Slashdot Mirror
Ask Slashdot: How To Combat IP-Based Censorship?
An anonymous reader writes "For a while now there has been a lot of buzz on a new proposed censorship scheme in Turkey. The government wants to crack down on freedom of speech and other rights by preventing us from accessing any websites it deems unsuitable. The reasons for that could be criticism of the government, pornography and basically anything a politician might dislike (YouTube is blocked for example — I'm not sure about Google, etc., because I'm bypassing the filter). Right now the state is using DNS-based filtering which can be circumvented with OpenDNS or proxy services which everybody knows about in Turkey. On August 22, however, a new scheme will go into effect that uses IP-based filtering. Bypassing this by any means is illegal, but I wanted to get some opinions on how this could be done without having to set up a VPN server outside of Turkey and using it as a private proxy."
You know, there's not a lot of ways other than VPN and the other ways usually aren't as secure. The last link provided covers most of the bases -- albeit in subpar English. So I guess what I would suggest is you contacting a not-for profit like Garden Networks and ask them to grant Turks the same status as Chinese users in that you don't have to subscribe to use their premium servers. Their gTunnel application seems straight forward and intuitive and appears secure. It appears that users in China, Kuwait and Iran enjoy it so I imagine you shouldn't have any problems either.
... that would be pretty extensive however.
Furthering that idea, you might pass out "awareness" pamphlets while asking for donations to "keep the internet uncensored" and then pay for your pamphlets and donate the rest of that money to Garden Networks. I don't fully know what level of risk that might entail in Turkey, I certainly would not suggest that to a Chinese citizen.
I will say that it is conceivably possible for your government to go insane and block ranges of IP addresses so that you cannot access Garden Network's premium servers or Tor nodes
My work here is dung.
What about using Tor bridges?
https://www.torproject.org/docs/bridges
This is assuming, of course, that simply using encryption will not put you under suspicion.
Palm trees and 8
You should look into I2P: http://i2p2.de/
A cheap option could be rent a *nix VPS outside of Turkey and setup an SSH server with IP forwarding (in the kernel). You can then use a local machine to open an SSH connection to it and route traffic via the SSH tunnel.
Which faction is supporting this?
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
Why just follow them?
Bypassing this by any means is illegal
Well, obviously then just about anything you do WILL be illegal. Depending on how well this law is enforced, that could be an acceptable risk or not.
I wanted to get some opinions on how this could be done without having to set up a VPN server outside of Turkey
In your situation, just about any solution is going to involve outside help from SOMEONE. And an outside VPN is as good a solution as any.
SJW: Someone who has run out of real oppression, and has to fake it.
And Turkey wants to join the EU. Don't make me laugh.
From what I understand of Tor though, there is a bigger problem. By using it, aren't you opening yourself up to being charged for other people's shit? I mean, sure they can't trace my IP address if I'm downloading movies off Pirate Bay. But wtf good is that going to do me if the FBI is still kicking down my door because some other asshole used my IP address to download kiddie porn?
How about a solution that doesn't involve some trigger-happy SWAT team thug with a gun to my head because they think I'm diddling kids?
SJW: Someone who has run out of real oppression, and has to fake it.
because following sucks. nobody likes to be treated like poppets imagine that youtube, wordpress, blogspot, facebook, google+, twitter, any video hosting site and any outside news site are filter. Do you like it yourself?
You seem to be confused about the difference between using Tor and running a Tor exit node. A simple way to think of Tor is as a system that automatically sets up a chain of proxy servers for you, and then builds a new chain periodically (your connections to each proxy are encrypted, so there are many layers of encryption surrounding your connection -- hence "onion routing"). As a user, you connect to an "entry node," and use that node to connect to a "relay node" and ultimately to an "exit node," and from the exit node you connect to whatever it was that you wanted to anonymously connect to. Running an exit node entails the risks that you described, although I hear that the EFF will defend any American citizen who is caught up in such a situation.
Palm trees and 8
Youtube isn't banned in Turkey since quite some time
just wait. it will be :)
By using it, aren't you opening yourself up to being charged for other people's shit?
No, only using it will not allow any other Tor dweller to use you IP/connection as an exit node, You have to explicitly set up and start the "Relaying" service which is not on by default (at least in Tor browser bundle)
I know I use Tor to access websites (lets leave it in forums that don't like non-white people) that block my IP range and my country have pretty good CP monitors, I've never had problems, I don't trust Tor to do anything stupid anyway so I don't get click-happy while using it. But then again I actually have paranoid traits so it's probably just my imagination. :P
The government wants to crack down on freedom of speech and other rights by preventing us from accessing any websites it deems unsuitable.
Solution: Vote in a new government. It works for us.
Not.
Have gnu, will travel.
DPI has reassembled packets for the last 10 years as a requirement for DPI, because fragmentation was key in a number of successful attacks against security that didn't reassemble before checking contents. Most will be set to drop all fragmented packets, or those fragmented with a size below some reasonable threshold. So, given a misconfigured filter, your suggestion may work, but against anyone that's paid attention to network security for any time in the past 20 years, they'd not make such a rookie mistake. It would be a good "try this and see if they screwed up" suggestion, but to incorrectly suggest that any reasonable DPI based filter will fall for that is misleading. Not to mention that DPI is likely not used for cheap "filter by IP" schemes that need nothing more interesting than an access list blocking based on layer-3 info, and not layer-(4 through 7) of DPI.
Learn to love Alaska
This is pretty poor advice.
Well, I apologize, I assure you that I have no affiliation with Garden Networks and, yes, their free service uses Tor -- which I think is largely German based if I'm not mistaken. I would imagine that would be better for Turkish users but who knows. I thought their protocol was novel but if you say they suck in China, I'll take your word on it.
Then you go as far as to say the OP should help fund this NGO. Enough for the government to classify him as a danger to national security / terrorist / whatever.
"Help fund this NGO" is not really what I said. I'm pretty sure I suggested raising awareness and, assuming Garden Networks is giving them free premium service, send any extra money their way. I said "you might" and cautioned against it if any risk was involved. I do not want to come across as saying anyone should do anything. You know if you start a pamphlet activity with a large and diverse group, it's going to be kind of hard for them to classify everyone participating as "national security / terrorist / whatever." I mean, cower in your homes in fear is good advice? Don't seek assistance from your fellow countrymen while you have the internet and you can? I guess you and I have different desired levels of resistance to impending oppression. If they're gonna take away your most powerful form of communication, I would not advise waiting and doing something about it later.
IMHO it's much better to get that $2.99 VPN (I've seen them even cheaper) and claim you just wanted to talk to your Facebook friends abroad than to get involved with these type of NGO's.
$3 a month is nothing for me but I was under the impression that the IMF had screwed up Turkey's economy for a while by some sort of disinflation plan and it's not like their median household income is exactly stellar. Hit the wealthy neighborhoods with pamphlets asking for donations and spread the word ... just like I volunteer to do here in the United States for charities and causes like cleaning up the Chesapeake Bay.
My work here is dung.
If you can put with the FAP and LAG there is satellite internet.
the equivalent of republicans in america - a faction which merges capitalism (corporate capitalism like in america), and religion.
actually they are not 'supporting' it. they are doing it. due to majority.
Read radical news here
Run for political office.
Undetectable Steganography? Yep, there's an app fo
This is easy and I recommend looking at a very inexpensive service called Tunnelr. Tunnelr offers SSH and OpenVPN tunnels and is located primarily in the United States. Tunnelr also uses the most secure OS on the planet, OpenBSD, so you are fairly safe. However, I would be very careful because the last thing that you want to do is end up in a Turkish prison.
Using off the shelf hardware, groups of people could pool internet resources to ensure their continued ability to access the internet. Even with a very large mesh network (not just wireless), it would only be a few hops to an internet gateway. This would have the added benefit of providing redundancy for the people involved (e.g. in an area where Comcast and AT&T are the only "physical" ISP's). It would also be imperative not to "oversell" your connection capacity, as this would basically kill the usability of the system. You could also contractually obligate people involved to prevent unauthorized usage. Obviously, you'd want to eliminate or restrict leeching as much as possible. This in conjunction with other external proxies, TOR, intelligent routing around of things filtered by certain ISP's, etc. would make for a potentially uninterruptable local service, provided that internet access was available anywhere in the general area your system covered. Automatic routing of certain sites to foreign proxies by encrypted tunnels would be potentially useful. You could even pull from internet gateways many miles away with wireless point to point links. The biggest problem is... getting people to work together, before it becomes impossible to deploy such a system. So sadly, a useful outernet is probably never going to be realized. Should it ever become necessary, I'll give it my best shot. I don't necessarily see untampered internet access as a basic human right, but so long as it's available for some(most?) it should be available for all. The internet should simply be a packet delivery system... would you put up with someone cutting open your mail, reading everything, possibly making modification, taping it back shut, and sending it on?
There is no XUL, only WebExtensions...
then sink while fighting.
Read radical news here
until the isps can comply with demands.
Read radical news here
It sound like the Turkish government is beginning to emulate the repressive and regressive moral "leadership" established by the totalitarian Internet regimes in Australia, the US and the UK.
Hey! You get all the free speech you can pay for!
"Flyin' in just a sweet place,
Never been known to fail..."
Ultrasurf was developed to evade the Great Firewall of China. I would not be surprised if Turkey is getting consultation from China. There is a wired article at http://www.wired.com/magazine/2010/11/ff_firewallfighters/
A good starting point for UltraSurf and some of the other options is a consortium of several organizations including the folks behind gTunnel which is at:
http://www.internetfreedom.org/
Their web site has not been updated very recently, but I don't know how the individual organizations are doing.
No. You're just plain wrong. You seem to be able to write, so you probably can read, too. Why don't you take a look at www.torproject.org or even Wikipedia and RTFFAQ before spreading FUD?
Oh, the beautiful gloss of greality!
I wonder what happens when sending multiple Host headers
"In that instance, it would be much harder to prove you have been bypassing the filter since your computer itself won't have these cache files, cookies and other misc traces on the hard drive,"
Use a live CD and leave your hard disk untouched. Do searches etc using your hard disk whose traces make you look innocent.
You can conceal a live CD/DVD by burning the live content as a boot image then filling the rest with music or video.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
Rename them as video or mp3 files, mix with real video or mp3 files, and use a DVD. That way casual inspection won't indicate the files are not what they seem since you cannot rename files on read-only media.
A few cosmetic scratches for effect wouldn't hurt either.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
In Egypt during the uprising against the government, the people used RDP connections to windows servers outside of the country to publish on facebook and twitter.
each end user had his own desktop and workspace. that's one of the reasons the government over there dropped all the BGP ...
using an SSH tunnel is alright for basic usage, but the bandwidth costs might differ from place to place.. so it's not that cheap if you Really need a lot of traffic.
Because RDP doesn't use any bandwidth...
Welcome to China!
How about switching to the new technology? Some sites have already native IPv6 support, and for others you can use public IPv6->IPv4 proxies. See for instance: http://www.sixxs.net/tools/gateway/
While it doesn't change (or answer) the question on how to bypass the filtering, what the poster does not make clear is that the "safe internet" infrastructure that will be enabled by all operators (due to government regulation) will be opt-in. Unless subscribers specifically request that their internet be filtered, their traffic will not even pass through the filtering system, and the Turkish government has specifically stated (believable or otherwise) that they have no intention of making the system mandatory, and the ISPs have dimensioned their newly purchased parental control systems accordingly which means that the new systems are not designed or capable of handling the load of all subscribers...
While the VPN is a good solution it is also the most visible if someone is tracking this activities.
A ssh tunnel is the most discrete and while it is not a solution for everything like VPN, it does cover all you need for web surfing.
Also you could use something like foxyproxy addon for Firefox and you can tunnel SSH for only the web pages you needs, thus reducing the chances to get caught to the bare minimum.
And SSH tunnel is the most difficult type of connection for a firewall to block.
Love many, trust a few, do harm to none.
Turkey is an oppressive regime with little to no regards for its subjects (e.g. Ilisu dam) yet still wishes to join the EU. If you are willing to take some personal risk, you could always contact the EU and complain; although it may be better to find a contact in another EU country to complain on your behalf. And, of course, many "free" EU states see little wrong with censoring the Internet and have plans to do so. If you are prepared to wait a while, more secure systems will become available to by-pass such blocks.
I think whatever you do, you will be running a personal risk to life and liberty. Even in other EU nations, running crypto is seen as suspicious and failure to hand over keys is a criminal offence (e.g. UK, RIPA laws). Maybe some of the human rights charities could offer pointers?
did you or did you not read the law draft. apparently, you havent. then dont come talking here like an idiot.
Read radical news here
Turkey really, really, really wants to become a member of EU, but there's been several obstacles already, including the state mandated denial of the Armenian Genocide and their less-than-equal treatment of women and other human rights violations. Adding full censorship to the list will make sure life will get better in Turkey as their desire to become an EU member is so strong it just might make them drop this stupid censorship and correct the other 'follies'...
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
I know Slashdot has developed a cultural sense of anything Bitcoin-related as being utter shit, but does anyone follow the development of Namecoin, or think they could help? It's in an alpha stage right now, but as i understand it, the intention is to incorporate dns services in addition to the current simple name registering scheme.