No 39, September - October 2008 DIGITAL SECURITY FOR ACTIVISTS
Bypassing Internet censorship & publishing anonymously on the Web Wojtek Bogusz, digital security consultant, Front Line & Dimitri Vitaliev, co-author, Security Edition of NGO in a Box
Many countries censor and filter certain websites to prevent their citizens from viewing online information. Websites can be blocked both by their name and by the IP address of the web server on which the site resides. Some countries and corporations have also begun blocking certain keywords, either in the user's search request or in the content of a web page. However, it is possible to circumvent these blocks by going through intermediary computers, often called proxy servers, and by using anonymity networks like TOR.
This is the sixth article in a CSW Monthly Bulletin series [1] highlighting practical ways you can increase your digital security and privacy. The first five articles have discussed protecting your computer and your private information from malware, viruses, intruders and physical damage; guarding against information loss from your computer, disk or mobile phone; effectively removing information from the computer in the way that nobody be able to recover it; and increase the security of your Internet communications: email, instant messages and voice communication. The articles are based on the updated second version of the Security Edition of NGO in a Box [2], currently under development.
6.1 Introduction
Reports from the organisations such as Open Net Initiative (http://map.opennet.net) and Reporters Without Borders (www.rsf.org) indicate that many countries have implemented censorship on websites displaying content of social, political, national security or proxy information (ways to bypass the censorship restrictions). The number of countries using such censorship has increased dramatically in the past few years and this worrying trend seems bound to continue. Free access to information (guaranteed by Article 19 of the Universal Declaration of Human Rights - www.un.org/Overview/rights.html) has proven to be a thorn in the sides of governments wishing to control and suppress public opinion in their countries. But as censorship technologies reach ever farther, so do the ways to get around them, continually being developed by civil groups and activists.
6.2 How Internet censorship works
Before we discover how to bypass Internet censorship, we need to have a basic understanding of how the Internet functions. You purchase a connection to the Internet from a local Internet Service Provider (ISP). They in turn purchase their access from the national ISP which rents the international connections. Your computer (and therefore connection) is identified to the ISP and the Internet with an Internet Protocol (IP) address. It uniquely identifies your current session on the Internet and is used by websites to send you back information you requested, as well as by surveillance agencies and censors in watching and preventing your online activities. Every computer (and every web server) on the Internet has an IP address.
6.2.1 Blocking websites
It is rather simple for someone who controls Internet access to block websites. Blocking can be performed on an individual computer, at the local ISP or at the national ISP level. A list of banned sites can be applied at the ISP's gateway (a server handling Internet connections). This blacklist determines which sites are not accessible to the computers connecting through the gateway. Websites are blocked by either banning their name (e.g. news.bbc.co.uk) or the IP number of the server they are on (e.g. 212.58.226.29). The user will receive a pre-defined error message, making it seem like the address does not exist or has been misspelled. In other cases, users may be told specifically that their request is not allowed for a particular reason. Some countries also wish to censor certain keywords from being used on the Internet. Should you enter a banned keyword into a search engine, you may get no results back or the page just will not load. Although keyword filtering requires many more resources to implement, it has been implemented in several countries around the world.
6.3 Circumventing censorship
If you cannot go directly to a website because it is on your ISP's blacklist, you need to find another way around. Instead, you can use a proxy computer outside of the censored zone to fetch the banned website. From the ISP's point of view, it appears that you are contacting another computer somewhere on the Internet (the proxy) and this is allowed. After choosing a proxy server, you can then point your web browser to its IP and surf the Internet, including opening banned sites.
6.3.1 Proxy Servers
There are many different types of proxy servers. You can define a proxy server by three independent factors:
What can it proxy? The most popular and easiest to use type of proxy is a web proxy (called also proxy web server or CGI proxy). A web proxy is a website that allows the user to specify and directly access the address of another web page. Web proxies work well for browsing web pages and do not require any setup by the user. Other proxy types allow communication to additional programmes apart from a web browser, such as email clients (like Thunderbird), instant messages (like Pidgin), voice chat (like Skype), file transfer (FTP programs) and others. They are called SOCKS, VPN (Virtual Private Network), PPTP (Point-to-Point Tunnelling Protocol), etc. They require some setup on your computer to work.
Is it public or private? Public proxies are servers that accept a connection from anyone. Its difficult, however, to guarantee that they will function well, or to determine the motives of the person setting up the proxy. You can easily find them by searching for 'public proxy' or similar keywords. A private proxy is usually set up for a defined group of people, and most expect you to identify yourself (login) with a username and password.
Is it anonymous? Some proxies, called anonymous proxies or anonymizers, have two purposes: in addition to hiding your real destination from the ISP in your country they also hide your origin (anonymize you) from the website you are visiting. For any proxy to fulfil the first purpose the connection between you and the proxy server must be encrypted. Note: not all proxies are anonymous!
It is important to consider whether you trust the people who are running the proxy, as they will know both your computer location (IP number) and the information you read and post to internet. The best choice for a proxy is a private, anonymous proxy run by people you trust have the proper technical skills to protect the proxy server from intruders (see psiphon below). Or you should consider using an anonymity network, like TOR (see below).
You can always check if the proxy you are using is anonimising your connection from the website you are accessing by testing it on websites like www.tools-on.net/privacy.shtml (select 'Go' in the first section of the page) or www.samair.ru/proxy/proxychecker
For better anonymity use Mozilla Firefox browser [3], improve its settings [4] and use NoScript extension [5].
Psiphon: It is possible to easily install web private anonymous proxy servers on home computers. The proxy server can be set up by a friend living in a country that does not censor the Internet. Connection details to the proxy can then be passed to a small group of friends/contacts living in censored countries. Its particular forte has been the simplicity of set up and its compatibility with Windows, as well as its ability to withstand detection from surveillance and blacklist blocking. Please see the 'Become a circumvention provider' section below.
Circumventor : The PeaceFire group (www.peacefire.org) has been running a service for people who live in information censored countries, called Circumventor. They have a list of over 100 registered web anonymous public proxies, with a new one being created every couple of weeks. You can sign up to receive updates on all new anonymizers at their website. Circumventor's main ambition is to allow people to bypass Internet censorship in their country, sometimes even without hiding their IP address from the website they are visiting or from the local ISP.
8.3.2 Anonymity Networks
A more sophisticated approach to bypassing Internet censorship would be to use an anonymity network. Browsing the Internet through such a network would disguise your true destination and origin from any computer or website that you visit and will probably make any filtering in your country ineffective.
TOR (http://tor.eff.org/) relies on a large network of servers, provided by volunteers around the world. When you join this network, you create a random path (circuit) passing through three or more TOR servers, ensuring that no single server can trace your final and original destination. When you are using TOR, the ISP or the surveillance agencies do not know what websites you are viewing and hence cannot prevent you from accessing them. The website that receives your query does not know where this query originated.
Bear in mind that TOR provides you with the means for circumventing a website block and with anonimizing the connection. But TOR does not secure the privacy of your communications between the TOR network and a destination server. Thus even if you use TOR always make sure that the connection between your browser and web server is encrypted (a https connection).
FreeNet (www.freenetproject.org/whatis.html) is a decentralised, separate network created between computers using freenet. This network is completely anonymous and secure. If you run freenet on your computer you can connect to this network, read information that was published in freenet, publish your own information in it, exchange emails, chat, etc. Note that freenet is a separate network from the internet. Freenet is only submerged in the Internet. You can easily use freenet if you cooperate with a group of people and all of you decide to use it. But there is no connection between freenet and rest of the Internet.
JAP (http://anon.inf.tu-dresden.de/index_en.html) makes it possible to surf the Internet anonymously. Instead of connecting directly to a web server, users take a detour, connecting with encryption through several intermediaries, so-called Mixes. JAP offers users a sequence of linked mixes (called a Mix Cascade). Users can choose between different mix cascades.
8.4 Become a circumvention provider
If you have a friend in a country where the Internet is not censored, you could ask him/her to install a proxy server on his/her computer for you to use. The CitizensLab research centre in Toronto, Canada has made this process quite simple and secure. They released a programme called Psiphon (http://psiphon.civisec.org/). It allows anyone with a good Internet connection and the Windows operating system to install a web private anonymous proxy on their computer. Your friend can install Psiphon and provide you with his/her computer's IP number and password for accessing the proxy. Since this system is based on closed trust networks (e.g. you and your friend), it is quite difficult for the surveillance agencies to detect and block.
Also, the TOR anonymous network project makes it relatively easy for people in countries with free access to Internet to offer their colleagues (or others) a secure and dedicated access to the TOR network. If you know people that would be willing to offer you this type of service, you should ask them to read the following documents in order to install a TOR replay server or TOR bridge: https://www.torproject.org/docs/tor-doc-relay.html.en and https://www.torproject.org/bridges.html#RunningABridge
8.5 Further Reading & References
This topic has received a lot of attention in the last few years. Several publications are widely distributed on the Internet that explore different possibilities for bypassing Internet censorship:
Digital Security and Privacy Manual for Human Rights Defenders (www.frontlinedefenders.org/manual/en/esecman), Chapter 2.5 Surveillance and Monitoring, and Chapter 2.6 Circumvention of Internet censorship and filtering
Global Voices Online has published a useful guide for Anonymous Blogging with Wordpress and TOR - http://advocacy.globalvoicesonline.org/tools/guide
Reporters Without Borders released a Handbook for Bloggers and Cyberdissidents available in many languages - http://www.rsf.org/rubrique.php3?id_rubrique=542
The CitizensLab has produced the Everyone's Guide to By-passing Internet Censorship available in many languages - http://www.civisec.org/guides-print.html
An extensive and thorough guide has been written by Freerk on how to bypass Internet censorship and it is available in many languages - www.zensur.freerk.com
[1] See other articles published in Digital Security and Privacy for Activists series:
http://www.civicus.org/csw_files/DIGITAL_SECURITY_No37.htm http://www.civicus.org/csw_files/DIGITAL_SECURITY_No37_Russian.htm
[2] "Security Edition of NGO in a Box" (see: security.ngoinabox.org) is a project of Front Line (www.frontlinedefenders.org) and Tactical Tech (www.tacticaltech.org) It is a toolkit of peer-reviewed free and open-source software, materials and guides to provide digital security and privacy. Its aim is to simplify this complicated area and reduce the overwhelming choices often faced by people when trying to find solutions to their problems. Recommended software is reviewed, explained and accompanied by installation and user guides in multiple languages. Each tool is accompanied with clear explanations and tips written for the non-technical user. The whole toolkit is available online on the Front Line website. The toolkit is also available on a CD. The toolkit is currently available in French, Spanish, Arabic, Russian and English.
[3] Firefox web browser excellent replacement of Internet Explorer: www.mozilla.com/firefox
[4] Secure your browser (IE, Firefox, Safari) (www.cert.org/tech_tips/securing_browser); Improve the safety of your browsing and e-mail activities (www.microsoft.com/protect/computer/advanced/browsing.mspx); How To Secure Your Web Browser (www.secureflorida.org/howto/secure_your_web_browser).
[5] NoScript is a Firefox add-on (extencion) that allows active content to run only from sites you trust, protecting you from the attacks by malicious web pages. www.noscript.net
About the authors:
Wojtek Bogusz is a digital security and information systems consultant and trainer working with Front Line Dublin based International Foundation for the Protection of Human Rights Defenders. He is also co-editor and manager of the Secure Edition of NGO in a Box project.
Dimitri Vitaliev is a consultant on issues of electronic security and privacy for human rights activists around the world. He is the author of the 'Digital Security and Privacy for Human Rights Defenders' manual, co-editor of the NGO in a Box - Security edition project and is often on the road, providing training and advice on security policies and strategy.
You can contact both of the authors through the group email of Security Edition of NGO in a Box project: security (AT) ngoinabox (DOT) org
|