Slashdot Mirror
Ask Slashdot: How To Combat IP-Based Censorship?
An anonymous reader writes "For a while now there has been a lot of buzz on a new proposed censorship scheme in Turkey. The government wants to crack down on freedom of speech and other rights by preventing us from accessing any websites it deems unsuitable. The reasons for that could be criticism of the government, pornography and basically anything a politician might dislike (YouTube is blocked for example — I'm not sure about Google, etc., because I'm bypassing the filter). Right now the state is using DNS-based filtering which can be circumvented with OpenDNS or proxy services which everybody knows about in Turkey. On August 22, however, a new scheme will go into effect that uses IP-based filtering. Bypassing this by any means is illegal, but I wanted to get some opinions on how this could be done without having to set up a VPN server outside of Turkey and using it as a private proxy."
You know, there's not a lot of ways other than VPN and the other ways usually aren't as secure. The last link provided covers most of the bases -- albeit in subpar English. So I guess what I would suggest is you contacting a not-for profit like Garden Networks and ask them to grant Turks the same status as Chinese users in that you don't have to subscribe to use their premium servers. Their gTunnel application seems straight forward and intuitive and appears secure. It appears that users in China, Kuwait and Iran enjoy it so I imagine you shouldn't have any problems either.
... that would be pretty extensive however.
Furthering that idea, you might pass out "awareness" pamphlets while asking for donations to "keep the internet uncensored" and then pay for your pamphlets and donate the rest of that money to Garden Networks. I don't fully know what level of risk that might entail in Turkey, I certainly would not suggest that to a Chinese citizen.
I will say that it is conceivably possible for your government to go insane and block ranges of IP addresses so that you cannot access Garden Network's premium servers or Tor nodes
My work here is dung.
What about using Tor bridges?
https://www.torproject.org/docs/bridges
This is assuming, of course, that simply using encryption will not put you under suspicion.
Palm trees and 8
You should look into I2P: http://i2p2.de/
A cheap option could be rent a *nix VPS outside of Turkey and setup an SSH server with IP forwarding (in the kernel). You can then use a local machine to open an SSH connection to it and route traffic via the SSH tunnel.
Tor is a simple way to bypass a censorship "firewall". If you can find a private exit node (or someone provides one for you) it reduces your chances of getting caught by the ISP.
Which faction is supporting this?
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
secure, cheap, fast: https://www.goldenfrog.com/vyprvpn/vpn-service-provider
portfolio
Why just follow them?
Bypassing this by any means is illegal
Well, obviously then just about anything you do WILL be illegal. Depending on how well this law is enforced, that could be an acceptable risk or not.
I wanted to get some opinions on how this could be done without having to set up a VPN server outside of Turkey
In your situation, just about any solution is going to involve outside help from SOMEONE. And an outside VPN is as good a solution as any.
SJW: Someone who has run out of real oppression, and has to fake it.
And Turkey wants to join the EU. Don't make me laugh.
Although the scheme is postponed for another three months, it is still a lost battle. The protests against the filter was censored in main stream media, and the majority of the public does not care and even in some cases they actually support censorship.
because following sucks. nobody likes to be treated like poppets imagine that youtube, wordpress, blogspot, facebook, google+, twitter, any video hosting site and any outside news site are filter. Do you like it yourself?
Youtube isn't banned in Turkey since quite some time. I don't know where the author is from or whether he checks with local community.
When you say IP filtering, do you mean any TCP SYN packet to an IP address of a known 'bad' website will not be carried? This would mean any other sites on a shared server would be blocked too.
Or will the next step be the 'hybrid' solution of IP filtering then DPI be used to get the Host header before deciding whether to block the connection? In this case, some filters will not re-assemble TCP packets so fragmented host headers will work.
Just thinking out loud here, but is the IP censoring based on IPv4? If so, why not look for a provider that will give you an IPv6 tunnel to move all your traffic through?
The government wants to crack down on freedom of speech and other rights by preventing us from accessing any websites it deems unsuitable.
Solution: Vote in a new government. It works for us.
Not.
Have gnu, will travel.
What are you doing there in the first place, so you gots something to bitch about ??
This is pretty poor advice.
Well, I apologize, I assure you that I have no affiliation with Garden Networks and, yes, their free service uses Tor -- which I think is largely German based if I'm not mistaken. I would imagine that would be better for Turkish users but who knows. I thought their protocol was novel but if you say they suck in China, I'll take your word on it.
Then you go as far as to say the OP should help fund this NGO. Enough for the government to classify him as a danger to national security / terrorist / whatever.
"Help fund this NGO" is not really what I said. I'm pretty sure I suggested raising awareness and, assuming Garden Networks is giving them free premium service, send any extra money their way. I said "you might" and cautioned against it if any risk was involved. I do not want to come across as saying anyone should do anything. You know if you start a pamphlet activity with a large and diverse group, it's going to be kind of hard for them to classify everyone participating as "national security / terrorist / whatever." I mean, cower in your homes in fear is good advice? Don't seek assistance from your fellow countrymen while you have the internet and you can? I guess you and I have different desired levels of resistance to impending oppression. If they're gonna take away your most powerful form of communication, I would not advise waiting and doing something about it later.
IMHO it's much better to get that $2.99 VPN (I've seen them even cheaper) and claim you just wanted to talk to your Facebook friends abroad than to get involved with these type of NGO's.
$3 a month is nothing for me but I was under the impression that the IMF had screwed up Turkey's economy for a while by some sort of disinflation plan and it's not like their median household income is exactly stellar. Hit the wealthy neighborhoods with pamphlets asking for donations and spread the word ... just like I volunteer to do here in the United States for charities and causes like cleaning up the Chesapeake Bay.
My work here is dung.
If you can put with the FAP and LAG there is satellite internet.
the equivalent of republicans in america - a faction which merges capitalism (corporate capitalism like in america), and religion.
actually they are not 'supporting' it. they are doing it. due to majority.
Read radical news here
In Egypt during the uprising against the government,
the people used RDP connections to windows servers outside of the country to publish on facebook and twitter.
each end user had his own desktop and workspace. ...
that's one of the reasons the government over there dropped all the BGP
using an SSH tunnel is alright for basic usage, but the bandwidth costs might differ from place to place.. so it's not that cheap if you Really need a lot of traffic.
Run for political office.
Undetectable Steganography? Yep, there's an app fo
It's his home. His entire family lives there. His job is there. His friends are there. It's not that easy to just uproot yourself that way. Sure, it can be done, but think about it: every aspect of his life would be completely rewritten, and that's a lot of stress. Not to mention the sheer costs of travel and shipping his belongings. As a matter of fact, some people prefer to revolt and sacrifice their lives than move from their homeland.
This is easy and I recommend looking at a very inexpensive service called Tunnelr. Tunnelr offers SSH and OpenVPN tunnels and is located primarily in the United States. Tunnelr also uses the most secure OS on the planet, OpenBSD, so you are fairly safe. However, I would be very careful because the last thing that you want to do is end up in a Turkish prison.
Using off the shelf hardware, groups of people could pool internet resources to ensure their continued ability to access the internet. Even with a very large mesh network (not just wireless), it would only be a few hops to an internet gateway. This would have the added benefit of providing redundancy for the people involved (e.g. in an area where Comcast and AT&T are the only "physical" ISP's). It would also be imperative not to "oversell" your connection capacity, as this would basically kill the usability of the system. You could also contractually obligate people involved to prevent unauthorized usage. Obviously, you'd want to eliminate or restrict leeching as much as possible. This in conjunction with other external proxies, TOR, intelligent routing around of things filtered by certain ISP's, etc. would make for a potentially uninterruptable local service, provided that internet access was available anywhere in the general area your system covered. Automatic routing of certain sites to foreign proxies by encrypted tunnels would be potentially useful. You could even pull from internet gateways many miles away with wireless point to point links. The biggest problem is... getting people to work together, before it becomes impossible to deploy such a system. So sadly, a useful outernet is probably never going to be realized. Should it ever become necessary, I'll give it my best shot. I don't necessarily see untampered internet access as a basic human right, but so long as it's available for some(most?) it should be available for all. The internet should simply be a packet delivery system... would you put up with someone cutting open your mail, reading everything, possibly making modification, taping it back shut, and sending it on?
There is no XUL, only WebExtensions...
give up, let them censor - fat lot of good it does anyone in the long run - uncensored, censored, we all die in less than 100 years... some will die censored, sheltered from the outside world and frankly possibly happier for it. others repressed. and even more as content little pigs who never realized they were being pushed to fulfill someone elses agenda.
then sink while fighting.
Read radical news here
until the isps can comply with demands.
Read radical news here
When most people discuss IP, they mean IPv4. If their filtering does not have the ability to dig into the IPv6 packet to look for destination, you may have an out with plausible deniability.
There are also IPv6 tunneling technologies which are freely available and *may* be built into your system already. Take a look at Toredo for instance (http://en.wikipedia.org/wiki/Teredo_tunneling).
It sound like the Turkish government is beginning to emulate the repressive and regressive moral "leadership" established by the totalitarian Internet regimes in Australia, the US and the UK.
Hey! You get all the free speech you can pay for!
"Flyin' in just a sweet place,
Never been known to fail..."
Ultrasurf was developed to evade the Great Firewall of China. I would not be surprised if Turkey is getting consultation from China. There is a wired article at http://www.wired.com/magazine/2010/11/ff_firewallfighters/
A good starting point for UltraSurf and some of the other options is a consortium of several organizations including the folks behind gTunnel which is at:
http://www.internetfreedom.org/
Their web site has not been updated very recently, but I don't know how the individual organizations are doing.
I think that the simplest way to do this, with minimal risks on law enforcement in Turkey, would be to have a bastion server/terminal server in another country (e.g) the US, and a remote desktop of some type (VNC, MS-RDP, your choice) for you to be able to access it. In that instance, it would be much harder to prove you have been bypassing the filter since your computer itself won't have these cache files, cookies and other misc traces on the hard drive, and it may be impossible or at the least unwieldy for the Turkish government to legally access your expatriate terminal server for evidence of circumventing the filter.
On a side note, I think IP-based filtering is impossible to pull off and maintain functionality. Considering the use of "virtual hosts", and ISP-wide NAT in some places, it is clear that an individual IP does not represent an individual web site, in fact it may represent dozens of web sites with virtual host. It may also represent entire server rooms full of computers if BGP is used and it is an anycast IP.
Likely, the end result of this will be a stifling of commerce in Turkey, lots of frustrated internet users, and a turnaround by the government once it hits their tax coffers.
An alternative to real-time access would be one based on static pages delivered by usb key or dvd. A collection of web pages could be stored easily on each device. It won't get you that instant fix, but at least it's one more tool that's available for use.
1. get a shell here: http://sdf.org/
2. register for dial-up
3. get a NetBSD shell at 1200bps, and bitch about it on Slashdot via lynx
4. ???
5. Wiretaps!
Welcome to China!
How about switching to the new technology? Some sites have already native IPv6 support, and for others you can use public IPv6->IPv4 proxies. See for instance: http://www.sixxs.net/tools/gateway/
While it doesn't change (or answer) the question on how to bypass the filtering, what the poster does not make clear is that the "safe internet" infrastructure that will be enabled by all operators (due to government regulation) will be opt-in. Unless subscribers specifically request that their internet be filtered, their traffic will not even pass through the filtering system, and the Turkish government has specifically stated (believable or otherwise) that they have no intention of making the system mandatory, and the ISPs have dimensioned their newly purchased parental control systems accordingly which means that the new systems are not designed or capable of handling the load of all subscribers...
While the VPN is a good solution it is also the most visible if someone is tracking this activities.
A ssh tunnel is the most discrete and while it is not a solution for everything like VPN, it does cover all you need for web surfing.
Also you could use something like foxyproxy addon for Firefox and you can tunnel SSH for only the web pages you needs, thus reducing the chances to get caught to the bare minimum.
And SSH tunnel is the most difficult type of connection for a firewall to block.
Love many, trust a few, do harm to none.
Turkey is an oppressive regime with little to no regards for its subjects (e.g. Ilisu dam) yet still wishes to join the EU. If you are willing to take some personal risk, you could always contact the EU and complain; although it may be better to find a contact in another EU country to complain on your behalf. And, of course, many "free" EU states see little wrong with censoring the Internet and have plans to do so. If you are prepared to wait a while, more secure systems will become available to by-pass such blocks.
I think whatever you do, you will be running a personal risk to life and liberty. Even in other EU nations, running crypto is seen as suspicious and failure to hand over keys is a criminal offence (e.g. UK, RIPA laws). Maybe some of the human rights charities could offer pointers?
This story is incomplete/false. Turkey government will force ISPs to provide two options to users: a safe one(?) and an unfiltered one. If you don't specify this, ISPs will provide safe one as default. But you will be able to change your subscription type anytime you want. Stop lying around author.
did you or did you not read the law draft. apparently, you havent. then dont come talking here like an idiot.
Read radical news here
Turkey really, really, really wants to become a member of EU, but there's been several obstacles already, including the state mandated denial of the Armenian Genocide and their less-than-equal treatment of women and other human rights violations. Adding full censorship to the list will make sure life will get better in Turkey as their desire to become an EU member is so strong it just might make them drop this stupid censorship and correct the other 'follies'...
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
I know Slashdot has developed a cultural sense of anything Bitcoin-related as being utter shit, but does anyone follow the development of Namecoin, or think they could help? It's in an alpha stage right now, but as i understand it, the intention is to incorporate dns services in addition to the current simple name registering scheme.
Anything you do that doesn't include a VPN hosted outside the country can be seen by the ISP and government. Sorry. Even using alternative DNS servers can be seen. One day you'll be seeing the normal traffic, then the government will start redirecting all DNS and if you aren't really paying attention, you'll not notice.
You want a VPN with private keys that you control. This can be ssh or OpenVPN or any other industry-standard private-key-based VPN. You don't want to trust SSL-based VPNs. The people who control your DNS can easily setup DNS and fake SSL certs that you're system will trust - even when you shouldn't.
I'm not certain you can trust TOR either. Whether you can or not is a question of whether the DNS requests are also part of the TOR protocol. If it is, you are good to go provide the last node drops your request off outside any country that does similar tracking.
Anyone who suggests any other solution is risking your privacy and possibly your safety. If Turkish prisons are what I hear, I'd be afraid too.