censorship filters may block specific domain names, using either DNS hijacking or URL filtering. Websites can sometimes be accessed through alternate names and addresses that may not be blocked. Some websites offer the same content across multiple pages or domains. For example, the English Wikipedia is available at two locations: the main page and the mobile version. If a website's DNS resolution is disrupted, but the site is not otherwise blocked, it may be possible to access the site directly by its IP address or by modifying a computer's hosts file. It may be possible to bypass DNS-based blocking by using alternative DNS servers or public recursive name servers (especially via an encrypted DNS client). For example, the following URLs all access the same site, but only some browsers will recognize all forms of the URL: • http://192.0.33.8/ (dotted decimal) • http://3221233928/ (decimal) • http://0300.0000.0041.0010/ (dotted octal) • http://0xc0002108/ (hexadecimal) • http://0xc0.0x00.0x21.0x08/ (dotted hexadecimal) The Blockchain project Namecoin is an attempt to decentralize Internet namespaces beyond the control of any single entity. Decentralized namespaces enable domains to resist censorship. Discussion of the project began in 2010 with a desire to achieve names that are decentralized, secure, and human-readable. Mirrors, caches, and copies Certain online services allow users to access content that is blocked on the Internet through cached or mirrored copies: • Cached pages: Some search engines retain copies of previously indexed webpages, or cached pages, which are often hosted by search engines; these may not be blocked. • RSS aggregators: RSS aggregators such as Feedly may be able to receive and then forward RSS feeds that are blocked if accessed directly. Alternative platforms Alternative types of Internet hosting platform can provide options for circumventing Internet censorship. Such alternatives include decentralized hosting, anonymity networks, federated platforms, providers with different policies, and darknets: • Decentralized hosting: Content creators may publish to an alternative platform that is willing to host this content. Napster was the earliest peer-to-peer (P2P) platform, but it was closed because of vulnerabilities with centralized bootstrapping. Gnutella was the first sustainable P2P platform that featured hosting by decentralization. The motto of the Freenet P2P platform is that "true freedom requires true anonymity." Later, the BitTorrent P2P protocol was developed to allocate resources with high performance and fairness. ZeroNet P2P web hosting was the first distributed hash table (DHT) system to support dynamic and updatable webpages. The YaCy P2P search engine is the leading distributed search. GNUnet is rebuilding the internet framework from the ground up for resilience technologically idealized. • Anonymity networks: The Tor and Invisible Internet Project (I2P) networks result in increased willingness to host content that would otherwise be censored. However, hosting implementation and server location may cause challenges, and the content is still hosted by a single entity that can be controlled. • • Federated: Semi-decentralized, federated platforms such as Nextcloud and PeerTube make it easier for users to find an instance where they are welcome. • Providers with different policies: Some platforms that rely on cloud computing may have laxer terms of service (TOS). However, cloud computing does not, in principle, innovate fundamental laxness. Proxying A variety of techniques support a user in leveraging technical proxies to circumvent Internet censorship: • Web proxy server: A Web proxy server (or web proxy) allows users to load external web pages through a server that makes and receives requests on behalf of the user, rather than directly from the blocked original server (or source). • Domain fronting: Domain fronting hides the destination of a network connection by passing initial requests through a content delivery network or other popular site that censors may be unwilling to block. This technique was used by messaging applications such as Signal and Telegram. Similarly, Tor's meek system uses Microsoft's Azure cloud. However, large cloud providers such as Amazon Web Services and Google Cloud no longer support meek. As another option, a website owner can create a free account to use a Cloudflare domain for fronting. • Tunneling protocol: By employing a tunneling protocol such as Secure Shell (SSH), a user can forward all of their traffic over an encrypted channel; as a result, both outgoing requests to blocked sites and incoming responses from those sites are hidden from censors, for whom it appears as unreadable SSH traffic. • Virtual private network (VPN): Through a virtual private network (VPN), a user can create secure connections to more permissive countries, letting users browse as if they were located in one of those countries. Traffic obfuscation A censor may be able to detect and block the use of circumvention tools through deep packet inspection. Ongoing work aims to make circumvention tools less detectable in several ways: randomizing the traffic; attempting to mimic a whitelisted protocol; or tunneling traffic through a whitelisted site by using domain fronting or Tor's meek system. ==Internet alternatives==
Internet alternatives
Functionality desired by users may overlap with that of services that are not based on the Internet, such as postal mail, Bluetooth-based data exchange, or walkie-talkie devices. The following are some detailed examples: • Alternative data transport: Datacasting allows transmission of Web pages and other information via satellite broadcast channels, bypassing the Internet entirely. This process requires a satellite dish and suitable receiver hardware, but it provides a powerful means of avoiding censorship. Because the user only receives data through this process but transmits no data, a suitably air-gapped computer can be impossible to detect. • Sneakernets: A sneakernet is the transfer of electronic information, especially computer files, by physically carrying data on storage media from one place to another. A sneakernet can move data regardless of network restrictions, simply by avoiding the network entirely. One example of a widely adopted sneakernet is El Paquete Semanal, an underground content market in Cuba. ==Adoption of tools==
Adoption of tools
Circumvention tools have undergone spikes in adoption rates in response to high-profile attempts to block the Internet. Nevertheless, mixed results have been reported by studies that measure the adoption of circumvention tools in countries with persistent and widespread censorship. Knowledge of and comfort with using censorship circumvention tools varies widely and depends on factors such as the local censorship environment, public awareness of circumvention alternatives, language accessibility, usability, and legal risks. Such tools can include VPNs, international SIM cards, Short Message Service (SMS), Bluetooth-based communication apps, and mesh networking applications. In some contexts, individuals may be aware of circumvention tools but reluctant to use them due to the risk of severe legal penalties. Facebook's advertising platform estimates 1 million users in China, Other studies have found that efforts to block circumvention tools in China have reduced adoption of those tools; the Tor network previously had more than 30,000 users connecting from China, but as of 2014, the network had only about 3,000 Chinese users. A 2013 study of 1,175 Chinese Internet users found that participants primarily circumvented censorship to access search engines, social media platforms, and blocked news sources. The study reported that users tended to rely on services that were easy to use and economically costly for authorities to block. For example, the most widely used tool operated through Google’s cloud hosting infrastructure, which also supported a range of other services. A smaller subset of users, consisting mainly of journalists and activists, cited privacy as their primary motivation for using a tool. In Thailand, Internet censorship has occurred since 2002, through sporadic and inconsistent filtering. In a small-scale survey of 229 Thai Internet users, a research group at the University of Washington found that 63% of surveyed users attempted to use circumvention tools, and 90% were successful in using those tools. Users often made on-the-spot decisions about the use of circumvention tools on the basis of limited or unreliable information; these users had a variety of perceived threats, some more abstract and others based on personal experience. In response to blocking events In response to the blocking of Twitter in Turkey during 2014, information about alternate DNS servers was widely shared, since using another DNS server (such as Google Public DNS) allowed users to access Twitter. The day after the block was imposed, the total number of posts made in Turkey had increased by 138%, according to Brandwatch, an Internet measurement firm. After the ban on the Telegram messaging app in Iran during April 2018, web searches for VPN and other circumvention software increased by as much as 48 times for some search terms, but there was evidence that users were downloading unsafe software. As many as a third of Iranian Internet users used the Psiphon tool in the days immediately following the block; in June 2018, as many as 3.5 million Iranian users continued to use the tool. ==Anonymity, risks, and trust==
Anonymity, risks, and trust
Systems for circumvention and anonymity are different. Circumvention systems are designed to bypass Internet blocking, but they do not usually protect user identities. Anonymous systems protect a user's identity, but while they can contribute to censorship circumvention, this is not their primary function. Public proxy sites do not provide anonymity, since they can view and record the location of computers making requests, in addition to the websites accessed. In many jurisdictions, accessing blocked content is a serious crime, particularly for content that is considered to be child pornography, a threat to national security, or an incitement to violence. For this reason, it is important to understand circumvention technologies—and the protections that they do (or do not) provide—and to use only tools that are appropriate in a particular context. Significant care must be taken to install, configure, and use circumvention tools properly. People associated with dissident, protest, or reform groups, or high-profile rights organizations, should take extra precautions to protect their online identities. Circumvention sites and tools should be provided and operated by trusted third parties, located outside the censoring jurisdiction, who do not collect identities and other personal information. Trusted family and friends known personally by the circumventor are best; but when family and friends are unavailable, sites and tools provided by individuals or organizations that are known only by their reputations, or through recommendations and endorsements by other people, may need to be used. Commercial circumvention services may provide anonymity during Internet surfing, but these services could be legally compelled to make their records and users' personal information available to law enforcement authorities. ==Software==
Software
There are five general types of software for circumventing Internet censorship: • CGI proxies: A Common Gateway Interface (CGI) proxy server uses a script running on a web server to provide proxying functionality. A CGI proxy client (typically the user's computer) sends a requested web address or URL, embedded within the data of HTTP protocol requests, to the CGI proxy server. The CGI proxy server sends its own HTTP request to the ultimate destination server, and then the proxy server returns the result to the proxy client. A CGI proxy tool's security can be trusted to the extent that the operator of the proxy server is trustworthy. CGI proxy tools do not require a user to manually configure a web browser or install client software, but they do require the user to use an alternative, potentially confusing user interface within the existing web browser. • HTTP proxies: HTTP proxies send HTTP requests through an intermediate proxying server. When a client (typically the user's computer) is connecting through an HTTP proxy, this client sends exactly the same HTTP request to the proxy as it would send to the destination server if unproxied. The HTTP proxy parses the HTTP request; this proxy sends its own HTTP request to the ultimate destination server; and then the proxy server returns the response back to the proxy client. An HTTP proxy tool's security can be trusted to the extent that the operator of the proxy server is trustworthy. To employ an HTTP proxy tool, a user must either manually configure the web browser or install client-side software that performs this configuration. Once configured, an HTTP proxy tool allows the user to transparently use their browser's normal user interface. • Application proxies: Application proxies are similar to HTTP proxies but support a wider range of online applications. • Peer-to-peer systems: Peer-to-peer systems store content across a number of participating volunteer servers; this storage is combined with techniques such as rerouting, to reduce the level of reliance placed on volunteer servers or social networks to establish trust relationships between servers and clients. A peer-to-peer system can be trusted to the extent that the operators of participating servers are trustworthy, or that its architecture limits the information available to any single server—provided that server operators do not collude to combine their knowledge. • Rerouting systems: Rerouting systems send requests and responses through a series of proxying servers, re-encrypting the data at each proxy, so that a given proxy knows at most either the source or the destination of the data, but not both. This approach decreases the amount of trust required of the individual proxy hosts. Below is a list of software for circumventing Internet censorship: ==See also==
Source: Wikipedia ↗
tickerdossier.comtickerdossier.substack.com