User:Weinshel/Internet censorship circumvention/

Link to original article: Internet censorship circumvention

Informal notes: User:Weinshel/Notes_on_censorship_circumvention

''Ed. note: my changes in this article so far have been restructuring and reworking the Methods section, and adding a new section with examples of adoption of tools. I also plan on slightly revising the lead section and the "Circumvention, anonymity, risks, and trust" section.''

Methods (replace existing section)
''Ed. note: I restructured this section in the existing article, and also reworded portions and added some citations.''

There are many methods available that may allow the circumvention of Internet filtering, which can widely vary in terms of implementation difficulty, effectiveness, and resistance to detection.

Alternate names & addresses
Filters may block specific domain names, either using DNS hijacking or URL filtering. Sites are sometimes accessible through alternate names and addresses that may not be blocked.

Some websites may offer the same content at multiple pages or domain names. For example, the English Wikipedia is available at https://en.wikipedia.org/, and there is also a mobile-formatted version at https://en.m.wikipedia.org/.

If DNS resolution is disrupted but the site is not blocked in other ways, it may be possible to access a site directly through its IP address. Using DNS servers other than those supplied by default by an ISP may bypass DNS-based blocking. OpenDNS and Google offer DNS services or see List of Publicly Available and Completely Free DNS Servers.

Censors may block specific IP addresses. Depending on how the filtering is implemented, it may be possible to use different forms of the IP address (specifing the address in a different base). For example, the following URLs all access the same site, although not all browsers will recognize all forms: http://208.80.152.2 (dotted decimal), http://3494942722 (decimal), http://0320.0120.0230.02 (dotted octal), http://0xd0509802 (hexadecimal), and http://0xd0.0x50.0x98.0x2 (dotted hexadecimal).

Mirrors, caches, and copies
When a specific site is blocked, there may be other copies of the site available…

Cached pages: Some search engines keep copies of previously indexed webpages, or cached pages, which are often hosted by the search engine and may not be blocked. Cached pages may be identified with a small link labeled "cached" in a list of search results. Google allows the retrieval of cached pages by entering "cache:some-blocked-url" as a search request.

Mirror and archive sites: Copies of web sites or pages may be available at mirror or archive sites such as the Internet Archive's Wayback Machine.

RSS aggregators: RSS aggregators such as Google Reader and Bloglines may be able to receive and pass on RSS feeds that are blocked when accessed directly.

Proxying
Web proxies are websites that are configured to allow users to load external web pages through the proxy server, permitting the user to load the page as if it is coming from the proxy server and not the (blocked) source. However, depending on how the proxy is configured, a censor may be able to determine the pages loaded and/or determine that the user is using a proxy server.

For example, the mobile Opera Mini browser uses a proxy-based approach employing encryption and compression in order to speed up downloads. This has the side effect of allowing it to circumvent several approaches to Internet censorship. In 2009 this led the government of China to ban all but a special Chinese versions of the browser.

Domain fronting: Circumvention software can implement a technique called domain fronting, where the destination of a connection is hidden by passing the initial requests through a content delivery network or other popular site. This technique was used by messaging applications including Signal and Telegram, but has since been blocked by high-profile cloud service providers.

SSH tunneling: By establishing an SSH tunnel, a user can forward all their traffic over an encrypted channel, so both outgoing requests for blocked sites and the response from those sites are hidden from the censors, for whom it appears as unreadable SSH traffic.

Virtual private network (VPN): Using a VPN, A user who experiences internet censorship can create a secure connection to a more permissive country, and browse the internet as if they were situated in that country. Some services are offered for a monthly fee; others are ad-supported.

Tor: More advanced tools such as Tor route encrypted traffic through multiple servers to make the source and destination of traffic less traceable. It can in some cases be used to avoid censorship, especially when configured to use traffic obfuscation techniques.

Traffic obfuscation
A censor may be able to detect and block use of circumvention tools. There are efforts to make circumvention tools less detectable by randomizing the traffic, attempting to mimic a non-blocked protocol, or tunneling traffic through a whitelisted service by using techniques including domain fronting. Tor and other circumvention tools have adopted multiple obfuscation techniques that users can use depending on the nature of their connection, which are sometimes called "Pluggable Transports."

Adoption of circumvention tools (new section)
Circumvention tools have seen spikes in adoption in response to high-profile blocking attempts, however, studies measuring adoption of circumvention tools in countries with persistent and widespread censorship report mixed results.

In response to persistent censorship
Measures of circumvention tool adoption have reported divergent results. A 2010 study by Harvard University researchers estimated that very few users use censorship circumvention tools—likely less than 3% of users even in countries that consistently implement widespread censorship.

In China, adoption of circumvention tools is particularly high in certain communities, such as universities, and a survey by Freedom House found that users generally did not find circumvention tools to be difficult to use. Estimates of the use of Twitter, a blocked social media service, have ranged from 10 million (1.5% of the internet-using population), to 35 million (disputed ). Yet efforts to block circumvention tools have reduced adoption of those tools; the Tor network previously had over 30,000 users connecting from China but as of 2014 had only approximately 3,000 Chinese users.

On the other hand, in a 2017 study of internet users from Thailand, a research group at the University of Washington found that 63% of surveyed users attempted to use circumvention tools, and 90% were successful in using those tools. Users often made on-the-spot decisions on tools to use based of limited or unreliable information, and had a variety of perceived threats, some more abstract and others more concrete based on personal experiences.

In response to blocking events
In response to the 2014 blocking of Twitter in Turkey, information about alternate DNS servers was widely shared, as using another DNS server such as Google Public DNS allowed users to access Twitter. The day after the block, the total number of posts made in Turkey was up 138%, according to Brandwatch, an internet measurement firm.

After a April 2018 ban on the Telegram messaging app in Iran, web searches for VPN and other circumvention software increased as much as 48x for some terms, but there was evidence that users were downloading unsafe software. As many as a third of Iranian internet users used the Psiphon tool in the days immediately following the block, and in June 2018 as many as 3.5 million Iranian users continued to use the tool.

Software (existing section)
Otherwise leave this section mostly as is (it isn't great but the focus of my edits is more on other sections)

Potential additional sources
Some China sources

https://cyber.harvard.edu/pubrelease/internet-control/

https://cyber.harvard.edu/publications/2017/06/GlobalInternetCensorship

https://cyber.harvard.edu/publication/2018/censorship-and-collateral-damage

https://www.bloomberg.com/quicktake/great-firewall-of-china

https://www.usenix.org/conference/usenixsecurity18/presentation/vandersloot

Open access links
TODO: figure out how to add these to the normal citations

https://homes.cs.washington.edu/~yoshi/papers/GebhartEtAl-IEEEEuroSP.pdf

https://arxiv.org/abs/1605.04044v2