Jon Thompson shows how web surfers living in repressive regimes break into the free world.
In a speech at Stanford University in February 2008 Bill Gates said he wasn’t worried about online censorship: “I don’t see any risk in the world at large that someone will restrict free content flow on the internet,” he said. He was wrong.
While the world debates the need for legislation to stop the downloading of illicit copies of commercial digital products, governments are increasingly using censorship as a reason to ‘protect’ us from what they consider undesirable. In some countries, that protection extends to the suppression of basic human rights and news about atrocities.
Even in Australia, the chances of accidentally stumbling upon paedophilic images online are very remote. They’re so illegal that they’re kept hidden away behind paywalls. Politicians, however, still insist there’s a real chance of bumping into such material, and use it as a reason to censor the internet. We’re sensible, law-abiding citizens; given we won’t seek out illicit material, we deserve an uncensored internet. So, how do people bypass online state censorship?
The main problem with online censorship is that it’s a very imprecise art and is usually done on the back of moral panics, or on the whim of unaccountable individuals. In some cases, censorship is done to look good in front of voters rather than to solve real problems. The issues are also technological. Unless you know where all the holes are in your censorship scheme, and have the resources to do so, you can never hope to plug them all.
Sites may be blocked by the state for a number of reasons. Sometimes, however, those reasons seem arbitrary, or have more to do with the moral compasses of the people making the censorship decisions, rather than any real threat to society. In some countries, internet censorship is ordered by special state agencies and carried out by individual ISPs. In others, the police simply decide what is to be blocked.
In China, for example, the list of banned web sites is circulated to ISPs, who are expected to implement it without question. This list changes almost weekly, as the political climate changes. China also employs a large army of internet enforcement officers whose job it is to monitor forums, blogs and web sites and report on what they find. Without question, if the state doesn’t like it, no one in China will see it. Search for the Tiananmen Square massacre of 1989 in China, for example, and you’ll find only tourist information, or maybe a warning not to search for such things.
In Finland, unaccountable members of the police decide what is to be banned. In the fight against ‘child pornography’ they’ve banned a disproportionate number of web sites, including some in favour of same-sex marriage and even those critical of the bans. In Saudi Arabia, censorship extends to online clothing catalogues showing swimsuits. This tells us more about the attitudes and proclivities of the people doing the censoring than the people they’re trying to ‘protect’.
Ad hoc bypass
Some internet censorship systems can be bypassed in an ad hoc fashion. This can be done when such systems simply check the URL you want to access against a banned list. When this is the case, if the URL can be made to seem different, the system can be defeated.
The first thing to try is shortening the URL. You can easily shorten a URL using a service such as tinyurl.com. If the filtering product keeping you away from a domain knows this trick, it expands the domain name, checks it against the banned list and blocks it accordingly. It’s time to up the ante by using the raw IP address in the browser’s URL bar. The ping command (from the command line: ‘ping <domain name>’) will request and display the IP address of a domain from the local DNS server. However, some filtering systems weed ping traffic out for this reason. If we can’t use the ping command, how do we get at it?
The solution is to use one of the many free online domain IP address lookup services. Unless all these services are also blocked, this should work, thereby also hinting at the problems of trying to censor something as complex and interconnected as the internet.
One lookup service is the aptly named IP-Lookup. Simply enter the name of the domain you want to reach without the ‘http://’ preamble, and press ‘enter’. The IP address appears, but the site also attempts to contact the domain itself and produces a thumbnail of the web page to show that the IP address is good.
Copy the IP address into your browser and press ‘enter’ to attempt to bypass censorship. But what if the IP address of the target domain is also blocked? This is where we need to think like hackers and become a little indirect.
When you use Google Search, many of the results are based on cached versions of the web pages, rather than the live pages. This is useful for getting around web censorship measures, because along with the title of the pages in most Google Search result lines there’s a ‘cached’ link. Click this and you can read a version of the page stored and accessed from Google’s cache server farm.
However, as new features are added and old ones tweaked, the user interface to Google changes frequently. In some browsers the cached links are not available due to cookie issues. There is a way around this, however. Search for the web site you want, then copy the URL from the search results back into the search input box. Add ‘cache:’ at the start and press ‘Enter’ to read the Google cache version of the page. For example, to read the front page of APC mag, enter ‘cache:http://apcmag.com’.
This technique is great for individual pages, but if you click on any content in the cached version, Google will attempt to load the real thing. You have to load each page by hand. If you want more freedom to surf, you’ll need to use a public online proxy.
A proxy is like a fulcrum on a lever. You move one end of the lever so that the other end points to wherever you want it, and all the action pivots around the fulcrum. Similarly, a proxy server acts as a focal point, relaying your requests for web pages to the sites you want to surf and collecting the results to pass back to your browser. Any web censorship software in place only sees your web connection to the proxy server, not to the sites you request.
Using a public proxy means people will only see your connection to the proxy, not banned sites.
Plenty of free public proxy servers exist that will act as such a fulcrum. A searchable list is maintained here: tinyurl.com/d342vy. This list refreshes itself in real time and lists the country, IP address and relevant port, and the speed of proxy servers. If you sort the list by response time and click ‘Update Results’ you can find a good fast server with plenty of throughput. Note down the IP address and port number.
Configuring your browser to channel your surfing activity through a public proxy is easy. In Internet Explorer 9, click ‘Tools > Internet Options’. In the window that pops up, click the ‘Connections’ tab and click the ‘LAN Settings’ button at the bottom of the window. A sub-window appears. Click the ‘Use a proxy server for your LAN’. This enables the input boxes for the IP address and port details you noted down earlier. Enter these, tick the ‘Bypass proxy for local addresses’ box, then click ‘OK’. Click ‘OK’ on the mother window and try surfing to a site.
In Firefox 12, click the orange Firefox button at the top left of the browser window and click ‘Options’. In the resultant window, click ‘Advanced’ and click the ‘Network’ sub-tab. Finally, click ‘Settings’. A sub-window appears. Select ‘Manual proxy configuration’ and the input boxes become enabled. Enter the IP address and port of the proxy server. In the box marked ‘No proxy for’ enter the network number of your local network in the form ‘192.168.1.0/24’. That fourth number is always zero, but substitute the local subnet for the first three numbers if they’re different. Click ‘OK’ to finish and ‘OK’ on the parent window. The response from any web sites you now surf to will seem to be slower and the connections can be flaky. But using a proxy is the go to method of bypassing censorship for millions of people living under regimes who control information.
Activists have developed esoteric uses for common web services in the search for information about the world. One such service is the translation services offered by Google, Babel Fish. The idea is to translate a target web page from English into another language and back again. As this is done, the translation engine fetches the page itself; you never have to surf to it directly. The quality of statistical translation is now so good that in many circumstances the nuances of language survive this process. Be prepared for a few hilarious mistranslations, however.
If you just want information rather than direct access to web pages, RSS may be the solution. Not all sites carry an RSS feed, but if the filtering system blocking access only deals with web traffic (HTTP and possibly HTTPS), installing an RSS reader might work.
One such RSS reader is FeedDemon. You can download and install it by accepting the default settings. When it runs the first time, it will set up default feeds and begin populating them. If you see the number of feeds to be read increasing in the left hand pane, then RSS traffic is not being blocked and you can happily read away. Another way of dodging censorship is provided by Web2Mail. If a URL is banned, send an email to www@web2mail with the URL of the web page you want to access. The service should email you back the web page so you can read it in your email client. So, there are ways around even the most repressive regime’s online censorship efforts. The problem for governments is the web developed organically, without any central plan. This makes it very difficult to censor without the world agreeing to it. So information will always get out. How long that continues is up to us.
Swap DNS provider
One way the internet can be censored is via DNS filtering. This involves knocking out entries in DNS so domain names won’t resolve into IP addresses. No DNS entry, no web content. If your ISP filters DNS entries, you don’t get a choice of whether or not you see a site. Luckily however you can choose who provides your DNS services.
Adapting Windows 7 so it uses an alternative DNS server is a censor dodger that's just a few clicks away.
When you boot your broadband router, part of the information returned from the ISP is the address of their DNS servers. When you boot a computer on your network, the DHCP software in your router supplies this address to the booting machine. You can simply tell the router and computer to use a different server, and there are plenty to choose from – all free.
While the exact details of adding such a static DNS server to your router will entail reading the manual, changing Windows is simple. On the Start menu, enter the word ‘network’ and select ‘Network Sharing Centre’. In the sharing centre, click ‘Change Adapter Settings’ and then the icon for the local area network. Click ‘Properties’, then double click ‘Internet Protocol Version 4’. In the next window, click ‘Use the following DNS server addresses’ and enter the primary and secondary addresses of your preferred DNS service. There are many free, public DNS services. Google provides one using addresses 220.127.116.11 and 18.104.22.168. Another popular one is OpenDNS (addresses: 22.214.171.124 and 208.67. 220.220).
Ultrasurf is a piece of software designed for use in repressive regimes to circumvent web filtering measures. The makers claim that every time there’s a major crackdown or world event, its use leaps.
The idea behind Ultrasurf is that it connects your computer to a proxy not covered by censorship, which in turn allows you to surf in encrypted secrecy. You can download Ultrasurf from www.ultrasurf.us. There’s no need to install the package. Just copy the executable from the zip archive and click it to run. You can copy it to a USB and take it with you.
Ultrasurf will open IE by default, but we can change that. The user interface is simple and shows the performance of the server to which you’re connected. Click the ‘Option’ button and a sub-window opens. To disable automatically starting IE, deselect ‘Start IE automatically’. Restart Ultrasurf for this to work.
If you need to connect to the Ultrasurf servers via a proxy server, click ‘Proxy Settings’ then enter the IP address and port number. Click ‘OK’ and finally dismiss the Options window. As long as you run Ultrasurf before starting your web browser, all traffic should now be tunnelled securely through the Ultrasurf servers instead. You can also hide the fact you’re using Ultrasurf by selecting the options to hide the Ultrasurf interface window and the lock logo in the taskbar. To show the interface once Ultrasurf is running, press Ctrl+Alt+S.