Internet censorship circumvention
Encyclopedia
Internet censorship circumvention is the process used by technologically savvy Internet users to bypass the technical aspects of Internet filtering and gain access to otherwise censored material.
Circumvention is an inherent problem for those wishing to censor the Internet, because filtering and blocking do not remove content from the Internet and as long as there is at least one publicly accessible uncensored system, it will often be possible to gain access to otherwise censored material. However, circumvention may not be very useful to non tech-savvy users and so blocking and filtering remain effective means of censoring the Internet for many users.
Different techniques and resources are used to bypass Internet censorship, including cached web pages
, mirror
and archive
sites, alternate DNS servers, proxy websites
, virtual private network
s, sneakernet
s, and circumvention software tools. Solutions have differing ease of use, speed, security, and risks. Most, however, rely on gaining access to an Internet connection that is not subject to filtering, often in a different jurisdiction not subject to the same censorship laws.
There are risks to using circumvention software or other methods to bypass Internet censorship. In some countries individuals that gain access to otherwise restricted content may be violating the law and if caught can be expelled, fired, jailed, or subject to other punishments and loss of access.
In many jurisdictions accessing blocked content is a serious crime, particularly content that is considered child pornography, a threat to national security, or an incitement of violence. Thus it is important to understand the circumvention technologies and the protections they do or do not provide and to use only tools that are appropriate in a particular context. Great care must be taken to install, configure, and use circumvention tools properly. Individuals associated with high profile rights organizations, dissident, protest, or reform groups should take extra precautions to protect their online identities.
Circumvention sites and tools should be provided and operated by trusted third parties located outside the censoring jurisdiction that do not collect identities and other personal information. Best are trusted family and friends personally known to the circumventor, but when family and friends are not available, sites and tools provided by individuals or organizations that are only known by their reputations or through the recommendations and endorsement of others may need to be used. Commercial circumvention services may provide anonymity while surfing the Internet, but could be compelled by law to make their records and users' personal information available to law enforcement.
Circumventing censorship using proxies gives access to international content, but doesn’t address domestic censorship and access to more local content. Nor does it offer a defense against DDoS or other attacks that target a publisher.
, copies of previously indexed Web pages, and these pages are not always blocked. Cached pages may be identified with a small link labeled "cached" in a list of search results. Google
allows the retrieval of cached pages by entering "cache:some-blocked-url" as a search request.
or archive
sites such as www.archive.org and the alternate sites may not be blocked.
to e-mail
services such as www.web2mail.com will return the contents of web pages with or without images as an e-mail message and such access may not be blocked.
aggregators such as Google Reader
and Bloglines
may be able to receive and pass on RSS feeds that are blocked when accessed directly.
s may not be blocked. For example the following domain names all refer to the same web site: http://wikimedia.org, http://www.wikimedia.org, http://text.wikimedia.org, and http://text.pmtpa.wikimedia.org.
Or alternative URLs may not be blocked. For example: www.blocked.com vs. www.blocked.com/, blocked.com, blocked.com/, www.blocked.com/index.htm, and www.blocked.com/index.html.
Entering an IP address
rather than a domain name (http://208.80.152.2) or a domain name rather than an IP address (http://wikimedia.org) will sometimes allow access to a blocked site.
Specifying an IP address in a base other than 10 may bypass some filters. The following URLs all access the same site, although not all browsers will recognize all forms: http://208.80.152.2 (dotted decimal), http://3494942722 (decimal), http://0320.0120.0230.02 (dotted octal), http://0xd0509802 (hexadecimal), and http://0xd0.0x50.0x98.0x2 (dotted hexadecimal).
and Google offer DNS services or see List of Publicly Available and Completely Free DNS Servers.
protocol is recommended since it is encrypted and harder to block. A list of web proxies is available from web sites such as http://www.proxy.org/ or by searching for "free web proxy". Most modern web browsers have preferences or allow plug-ins to enable proxies.
Translation services such as babelfish.yahoo.com and translate.google.com are a specific type of proxy website and can sometimes be used to display blocked pages even when no translation is needed by asking for a translation into the same language that is used on the original site or by asking for a translation from a language that does not appear on the original site.
is a term used to describe the transfer of electronic information, especially computer files, by physically carrying data on storage media from one place to another. A sneakernet can move data regardless of network restrictions simply by not using the network at all.
CGI proxies use a script running on a web server to perform the proxying function. A CGI
proxy client sends the requested url embedded within the data portion of an HTTP request to the CGI proxy server. The CGI proxy server pulls the ultimate destination information from the data embedded in the HTTP request, sends out its own HTTP request to the ultimate destination, and then returns the result to the proxy client. A CGI proxy tool's security can be trusted as far as the operator of the proxy server can be trusted. CGI proxy tools require no manual configuration of the browser or client software installation, but they do require that the user use an alternative, potentially confusing browser interface within the existing browser.
HTTP proxies send HTTP requests
through an intermediate proxying server. A client connecting through an HTTP proxy sends exactly the same HTTP request to the proxy as it would send to the
destination server unproxied. The HTTP proxy parses the HTTP request; sends its own HTTP request to the ultimate destination server; and then returns the response back to the proxy client. An HTTP proxy tool's security can be trusted as far as the operator of the proxy server can be trusted. HTTP proxy tools require either manual configuration of the browser or client side software that can configure the browser for the user. Once configured, an HTTP proxy tool allows the user transparently to use his normal browser interface.
Application proxies are similar to HTTP proxies, but support a wider range of online applications.
Peer-to-peer systems store content across a range of participating volunteer servers combined with technical techniques such as re-routing to reduce the amount of trust placed on volunteer servers or on social networks to establish trust relationships between server and client users. Peer-to-peer system can be trusted as far as the operators of the various servers can be trusted or to the extent that the architecture of the peer-to-peer system limits the amount of information available to any single server and the server operators can be trusted not to cooperate to combine the information they hold.
Re-routing systems send requests and responses through a series of proxying servers, encrypting the data again at each proxy, so that a given proxy knows at most either where the data came from or is going to, but not both. This decreases the amount of trust required of the individual proxy hosts.
's 2007 Circumvention Landscape Report included the following observations:
Circumvention is an inherent problem for those wishing to censor the Internet, because filtering and blocking do not remove content from the Internet and as long as there is at least one publicly accessible uncensored system, it will often be possible to gain access to otherwise censored material. However, circumvention may not be very useful to non tech-savvy users and so blocking and filtering remain effective means of censoring the Internet for many users.
Different techniques and resources are used to bypass Internet censorship, including cached web pages
Web cache
A web cache is a mechanism for the temporary storage of web documents, such as HTML pages and images, to reduce bandwidth usage, server load, and perceived lag...
, mirror
Mirror (computing)
In computing, a mirror is an exact copy of a data set. On the Internet, a mirror site is an exact copy of another Internet site.Mirror sites are most commonly used to provide multiple sources of the same information, and are of particular value as a way of providing reliable access to large downloads...
and archive
Archive site
In web archiving, an archive site is a website that stores information on, or the actual, webpages from the past for anyone to view.-Common techniques:Two common techniques are #1 using a web crawler or #2 user submissions....
sites, alternate DNS servers, proxy websites
Proxy server
In computer networks, a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server...
, virtual private network
Virtual private network
A virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....
s, sneakernet
Sneakernet
Sneakernet is an informal term describing the transfer of electronic information, especially computer files, by physically couriering removable media such as magnetic tape, floppy disks, compact discs, USB flash drives, or external hard drives from one computer to another. This is usually in lieu...
s, and circumvention software tools. Solutions have differing ease of use, speed, security, and risks. Most, however, rely on gaining access to an Internet connection that is not subject to filtering, often in a different jurisdiction not subject to the same censorship laws.
There are risks to using circumvention software or other methods to bypass Internet censorship. In some countries individuals that gain access to otherwise restricted content may be violating the law and if caught can be expelled, fired, jailed, or subject to other punishments and loss of access.
Circumvention, anonymity, risks, and trust
Circumvention and anonymity are different. Circumvention systems are designed to bypass blocking, but they do not usually protect identities. Anonymous systems protect a user's identity. And while they can contribute to circumvention, that is not their primary function. It is important to understand that open public proxy sites do not provide anonymity and can view and record the location of computers making requests as well as the websites accessed.In many jurisdictions accessing blocked content is a serious crime, particularly content that is considered child pornography, a threat to national security, or an incitement of violence. Thus it is important to understand the circumvention technologies and the protections they do or do not provide and to use only tools that are appropriate in a particular context. Great care must be taken to install, configure, and use circumvention tools properly. Individuals associated with high profile rights organizations, dissident, protest, or reform groups should take extra precautions to protect their online identities.
Circumvention sites and tools should be provided and operated by trusted third parties located outside the censoring jurisdiction that do not collect identities and other personal information. Best are trusted family and friends personally known to the circumventor, but when family and friends are not available, sites and tools provided by individuals or organizations that are only known by their reputations or through the recommendations and endorsement of others may need to be used. Commercial circumvention services may provide anonymity while surfing the Internet, but could be compelled by law to make their records and users' personal information available to law enforcement.
Methods
There are many methods available that may allow the circumvention of Internet filtering. They range from the simple to the complex and from the trivial to the difficult in terms of implementation. Of course, not all methods will work to bypass all filters. And censorship tools and sites are themselves subject to censorship and monitoring.Circumventing censorship using proxies gives access to international content, but doesn’t address domestic censorship and access to more local content. Nor does it offer a defense against DDoS or other attacks that target a publisher.
Cached Pages
Some search engines keep cached pagesWeb cache
A web cache is a mechanism for the temporary storage of web documents, such as HTML pages and images, to reduce bandwidth usage, server load, and perceived lag...
, copies of previously indexed Web pages, and these pages are not always blocked. Cached pages may be identified with a small link labeled "cached" in a list of search results. Google
Google
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...
allows the retrieval of cached pages by entering "cache:some-blocked-url" as a search request.
Mirror and archive sites
Copies of web sites or pages may be available at mirrorMirror (computing)
In computing, a mirror is an exact copy of a data set. On the Internet, a mirror site is an exact copy of another Internet site.Mirror sites are most commonly used to provide multiple sources of the same information, and are of particular value as a way of providing reliable access to large downloads...
or archive
Archive site
In web archiving, an archive site is a website that stores information on, or the actual, webpages from the past for anyone to view.-Common techniques:Two common techniques are #1 using a web crawler or #2 user submissions....
sites such as www.archive.org and the alternate sites may not be blocked.
Web to E-mail services
WebWeb service
A Web service is a method of communication between two electronic devices over the web.The W3C defines a "Web service" as "a software system designed to support interoperable machine-to-machine interaction over a network". It has an interface described in a machine-processable format...
to e-mail
E-mail
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
services such as www.web2mail.com will return the contents of web pages with or without images as an e-mail message and such access may not be blocked.
RSS aggregators
RSSRSS
-Mathematics:* Root-sum-square, the square root of the sum of the squares of the elements of a data set* Residual sum of squares in statistics-Technology:* RSS , "Really Simple Syndication" or "Rich Site Summary", a family of web feed formats...
aggregators such as Google Reader
Google Reader
Google Reader is a Web-based aggregator, capable of reading Atom and RSS feeds online or offline. It was released by Google on October 7, 2005 through Google Labs. Reader was graduated from beta status on September 17, 2007.-Interface:...
and Bloglines
Bloglines
Bloglines is a web-based news aggregator for reading syndicated feeds using the RSS and Atom formats. Mark Fletcher, former CEO of ONElist, founded the site in June 2003 and sold it in February 2005 to Ask.com/InterActiveCorp. In 2005, it hosted more than 200 million searchable blog articles. On...
may be able to receive and pass on RSS feeds that are blocked when accessed directly.
IP addresses and domain names
Alternative domain nameDomain name
A domain name is an identification string that defines a realm of administrative autonomy, authority, or control in the Internet. Domain names are formed by the rules and procedures of the Domain Name System ....
s may not be blocked. For example the following domain names all refer to the same web site: http://wikimedia.org, http://www.wikimedia.org, http://text.wikimedia.org, and http://text.pmtpa.wikimedia.org.
Or alternative URLs may not be blocked. For example: www.blocked.com vs. www.blocked.com/, blocked.com, blocked.com/, www.blocked.com/index.htm, and www.blocked.com/index.html.
Entering an IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
rather than a domain name (http://208.80.152.2) or a domain name rather than an IP address (http://wikimedia.org) will sometimes allow access to a blocked site.
Specifying an IP address in a base other than 10 may bypass some filters. The following URLs all access the same site, although not all browsers will recognize all forms: http://208.80.152.2 (dotted decimal), http://3494942722 (decimal), http://0320.0120.0230.02 (dotted octal), http://0xd0509802 (hexadecimal), and http://0xd0.0x50.0x98.0x2 (dotted hexadecimal).
Alternative DNS Servers
Using DNS servers other than those supplied by default by an ISP may bypass DNS based blocking. OpenDNSOpenDNS
OpenDNS is a DNS resolution service. OpenDNS extends DNS adding features such as misspelling correction, phishing protection, and optional content filtering...
and Google offer DNS services or see List of Publicly Available and Completely Free DNS Servers.
Proxy websites
Proxy websites are often the simplest and fastest way to access banned websites in censored nations. Such websites work by being themselves un-blocked, but capable of displaying the blocked material. This is usually accomplished by entering a URL which the proxy website will fetch and display. Using the httpsHttps
Hypertext Transfer Protocol Secure is a combination of the Hypertext Transfer Protocol with SSL/TLS protocol to provide encrypted communication and secure identification of a network web server...
protocol is recommended since it is encrypted and harder to block. A list of web proxies is available from web sites such as http://www.proxy.org/ or by searching for "free web proxy". Most modern web browsers have preferences or allow plug-ins to enable proxies.
Translation services such as babelfish.yahoo.com and translate.google.com are a specific type of proxy website and can sometimes be used to display blocked pages even when no translation is needed by asking for a translation into the same language that is used on the original site or by asking for a translation from a language that does not appear on the original site.
Virtual Private Networks (VPNs)
Using Virtual Private Networks, a user who experiences internet censorship can create a secure connection to a more permissive country, and browse the internet as if they were situated in that country. Some services are offered for a monthly fee, others are ad-supported.Sneakernets
SneakernetSneakernet
Sneakernet is an informal term describing the transfer of electronic information, especially computer files, by physically couriering removable media such as magnetic tape, floppy disks, compact discs, USB flash drives, or external hard drives from one computer to another. This is usually in lieu...
is a term used to describe the transfer of electronic information, especially computer files, by physically carrying data on storage media from one place to another. A sneakernet can move data regardless of network restrictions simply by not using the network at all.
Software
Types:CGI proxies use a script running on a web server to perform the proxying function. A CGI
Common Gateway Interface
The Common Gateway Interface is a standard method for web servers software to delegate the generation of web pages to executable files...
proxy client sends the requested url embedded within the data portion of an HTTP request to the CGI proxy server. The CGI proxy server pulls the ultimate destination information from the data embedded in the HTTP request, sends out its own HTTP request to the ultimate destination, and then returns the result to the proxy client. A CGI proxy tool's security can be trusted as far as the operator of the proxy server can be trusted. CGI proxy tools require no manual configuration of the browser or client software installation, but they do require that the user use an alternative, potentially confusing browser interface within the existing browser.
HTTP proxies send HTTP requests
Hypertext Transfer Protocol
The Hypertext Transfer Protocol is a networking protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web....
through an intermediate proxying server. A client connecting through an HTTP proxy sends exactly the same HTTP request to the proxy as it would send to the
destination server unproxied. The HTTP proxy parses the HTTP request; sends its own HTTP request to the ultimate destination server; and then returns the response back to the proxy client. An HTTP proxy tool's security can be trusted as far as the operator of the proxy server can be trusted. HTTP proxy tools require either manual configuration of the browser or client side software that can configure the browser for the user. Once configured, an HTTP proxy tool allows the user transparently to use his normal browser interface.
Application proxies are similar to HTTP proxies, but support a wider range of online applications.
Peer-to-peer systems store content across a range of participating volunteer servers combined with technical techniques such as re-routing to reduce the amount of trust placed on volunteer servers or on social networks to establish trust relationships between server and client users. Peer-to-peer system can be trusted as far as the operators of the various servers can be trusted or to the extent that the architecture of the peer-to-peer system limits the amount of information available to any single server and the server operators can be trusted not to cooperate to combine the information they hold.
Re-routing systems send requests and responses through a series of proxying servers, encrypting the data again at each proxy, so that a given proxy knows at most either where the data came from or is going to, but not both. This decreases the amount of trust required of the individual proxy hosts.
| Name |
Type |
Developer |
Cost |
Web site |
Notes |
|---|---|---|---|---|---|
| alkasir Alkasir Alkasir is a program developed by Yemeni journalist, Walid al-Saqaf, that allows users to circumvent censorship in countries that censor internet content. The first version was released in May 2009, with the newest version containing an internal browser, added in May 2010, with updates often being... |
HTTP proxy | Yemeni journalist Walid al-Saqaf | free | www.alkasir.com | Uses 'split-tunneling' to only redirect to proxy servers when blocking is encountered. Is not a general circumvention solution and only allows access to certain blocked websites. In particular it does not allow access to blocked websites that contain pornography, nudity or similar adult content. |
| Anonymizer Anonymizer (company) Anonymizer, Inc. is an Internet privacy company, founded in 1995 by Lance Cottrell, author of the Mixmaster anonymous remailer. Anonymizer was originally named Infonex Internet. The name was changed to Anonymizer in 1997 when the company acquired a web based privacy proxy of the same name developed... |
HTTP proxy | Anonymizer, Inc. | fee | www.anonymizer.com/ | Transparently tunnels traffic through Anonymizer. |
| CGIProxy CGIProxy CGIProxy is, as its name suggests, a CGI proxy software package. A CGI proxy appears to a user as a web page that allows the user to access a different site through it.... |
HTTP proxy | James Marshall | free | www.jmarshall.com/ | Turn a computer into a personal, encrypted proxy server capable of retrieving and displaying web pages to users of the server. CGIProxy is the engine used by many other circumvention systems. |
| Circumventor | CGI proxy | Peacefire Peacefire Peacefire is a U.S.-based website, with a registered address in Bellevue, Washington, dedicated to "preserving First Amendment rights for Internet users, particularly those younger than 18". It was founded in August 1996 by Bennett Haselton, who still runs it... |
free | peacefire.org/ | Turns a regular home computer into a personal, encrypted server capable of retrieving and displaying web pages for others. |
| Freegate Freegate Freegate is software that enables internet users from mainland China, Syria, Iran, Vietnam and United Arab Emirates, among others, to view websites blocked by their governments. The program takes advantage of a range of open proxies, which allow users to penetrate firewalls used to block web sites.... |
HTTP proxy | Dynamic Internet Technology, Inc. | free | www.dit-inc.us | Uses a range of open proxies to access blocked web sites via DIT's DynaWeb anti-censorship network. |
| Freenet Freenet Freenet is a decentralized, censorship-resistant distributed data store originally designed by Ian Clarke. According to Clarke, Freenet aims to provide freedom of speech through a peer-to-peer network with strong protection of anonymity; as part of supporting its users' freedom, Freenet is free and... |
peer-to-peer | Ian Clarke | free | freenetproject.org | A decentralized, distributed data store using contributed bandwidth and storage space of member computers to provide strong anonymity protection. |
| Ghost Surf | HTTP proxy | Tenebril, Inc. | fee | www.tenebril.com | Provides a secure and anonymous Internet connection. |
| GPass | Application proxy | World's Gate, Inc. | free | gpass1.com/ | Supports multiple applications, including Web browsers, multimedia players, email, instant messengers, and download managers. |
| HTTP Tunnel | Application proxy | HTTP-Tunnel Corporation | free & fee | www.http-tunnel.com | A SOCKS server, managing all data transmissions between the computer and the network. Supports multiple applications. |
| I2P I2P I2P is a mixed-license, free and open source project building an anonymous network .The network is a simple layer that applications can use to anonymously and securely send... (originally Invisible Internet Project) |
re-routing | I2P Project | free | www.i2p2.de/ | Uses a pseudonymous overlay network to allow anonymous web browsing, chatting, file transfers, amongst other features. |
| Java Anon Proxy Java Anon Proxy Java Anon Proxy, also known as JAP or JonDonym, is a proxy system designed to allow browsing the Web with revocable pseudonymity. It was originally developed as part of a project of the Technische Universität Dresden, the Universität Regensburg and Privacy Commissioner of Schleswig-Holstein... (also known as JAP or JonDonym) |
re-routing (fixed) | Jondos GmbH | free & fee | anonymous-proxy-servers.net | Uses the underlying anonymity service AN.ON to allow browsing with revocable pseudonymity Pseudonymity Pseudonymity is a word derived from pseudonym, meaning 'false name', and anonymity, meaning unknown or undeclared source, describing a state of disguised identity. The pseudonym identifies a holder, that is, one or more human beings who possess but do not disclose their true names... . Originally developed as part of a project of the Technische Universität Dresden, the Universität Regensburg, and the Privacy Commissioner of Schleswig-Holstein Schleswig-Holstein Schleswig-Holstein is the northernmost of the sixteen states of Germany, comprising most of the historical duchy of Holstein and the southern part of the former Duchy of Schleswig... . |
| Psiphon Psiphon Psiphon is a web proxy designed to help Internet users securely bypass the content-filtering systems used to censor the internet by governments in places like China, North Korea, Iran, Syria, Myanmar, Saudi Arabia, United Arab Emirates, Vietnam, Pakistan, Belarus' and others... |
CGI proxy | Psiphon, Inc. | free | psiphon.ca | A simple-to-administer Internet censorship circumvention system that can be scaled for use by a home user serving a few friends to a cloud-based infrastructure serving thousands. |
| Proxify Proxify Proxify is a non-free, single-serving website that enable users to communicate more anonymously on the Internet. An example of this is to have Proxify use an SSH tunnel, already created and listening in on the localhost.... |
HTTP proxy | UpsideOut, Inc. | free & fee | proxify.com/ | An encrypted, public, web-based circumvention system. Because the site is public, it is blocked in many countries and by most filtering applications. |
| Relakks | Application proxy | Trygghetsbolaget i Lund AB | fee | stupidcensorship.com/ www.relakks.com | Uses an encrypted VPN tunnel to access the Relakks servers in Sweden. |
| StupidCensorship | HTTP proxy | Peacefire Peacefire Peacefire is a U.S.-based website, with a registered address in Bellevue, Washington, dedicated to "preserving First Amendment rights for Internet users, particularly those younger than 18". It was founded in August 1996 by Bennett Haselton, who still runs it... |
free | stupidcensorship.com/ | An encrypted, public, web-based circumvention system. Because the site is public, it is blocked in many countries and by most filtering applications. mousematrix.com is a similar site based on the same software. |
| Tor Tor (anonymity network) Tor is a system intended to enable online anonymity. Tor client software routes Internet traffic through a worldwide volunteer network of servers in order to conceal a user's location or usage from someone conducting network surveillance or traffic analysis... |
re-routing (randomized) | The Tor Project | free | www.torproject.org | Allows users to bypass Internet censorship while providing strong anonymity. |
| Ultrasurf Ultrasurf Ultrasurf is a free Internet censorship circumvention product of Ultrareach Internet Corporation.-Operation:The software works by creating an encrypted HTTP tunnel between the user’s computer and a central pool of proxy servers, enabling users to bypass firewalls and censorship... |
HTTP proxy | Ultrareach Internet Corporation | free | www.ultrasurf.us/ | Anti-censorship product that allows users in countries with heavy internet censorship to protect their internet privacy and security. |
Shadow Internet and cell phone networks
In June 2011 the New York Times reported that the U.S. is engaged in a "global effort to deploy 'shadow' Internet and mobile phone systems that dissidents can use to undermine repressive governments that seek to silence them by censoring or shutting down telecommunications networks."Summary
The Berkman Center for Internet & SocietyBerkman Center for Internet & Society
The Berkman Center for Internet & Society is a research center at Harvard University that focuses on the study of cyberspace. Founded at Harvard Law School, the center traditionally focused on internet-related legal issues. On May 15, 2008, the Center was elevated to an interfaculty initiative of...
's 2007 Circumvention Landscape Report included the following observations:
We were reassured to discover that most [circumvention] tools function as intended. They allow users to circumvent Internet censorship, even in countries like China and Vietnam, which use sophisticated technology to filter. However, we discovered that all tools slow down access to the Internet, that most tools featured serious security holes [some of which were patched during or shortly after the study], and that some tools were extremely difficult for a novice Internet user to use.
...we guess that the number of people using circumvention tools is around two to five million users worldwide. This number is quite high in absolute terms but quite low relative to the total number of filtered Internet users (China alone has over two hundred million Internet users). Even accepting likely high end estimates of the project developers, we believe that less than two percent of all filtered Internet users use circumvention tools.
... we now think it likely that simple web proxies represent at least as great if not
greater proportion of circumvention tool usage as do the more sophisticated tools included in this report. An assumption of this report was that only users at the margins would rely on simple proxies because of the trouble of constantly finding new proxies as old ones were blocked by countries. We now have some evidence that that assumption is false (both that users are not using the simple proxies and that filtering countries are blocking simple proxies quickly).
It’s worth nothing that none of the developers we spoke to, individually and at our convening, foresaw a “silver bulletSilver bulletIn folklore, the silver bullet is supposed to be the only kind of bullet for firearms that is effective against a werewolf, witch, or other monsters...
” that would “solve” the problem of filtering circumvention. All the tools rely, to a certain degree, on providing more proxies than the authorities can block and continuing to create new proxies as old ones are blocked. The preferred technical term for this strategy is “Whack a Mole,” a reference to an American fairground game, and while none of the developers are thrilled about an ongoing arms race with censors, some are taking complex steps to ensure they’ll have many more proxies than the government can shut down. We are confident that the tool developers will for the most part keep ahead of the governments' blocking efforts.
See also
- Bypassing the Great Firewall of China
- Computer surveillanceComputer surveillanceComputer surveillance is the act of performing surveillance of computer activity, and of data stored on a hard drive or being transferred over the Internet....
- Content-control softwareContent-control softwareContent-control software, also known as censorware or web filtering software, is a term for software designed and optimized for controlling what content is permitted to a reader, especially when it is used to restrict material delivered over the Web...
- Bypassing content-control filters
- Electronic Frontier FoundationElectronic Frontier FoundationThe Electronic Frontier Foundation is an international non-profit digital rights advocacy and legal organization based in the United States...
- An international non-profit digital rights advocacy and legal organization - Global Internet Freedom ConsortiumGlobal Internet Freedom ConsortiumThe Global Internet Freedom Consortium is a consortium of organizations that develop and deploy anti-censorship technologies for use by Internet users in countries whose governments restrict Web-based information access...
(GIFC) - A consortium of organizations that develop and deploy anti-censorship technologies - Proxy listProxy listGenerally spoken, a proxy list is a list of open HTTP/HTTPS/SOCKS proxy servers all on one website. Proxies allow users to make indirect network connections to other computer network services. Proxy lists include the IP addresses of computers hosting open proxy servers, meaning that these proxy...
- Tactical Technology CollectiveTactical Technology CollectiveThe Tactical Technology Collective is an international nongovernmental organization that trains rights advocates to deploy "information and communications technologies - social media tools, mobile phones, digital security and information design." It works with groups in "developing and transition...
, a non-profit foundation promoting the use of free and open source software for non-governmental organizations, and producers of NGO-in-A-Box
External links
- Censorship Wikia, an anti-censorship site that catalogs past and present censored works, using verifiable sources, and a forum to discuss organizing against and circumventing censorship
- "Circumvention Tool Evaluation: 2011", Hal Roberts, Ethan Zuckerman, and John Palfrey, Berkman Centre for Internet & Society, 18 August 2011
- "Circumvention Tool Usage Report: 2010", Hal Roberts, Ethan Zuckerman, Jillian York, Robert Faris, and John Palfrey, Berkman Centre for Internet & Society, 14 October 2010
- Digital Security and Privacy for Human Rights Defenders, by Dmitri Vitaliev, Published by Front Line - The International Foundation for the Protection of Human Rights DefendersFront Line (NGO)Front Line or The International Foundation for the Protection of Human Rights Defenders is an Irish-based human rights organisation founded in Dublin, Ireland in 2001 to protect human rights defenders at risk, i.e...
- "DNS Nameserver Swapping", Methods and Scripts useful for evading censorship through DNS filtering.
- How to Bypass Internet Censorship, also known by the titles: Bypassing Internet Censorship or Circumvention Tools, a FLOSSFlossFloss may refer to:* Dental floss, used to clean teeth* Embroidery thread, machine or hand-spun yarn for embroidery* Fairy floss or candyfloss, alternative names for cotton candy* Rousong, i.e. meat floss-Computing:...
Manual, 10 March 2011, 240 pp. - Internet censorship wiki, provides information about different methods of access filtering and ways to bypass them.
- "Leaping over the Firewall: A Review of Censorship Circumvention Tools", by Cormac Callanan (Ireland), Hein Dries-Ziekenheiner (Netherlands), Alberto Escudero-Pascual (Sweden), and Robert Guerra (Canada), Freedom House, April 2011
- "Selected Papers in Anonymity", Free Haven Project, accessed 16 September 2011
- "Ten Things to Look for in a Circumvention Tool", Roger Dingledine, The Tor Project, September 2010