Circumventing censorship

Increasingly, states have adopted wide-scale internet blocking as a technical resource for extending their practice of information control into the online world. The answer has been the development of circumvention tools for

  • Seeking, reading and disseminating unauthorised content

  • Creating unauthorised content

  • Distributing unauthorised content

  • Leaking confidential or otherwise privileged information

Internet malware can be developed and installed by governments to attack, monitor, or disrupt dissident computer systems and communication. Malware specifically targeted at a regional, racial, or language group is very difficult to intercept and identify by any anti-malware products available today and I wouldn’t put it past regimes to try to create a range of fake circumvention tools under established names.

One might also expect government authorities to profile users of circumvention tools. When circumventing censorship, it is important to do this while anonymised and protected. The resources and continuous effort required to constantly evade blocking activities while remaining anonymous is not to be underestimated, and requires careful planning and implementation.

Which tools to use?

Just a getting started … As with anonymising traffic, it depends on where you are, what the state adversary makes available in terms of resources and what the consequences of discovery in your country may be.

Method Description DPI Cost for censor Circumvention
IP blocking A certain IP address is denied No Low Find proxies that have access
DNS filtering and redirection DNS doesn't resolve domain names or returns incorrect IP addresses No Low Find a domain name server that resolves domain names correctly or bypass DNS if the IP address is obtainable from other sources and is not blocked. (Modify hosts file or type the IP address instead of the domain name)
URL filtering Permits or denies access to specific websites based on information contained in an URL list Yes Medium Use escaped characters in the URL, or use encrypted protocols such as VPN and Tor
Packet filtering TCP packet transmissions are terminated when a certain number of controversial keywords are detected Yes Low Use encryption, such as VPN and Tor
Man-in-the-middle attack A root certificate is replaced with a self-signed certificate in the state by its agencies Low Websites implementing HSTS
TCP connection reset If a previous TCP connection is blocked by the filter, future connection attempts from both sides will also be blocked for up to 30 minutes. Depending on the location of the block, other users or Web sites may be also blocked if the communications are routed to the location of the block. This was used by the Great Firewall of China in 2007. I seriously doubt is still in use. Yes Medium Ignore the reset packet sent by the firewall
VPN and Tor blocking A firewall is able to "learn, discover and block" the encrypted communications methods used by a number of different VPN systems, and connection is terminated Yes High Add a form of data obfuscation (steganographic coding); Tor: Pluggable Transports