internet censorship circumvention

{{short description|Methods to bypass internet censorship}}

{{Use dmy dates|date=May 2023}}

Internet censorship circumvention is the use of various methods and tools by technically skilled users to bypass Internet censorship—the legal control or suppression of access to, publication of, or viewing of content on the Internet. Commonly used software tools include Lantern and Psiphon, which can bypass multiple types of restriction. Some methods evade less sophisticated blocking tools by using alternate domain name system (DNS) servers, false IP addresses, or address lookup systems. However, such methods become ineffective if censors block not only the DNS but also the IP addresses of restricted domains, thereby rendering a potential bypass ineffective. Other tools can tunnel the network traffic to proxy servers in jurisdictions that don't have censorship. Through pluggable transports, traffic obscuration, website mirrors, or archive sites, users can access copies of websites even in areas having Internet censorship.[http://www.internetfreedom.org/files/WhitePaper/TechnologiesBattleAndDefeatInternetCensorship70920.pdf New Technologies Battle and Defeat Internet Censorship] {{Webarchive|url=https://web.archive.org/web/20111027152056/http://internetfreedom.org/files/WhitePaper/TechnologiesBattleAndDefeatInternetCensorship70920.pdf|date=27 October 2011}}, Global Internet Freedom Consortium, 20 September 2007

An "arms race" (or competition) has developed between censors and developers of circumvention software. This competition leads to two types of innovation: more sophisticated blocking techniques by censors, and less detectable tools by circumvention developers. While estimates of user adoption for circumvention tools vary, it is widely accepted that tens of millions of people use them each month.{{Cite web |last=Hedencrona |first=Sebastian |date=2012-09-27 |title=China: The Home to Facebook and Twitter? |url=https://blog.globalwebindex.com/chart-of-the-day/china-the-home-to-facebook-and-twitter/ |url-status=live |archive-url=https://web.archive.org/web/20181215225151/https://blog.globalwebindex.com/chart-of-the-day/china-the-home-to-facebook-and-twitter/ |archive-date=15 December 2018 |access-date=2018-12-13 |website=GlobalWebIndex Blog |language=en-GB}}{{Cite web|url=https://thenextweb.com/asia/2012/09/26/surprise-twitters-active-country-china-where-blocked/|title=Report: Twitter's Most Active Country Is China (Where It Is Blocked)|last=Ong|first=Josh|date=2012-09-26|website=The Next Web|language=en-us|access-date=2018-12-11|archive-url=https://web.archive.org/web/20181215224206/https://thenextweb.com/asia/2012/09/26/surprise-twitters-active-country-china-where-blocked/|archive-date=15 December 2018|url-status=live}} Barriers to adoption include usability issues; difficulty in finding reliable information on circumvention; limited motivation to access censored content; and risks from breaking the law.{{Cite journal |last1=Lee |first1=Linda |last2=Fifield |first2=David |last3=Malkin |first3=Nathan |last4=Iyer |first4=Ganesh |last5=Egelman |first5=Serge |last6=Wagner |first6=David |date=2017-07-01 |title=A Usability Evaluation of Tor Launcher |journal=Proceedings on Privacy Enhancing Technologies |volume=2017 |issue=3 |pages=90–109 |doi=10.1515/popets-2017-0030 |issn=2299-0984 |doi-access=free}}[http://www.unesco.org/new/en/communication-and-information/resources/publications-and-communication-materials/publications/full-list/freedom-of-connection-freedom-of-expression-the-changing-legal-and-regulatory-ecology-shaping-the-internet/ Freedom of connection, freedom of expression: the changing legal and regulatory ecology shaping the Internet] {{Webarchive|url=https://web.archive.org/web/20110928033105/http://www.unesco.org/new/en/communication-and-information/resources/publications-and-communication-materials/publications/full-list/freedom-of-connection-freedom-of-expression-the-changing-legal-and-regulatory-ecology-shaping-the-internet/|date=28 September 2011}}, Dutton, William H.; Dopatka, Anna; Law, Ginette; Nash, Victoria, Division for Freedom of Expression, Democracy and Peace, United Nations Educational, Scientific and Cultural Organization (UNESCO), Paris, 2011, 103 pp., {{ISBN|978-92-3-104188-4}}

Circumvention methods

Major circumvention methods include alternate names and addresses; mirrors, caches, and copies; alternative platforms; proxying; and traffic obfuscation.

= Alternate names and addresses =

Censorship filters may block specific domain names, using either DNS hijacking or URL filtering. Websites can sometimes be accessed through alternate names and addresses that may not be blocked.{{Cite web|url=https://freedomhouse.org/sites/default/files/inline_images/Censorship.pdf|title=Leaping Over the Firewall: A Review of Censorship Circumvention Tools|last1=Callanan|first1=Cormac|last2=Dries-Ziekenheiner|first2=Hein|date=2011-04-11|website=freedomhouse.org|language=en|access-date=2018-12-11|last3=Escudero-Pascual|first3=Alberto|last4=Guerra|first4=Robert|archive-url=https://web.archive.org/web/20190503064107/https://freedomhouse.org/sites/default/files/inline_images/Censorship.pdf|archive-date=3 May 2019|url-status=live}}

Some websites offer the same content at multiple pages or domain names.{{Cite news|url=https://ssd.eff.org/en/module/how-circumvent-online-censorship|title=How to: Circumvent Online Censorship|date=2014-08-05|work=Surveillance Self-Defense|access-date=2018-11-01|language=en|archive-url=https://web.archive.org/web/20181223084444/https://ssd.eff.org/en/module/how-circumvent-online-censorship|archive-date=23 December 2018|url-status=dead}} For example, the English Wikipedia is available at two locations: the main page and the [https://en.m.wikipedia.org/ mobile version].

If a website's DNS resolution is disrupted, but the site is not blocked in other ways, it may be possible to access the site directly through its IP address or by modifying a computer's hosts file. It may be possible to bypass DNS-based blocking by using alternative DNS servers or public recursive name servers (especially via an encrypted DNS client).

Censors may block specific IP addresses. Depending on how such filtering is implemented, it may be possible to use different forms of a blocked IP address, for example, by specifying the address in a different numeral system.[http://www.notascoolasitseems.com/review/circumventing-network-filters-or-internet-censorship-using-simple-methods-vpns-and-proxies "Circumventing Network Filters Or Internet Censorship Using Simple Methods, VPNs, And Proxies"] {{Webarchive|url=https://web.archive.org/web/20111114152734/http://www.notascoolasitseems.com/review/circumventing-network-filters-or-internet-censorship-using-simple-methods-vpns-and-proxies|date=14 November 2011}}, Not As Cool As It Seems, 16 December 2009, accessed 16 September 2011 For example, the following URLs all access the same site, but only some browsers will recognize all forms of the URL:

  • http://1.1.1.1/ (dotted decimal)
  • http://16843009/ (decimal)
  • http://0001.0001.0001.0001/ (dotted octal)
  • http://1.1.1.1/ (hexadecimal)
  • http://0x01.0x01.0x01.0x01/ (dotted hexadecimal)

Blockchain technology—a distributed data store for digital transactions—is an attempt to decentralize Internet namespaces beyond the control of any single entity.{{Cite journal|last1=Kalodner|first1=Harry|last2=Carlsten|first2=Miles|last3=Ellenbogen|first3=Paul|last4=Bonneau|first4=Joseph|last5=Narayanan|first5=Arvind|title=An empirical study of Namecoin and lessons for decentralized namespace design|url=https://www.cs.princeton.edu/~arvindn/publications/namespaces.pdf|journal=Princeton University|pages=1–4}}{{Cite web|title=Squaring the Triangle: Secure, Decentralized, Human-Readable Names (Aaron Swartz's Raw Thought)|url=http://www.aaronsw.com/weblog/squarezooko.html|website=aaronsw.com|access-date=2020-05-03|archive-url=https://web.archive.org/web/20160305135446/http://www.aaronsw.com/weblog/squarezooko.html|archive-date=5 March 2016|url-status=live}} Decentralized namespaces enable domains to resist censorship. Discussion of the BitDNS project began in 2010 with a desire to achieve names that are decentralized, secure, and human readable.{{Cite web|title=BitDNS and Generalizing Bitcoin {{!}} Satoshi Nakamoto Institute|url=https://satoshi.nakamotoinstitute.org/posts/bitcointalk/threads/244/|website=satoshi.nakamotoinstitute.org|date=15 November 2010 |access-date=2020-05-03}}

= Mirrors, caches, and copies =

Certain online services allow users to access content that is blocked on the Internet through cached or mirrored copies:

  • Cached pages: Some search engines retain copies of previously indexed webpages, or cached pages, which are often hosted by search engines; these may not be blocked.
  • Mirror and archive sites: Copies of websites or pages may be available at mirror or archive sites such as Wayback Machine (by the Internet Archive) or Archive.today. The Docker registry image repository is an HTTP public service that has centralized storage, is application stateless, and is node scalable; the service has a performance bottleneck in the scenario of multinational uploading and downloading. The decentralized Docker registry (DDR) avoids this disadvantage of centralization. DDR uses a network-structured P2P network to store and query mirror manifest file and blob routing; each node serves as an independent mirror repository to provide mirror uploading and downloading for the entire network.{{Cite journal |last1=Xu |first1=Quanqing |last2=Jin |first2=Chao |last3=Rasid |first3=Mohamed Faruq Bin Mohamed |last4=Veeravalli |first4=Bharadwaj |last5=Aung |first5=Khin Mi Mi |date=2018 |title=Blockchain-based decentralized content trust for docker images |url=http://link.springer.com/10.1007/s11042-017-5224-6 |journal=Multimedia Tools and Applications |language=en |volume=77 |issue=14 |pages=18223–18248 |doi=10.1007/s11042-017-5224-6 |s2cid=21160524 |issn=1380-7501|url-access=subscription }}{{Cite web |date=2022-07-12 |title=Docker Registry |url=https://docs.docker.com/registry/ |access-date=2022-07-12 |website=Docker Documentation |language=en}}{{Cite journal |last1=Ovando-Leon |first1=Gabriel |last2=Veas-Castillo |first2=Luis |last3=Gil-Costa |first3=Veronica |last4=Marin |first4=Mauricio |date=2022-03-09 |title=Bot-Based Emergency Software Applications for Natural Disaster Situations |journal=Future Internet |language=en |volume=14 |issue=3 |pages=81 |doi=10.3390/fi14030081 |issn=1999-5903|doi-access=free }}
  • RSS aggregators: RSS aggregators such as Feedly may be able to receive and then forward RSS feeds that are blocked if accessed directly.[http://www.nartv.org/mirror/circ_guide.pdf Everyone's Guide to By-passing Internet Censorship] {{Webarchive|url=https://web.archive.org/web/20110915194455/http://www.nartv.org/mirror/circ_guide.pdf |date=15 September 2011 }}, The Citizen Lab, University of Toronto, September 2007

= Alternative platforms =

Alternative types of Internet hosting platform can provide options for circumventing Internet censorship. Such alternatives include decentralized hosting, anonymity networks, federated platforms, providers with different policies, and darknets:

  • Decentralized hosting: Content creators may publish to an alternative platform that is willing to host this content. Napster was the earliest peer-to-peer (P2P) platform, but it was closed because of vulnerabilities with centralized bootstrapping. Gnutella was the first sustainable P2P platform that featured hosting by decentralization. The motto of the Freenet P2P platform is that "true freedom requires true anonymity." Later, the BitTorrent P2P protocol was developed to allocate resources with high performance and fairness.Kent University: http://www.medianet.kent.edu/surveys/IAD06S-P2PArchitectures-chibuike/P2P%20App.%20Survey%20Paper.htm ZeroNet P2P web hosting was the first distributed hash table (DHT) system to support dynamic and updateable webpages. The YaCy P2P search engine is the leading distributed search.
  • Anonymity networks: The Tor and Invisible Internet Project (I2P) networks result in increased willingness to host content that would otherwise be censored. However, hosting implementation and geographical location may cause challenges, and the content is still hosted by a single entity that can be controlled.
  • {{Main|Fediverse}}
  • Federated: Semi-decentralized, federated platforms such as Nextcloud and Internet Relay Chat (IRC) make it easier for users to find an instance where they are welcome.
  • Providers with different policies: Some platforms that rely on cloud computing may have laxer terms of service (TOS). However, cloud computing does not in principle require this relative laxness.

= Proxying =

A variety of techniques support a user in leveraging technical proxies to circumvent Internet censorship:

  • Web proxy server: A Web proxy server (or web proxy) allow users to load external web pages through a server that makes and receives requests on behalf of the user, rather than directly from the blocked original server (or source). Depending on how a proxy is configured, a censor may be able to determine if a user is accessing the proxy, and if so, which pages the user loads.
  • Example: The mobile Opera Mini browser uses proxies that employ encryption and compression to accelerate downloads. This process has the side effect of circumventing several approaches to Internet censorship. In 2009, this situation led the Chinese government to ban all versions of the Opera Mini browser except for a special Chinese version.{{cite web|title=Opera accused of censorship, betrayal by Chinese users|work=CNet Asia|author=Steven Millward|date=22 November 2009|url=http://asia.cnet.com/blogs/opera-accused-of-censorship-betrayal-by-chinese-users-62115913.htm|url-status=dead|archive-url=https://web.archive.org/web/20131103151615/http://asia.cnet.com/blogs/opera-accused-of-censorship-betrayal-by-chinese-users-62115913.htm|archive-date=3 November 2013}}
  • Domain fronting: Domain fronting hides the destination of a network connection by passing initial requests through a content delivery network or other popular site that censors may be unwilling to block.{{Cite journal|last1=Fifield|first1=David|last2=Lan|first2=Chang|last3=Hynes|first3=Rod|last4=Wegmann|first4=Percy|last5=Paxson|first5=Vern|date=2015-06-01|title=Blocking-resistant communication through domain fronting|journal=Proceedings on Privacy Enhancing Technologies|language=en|volume=2015|issue=2|pages=46–64|doi=10.1515/popets-2015-0009|issn=2299-0984|doi-access=free}} This technique was used by messaging applications such as Signal and Telegram. Similarly, Tor's meek system uses Microsoft's Azure cloud. However, large cloud providers such as Amazon Web Services and Google Cloud no longer support meek.{{Cite web|url=https://www.bloomberg.com/opinion/articles/2018-05-03/telegram-block-gets-help-from-google-and-amazon|title=Russian Censor Gets Help From Amazon and Google|last=Bershidsky|first=Leonid|date=3 May 2018|publisher=Bloomberg L.P.|access-date=9 November 2018|archive-url=https://web.archive.org/web/20181118081519/https://www.bloomberg.com/opinion/articles/2018-05-03/telegram-block-gets-help-from-google-and-amazon|archive-date=18 November 2018|url-status=live}} As another option, a website owner can create a free account to use a Cloudflare domain for fronting.{{Cite web|url=https://en.greatfire.org/blog/2012/may/how-unblock-websites-china-web-owners|title=How to unblock websites in China for web owners {{pipe}} GreatFire Analyzer|website=en.greatfire.org|access-date=6 January 2020|archive-url=https://web.archive.org/web/20200325044044/https://en.greatfire.org/blog/2012/may/how-unblock-websites-china-web-owners|archive-date=25 March 2020|url-status=live}}{{Cite web|url=https://medium.com/@themiddleblue/cloudflare-domain-fronting-an-easy-way-to-reach-and-hide-a-malware-c-c-786255f0f437|title=CloudFlare Domain Fronting: an easy way to reach (and hide) a malware C&C|date=11 August 2017|website=Medium|access-date=6 January 2020|archive-url=https://web.archive.org/web/20191119193400/https://medium.com/@themiddleblue/cloudflare-domain-fronting-an-easy-way-to-reach-and-hide-a-malware-c-c-786255f0f437|archive-date=19 November 2019|url-status=live}}
  • Tunneling protocol: By employing a tunneling protocol such as Secure Shell (SSH), a user can forward all of their traffic over an encrypted channel; as a result, both outgoing requests to blocked sites and incoming responses from those sites are hidden from censors, for whom it appears as unreadable SSH traffic.{{Cite web|url=https://www.howtogeek.com/168145/how-to-use-ssh-tunneling/|title=How to Use SSH Tunneling to Access Restricted Servers and Browse Securely|last=Hoffman|first=Chris|website=How-To Geek|date=14 February 2017 |language=en-US|access-date=2018-12-11|archive-url=https://web.archive.org/web/20181215172356/https://www.howtogeek.com/168145/how-to-use-ssh-tunneling/|archive-date=15 December 2018|url-status=live}}
  • Virtual private network (VPN): Through a virtual private network (VPN), a user can create secure connections to more permissive countries, letting users browse as if they were located in one of those countries. Some VPN services are offered for a monthly fee; others are supported by advertising. According to GWI, an audience research company, there were more than 400 million people using VPNs to circumvent censorship or obtain increased privacy in 2014 (although this number cannot be verified).
  • Tor anonymity network: A more advanced tool such as the Tor anonymity network routes encrypted traffic through multiple servers to make the source and destination of this traffic less traceable. In some cases, Tor can be used to avoid censorship, especially when it is configured to use traffic obfuscation techniques.{{Cite journal|last1=Dixon|first1=Lucas|last2=Ristenpart|first2=Thomas|last3=Shrimpton|first3=Thomas|date=14 December 2016|title=Network Traffic Obfuscation and Automated Internet Censorship|journal=IEEE Security & Privacy|language=en-US|volume=14|issue=6|pages=43–53|doi=10.1109/msp.2016.121|issn=1540-7993|arxiv=1605.04044|s2cid=1338390}}

File:Tor_Pluggable_Transport_Directions.png

= Traffic obfuscation =

A censor may be able to detect and block the use of circumvention tools through deep packet inspection.{{cite journal |last1=Bateyko |first1=Dan |title=Censorship-Circumvention Tools and Pluggable Transports |journal=Georgetown Law Technology Review |date=February 2022 |url=https://georgetownlawtechreview.org/censorship-circumvention-tools-and-pluggable-transports/GLTR-02-2022/ |access-date=2 December 2023}} Ongoing work aims to make circumvention tools less detectable in several ways: randomizing the traffic; attempting to mimic a whitelisted protocol; or tunnelling traffic through a whitelisted site by using domain fronting or Tor's meek system. Tor and other circumvention tools have adopted multiple obfuscation techniques that users can employ, depending on the nature of their network connection; these techniques are sometimes called pluggable transports.{{Cite book|last1=Shahbar|first1=K.|last2=Zincir-Heywood|first2=A. N.|title=2015 11th International Conference on Network and Service Management (CNSM) |chapter=Traffic flow analysis of tor pluggable transports |date=2015-11-09|pages=178–181|doi=10.1109/CNSM.2015.7367356|isbn=978-3-9018-8277-7|s2cid=1199826}}

Internet alternatives

Functionality desired by users may overlap with that of services that are not based on the Internet, such as postal mail, Bluetooth-based data exchange, or walkie-talkie devices. The following are some detailed examples:

  • Alternative data transport: Datacasting allows transmission of Web pages and other information via satellite broadcast channels, bypassing the Internet entirely. This process requires a satellite dish and suitable receiver hardware, but it provides a powerful means of avoiding censorship. Because the user only receives data through this process but transmits no data, a suitably air-gapped computer can be impossible to detect.{{cite web |last1=Tanase |first1=Stefan |title=Satellite Turla: APT Command and Control in the Sky |url=https://securelist.com/satellite-turla-apt-command-and-control-in-the-sky/72081/ |website=Kaspersky |date=9 September 2015 |access-date=17 August 2020}}
  • Sneakernets: A sneakernet is the transfer of electronic information, especially computer files, by physically carrying data on storage media from one place to another. A sneakernet can move data regardless of network restrictions, simply by avoiding the network entirely.Sullivan, Bob (13 April 2006) [http://redtape.msnbc.com/2006/04/military_thumb_.html Military Thumb Drives Expose Larger Problem] {{Webarchive|url=https://web.archive.org/web/20101206124100/http://redtape.msnbc.com/2006/04/military_thumb_.html |date=6 December 2010 }} MSNBC Retrieved on 25 January 2007. One example of a widely adopted sneakernet is El Paquete Semanal, an underground content market in Cuba.{{Cite web|url=https://www.cbc.ca/news/world/cuba-el-paquete-internet-wifi-havana-1.3527274|title=When Cubans want internet content, black-market El Paquete delivers |date=12 April 2016|first=Matt|last=Kwong|publisher=Canadian Broadcasting Corporation|language=en|access-date=2018-12-11|archive-url=https://web.archive.org/web/20190108010845/https://www.cbc.ca/news/world/cuba-el-paquete-internet-wifi-havana-1.3527274|archive-date=8 January 2019|url-status=live}}

Adoption of tools

Circumvention tools have undergone spikes in adoption rates in response to high-profile attempts to block the Internet.{{Cite web|url=https://blogs.wsj.com/digits/2014/03/21/from-pac-man-to-bird-droppings-turkey-protests-twitter-ban/|title=From Pac-Man to Bird Droppings, Turkey Protests Twitter Ban|last=Edwards|first=John|date=2014-03-21|website=The Wall Street Journal|language=en-US|access-date=2018-11-15|archive-url=https://web.archive.org/web/20181215225518/https://blogs.wsj.com/digits/2014/03/21/from-pac-man-to-bird-droppings-turkey-protests-twitter-ban/|archive-date=15 December 2018|url-status=live}}{{Cite journal|last1=Kargar|first1=Simin|last2=McManamen|first2=Keith|date=2018|title=Censorship and Collateral Damage: Analyzing the Telegram Ban in Iran|journal=SSRN Working Paper Series|language=en|doi=10.2139/ssrn.3244046|issn=1556-5068|ssrn=3244046|s2cid=159020053}}{{cite journal|last1=Al-Saqaf|first1=Walid|title=Internet Censorship Circumvention Tools: Escaping the Control of the Syrian Regime|journal=Media and Communication|volume=4|issue=1|pages=39–50|doi=10.17645/mac.v4i1.357|year=2016|doi-access=free}} Nevertheless, mixed results have been reported by studies that measure the adoption of circumvention tools in countries with persistent and widespread censorship.{{Cite web|url=https://cyber.harvard.edu/publications/2010/Circumvention_Tool_Usage|title=2010 Circumvention Tool Usage Report|website=Berkman Klein Center|date=19 June 2018 |language=en|access-date=2018-11-15|archive-url=https://web.archive.org/web/20181215224933/https://cyber.harvard.edu/publications/2010/Circumvention_Tool_Usage|archive-date=15 December 2018|url-status=live}}

= In response to persistent censorship =

Measures and estimates of circumvention tool adoption have varied widely. A 2010 study by Harvard University estimated that few users employ tools for censorship circumvention—likely less than 3% of users, even in countries that consistently implement widespread censorship. Other studies have reported substantially larger rates, but these have been disputed.

In China, anecdotal reports suggest that adoption of circumvention tools is particularly high in certain communities, such as universities; a survey by the research institute Freedom House found that users generally did not find circumvention tools to be difficult to use.{{Cite news |title=VPN crackdown a trial by firewall for China's research world |url=https://www.scmp.com/news/china/policies-politics/article/2103793/vpn-crackdown-unthinkable-trial-firewall-chinas |url-status=live |archive-url=https://web.archive.org/web/20181218203632/https://www.scmp.com/news/china/policies-politics/article/2103793/vpn-crackdown-unthinkable-trial-firewall-chinas |archive-date=18 December 2018 |access-date=2018-11-15 |work=South China Morning Post |language=en}}{{Cite news |last=Branigan |first=Tania |date=2011-02-18 |title=China's Great Firewall not secure enough, says creator |url=https://www.theguardian.com/world/2011/feb/18/china-great-firewall-not-secure-internet |url-status=live |archive-url=https://web.archive.org/web/20181216031025/https://www.theguardian.com/world/2011/feb/18/china-great-firewall-not-secure-internet |archive-date=16 December 2018 |access-date=2018-12-11 |work=The Guardian |language=en-GB |issn=0261-3077}} Market research firm GlobalWebIndex reported more than 35 million Twitter users and 63 million Facebook users in China (where both services are blocked). However, these estimates have been disputed;{{Cite news|url=https://www.theguardian.com/technology/2014/dec/05/how-faceboook-tor-service-encourage-open-web|title=How Facebook's Tor service could encourage a more open web|last=Mari|first=Marcello|date=2014-12-05|work=The Guardian|access-date=2018-12-13|language=en-GB|issn=0261-3077|archive-url=https://web.archive.org/web/20160610180205/https://www.theguardian.com/technology/2014/dec/05/how-faceboook-tor-service-encourage-open-web|archive-date=10 June 2016|url-status=live}} Facebook's advertising platform estimates 1 million users in China, and other reports of Twitter adoption estimate 10 million users.{{Cite web|url=https://techcrunch.com/2016/07/05/twitter-estimates-that-it-has-10-million-users-in-china/ |first1=Jon |last1=Russell |title=Twitter estimates that it has 10 million users in China|website=TechCrunch|date=5 July 2016 |language=en-US|access-date=2018-12-11|archive-url=https://web.archive.org/web/20190128091631/https://techcrunch.com/2016/07/05/twitter-estimates-that-it-has-10-million-users-in-china/|archive-date=28 January 2019|url-status=live}} Other studies have found that efforts to block circumvention tools in China have reduced adoption of those tools; the Tor network previously had more than 30,000 users connecting from China, but as of 2014, the network had only about 3,000 Chinese users.{{Cite journal|last1=Crandall|first1=Jedidiah R.|last2=Mueen|first2=Abdullah|last3=Winter|first3=Philipp|last4=Ensafi|first4=Roya|date=2015-04-01|title=Analyzing the Great Firewall of China Over Space and Time|journal=Proceedings on Privacy Enhancing Technologies|language=en|volume=2015|issue=1|pages=61–76|doi=10.1515/popets-2015-0005|doi-access=free |url=https://petsymposium.org/popets/2015/popets-2015-0005.php |url-status=live |archive-url=https://web.archive.org/web/20231203042208/https://petsymposium.org/popets/2015/popets-2015-0005.php |archive-date= Dec 3, 2023 }}

In Thailand, Internet censorship has occurred since 2002, through sporadic and inconsistent filtering.{{Cite book|title=Access contested : security, identity, and resistance in Asian cyberspace information revolution and global politics|date=2012|publisher=MIT Press|editor-last1=Deibert |editor-first1=Ronald |isbn=9780262298919|location=Cambridge, MA|pages=85|oclc=773034864}} In a small-scale survey of 229 Thai Internet users, a research group at the University of Washington found that 63% of surveyed users attempted to use circumvention tools, and 90% were successful in using those tools. Users often made on-the-spot decisions about the use of circumvention tools on the basis of limited or unreliable information; these users had a variety of perceived threats, some more abstract and others based on personal experience.{{Cite book|last1=Gebhart|first1=Genevieve|last2=Kohno|first2=Tadayoshi|title=2017 IEEE European Symposium on Security and Privacy (EuroS&P) |chapter=Internet Censorship in Thailand: User Practices and Potential Threats |date=26 April 2017|pages=417–432 |language=en-US|publisher=IEEE|doi=10.1109/eurosp.2017.50|isbn=9781509057627|s2cid=11637736}}

= In response to blocking events =

In response to the blocking of Twitter in Turkey during 2014, information about alternate DNS servers was widely shared, since using another DNS server (such as Google Public DNS) allowed users to access Twitter.{{Cite news|url=https://www.theverge.com/2014/3/21/5532522/turkey-twitter-ban-google-dns-workaround |first1= Aaron |last1=Souppouris |date=Mar 21, 2014 |title=Turkish citizens use Google to fight Twitter ban|work=The Verge|access-date=2018-11-15|archive-url=https://web.archive.org/web/20190108010839/https://www.theverge.com/2014/3/21/5532522/turkey-twitter-ban-google-dns-workaround|archive-date=8 January 2019|url-status=live}} The day after the block was imposed, the total number of posts made in Turkey had increased by 138%, according to Brandwatch, an Internet measurement firm.

After ban on the Telegram messaging app in Iran during April 2018, web searches for VPN and other circumvention software increased by as much as 48 times for some search terms, but there was evidence that users were downloading unsafe software. As many as a third of Iranian Internet users used the Psiphon tool in the days immediately following the block; in June 2018, as many as 3.5 million Iranian users continued to use the tool.

Anonymity, risks, and trust

Systems for circumvention and anonymity are different. Circumvention systems are designed to bypass Internet blocking, but they do not usually protect user identities. Anonymous systems protect a user's identity, but while they can contribute to censorship circumvention, this is not their primary function. Public proxy sites do not provide anonymity, since they can view and record the location of computers making requests, in addition to the websites accessed.

In many jurisdictions, accessing blocked content is a serious crime, particularly for content that is considered to be child pornography, a threat to national security, or an incitement to violence. For this reason, it is important to understand circumvention technologies—and the protections that they do (or do not) provide—and to use only tools that are appropriate in a particular context. Significant care must be taken to install, configure, and use circumvention tools properly. People associated with dissident, protest, or reform groups, or high-profile rights organizations, should take extra precautions to protect their online identities.

Circumvention sites and tools should be provided and operated by trusted third parties, located outside the censoring jurisdiction, who do not collect identities and other personal information. Trusted family and friends known personally by the circumventor are best; but when family and friends are unavailable, sites and tools provided by individuals or organizations that are known only by their reputations, or through recommendations and endorsements by other people, may need to be used. Commercial circumvention services may provide anonymity during Internet surfing, but these services could be legally compelled to make their records and users' personal information available to law enforcement authorities.

Software

There are five general types of software for circumventing Internet censorship:

  • CGI proxies: A Common Gateway Interface (CGI) proxy server uses a script running on a web server to provide proxying functionality. A CGI proxy client (typically the user's computer) sends a requested web address or URL, embedded within the data of HTTP protocol requests, to the CGI proxy server. The CGI proxy server sends its own HTTP request to the ultimate destination server, and then the proxy server returns the result to the proxy client. A CGI proxy tool's security can be trusted to the extent that the operator of the proxy server is trustworthy. CGI proxy tools do not require a user to manually configure a web browser or install client software, but they do require the user to use an alternative, potentially confusing user interface within the existing web browser.
  • HTTP proxies: HTTP proxies send HTTP requests through an intermediate proxying server. When a client (typically the user's computer) is connecting through an HTTP proxy, this client sends exactly the same HTTP request to the proxy as it would send to the destination server if unproxied. The HTTP proxy parses the HTTP request; this proxy sends its own HTTP request to the ultimate destination server; and then the proxy server returns the response back to the proxy client. An HTTP proxy tool's security can be trusted to the extent that the operator of the proxy server is trustworthy. To employ an HTTP proxy tool, a user must either manually configure the web browser or install client-side software that performs this configuration. Once configured, an HTTP proxy tool allows the user to transparently use their browser's normal user interface.
  • Application proxies: Application proxies are similar to HTTP proxies but support a wider range of online applications.
  • Peer-to-peer systems: Peer-to-peer systems store content across a number of participating volunteer servers; this storage is combined with techniques such as rerouting, to reduce the level of reliance placed on volunteer servers or social networks to establish trust relationships between servers and clients. A peer-to-peer system can be trusted to the extent that the operators of participating servers are trustworthy, or that its architecture limits the information available to any single server—provided that server operators do not collude to combine their knowledge.
  • Rerouting systems: Rerouting systems send requests and responses through a series of proxying servers, re-encrypting the data at each proxy, so that a given proxy knows at most either the source or the destination of the data, but not both. This approach decreases the amount of trust required of the individual proxy hosts.

Below is a list of software for circumventing Internet censorship:

class="wikitable sortable mw-collapsible" width="100%"
scope="col" width=120 | Name

! Type

! scope="col" width=120 | Developer

! Cost

! Notes

valign="top"

| alkasir{{cite web |url-status=dead |url=https://www.alkasir.com/about |title=About alkasir |archive-url=https://web.archive.org/web/20110910213235/https://alkasir.com/about |archive-date=10 September 2011 |website=alkasir |access-date=16 September 2011}}

HTTP proxyYemeni journalist Walid al-SaqaffreeUses split tunneling to redirect to proxy servers only when blocking is encountered. Is not a general circumvention solution and only allows access to certain blocked websites. In particular, it does not allow access to blocked websites that contain pornography, nudity or similar adult content.
valign="top"

| Anonymizer{{cite web |url-status=dead |url=http://www.anonymizer.com/ |website=anonymizer.com |archive-url=https://web.archive.org/web/20110923150156/http://www.anonymizer.com/ |archive-date=23 September 2011 |access-date=16 September 2011 |title=Hide IP and Anonymous Web Browsing Software — Anonymizer }}

HTTP proxyAnonymizer, Inc.paidTransparently tunnels traffic through Anonymizer.
valign="top"

| CGIProxy[http://www.jmarshall.com/tools/cgiproxy/ "CGIProxy"], James Marshall, accessed 17 September 2011. {{Webarchive|url=https://web.archive.org/web/20110921004450/http://www.jmarshall.com/tools/cgiproxy/ |date=21 September 2011 }}.

HTTP proxyJames MarshallfreeTurns a computer into a personal, encrypted proxy server capable of retrieving and displaying web pages to users of the server. CGIProxy is the engine used by many other circumvention systems.
valign="top"

| Flash proxy[https://crypto.stanford.edu/flashproxy/ "Flash proxies"], Applied Crypto Group in the Computer Science Department at Stanford University, accessed 21 March 2013. {{Webarchive|url=https://web.archive.org/web/20130310041928/http://crypto.stanford.edu/flashproxy/ |date=10 March 2013 }}.

HTTP proxyStanford UniversityfreeUses ephemeral browser-based proxy relays to connect to the Tor network.
valign="top"

| Freegate{{cite web |url-status=dead |url=http://www.dit-inc.us/about_us |title=About D.I.T. |archive-url=https://web.archive.org/web/20110926112227/http://www.dit-inc.us/about_us |archive-date=26 September 2011 |website=Dynamic Internet Technology |access-date=16 September 2011}}

HTTP proxyDynamic Internet Technology, Inc.freeUses a range of open proxies to access blocked websites via DIT's DynaWeb anti-censorship network.
valign="top"

| Hyphanet{{cite web |url-status=dead |url=https://freenetproject.org/whatis.html |title=What is Freenet? |archive-url=https://web.archive.org/web/20110916012340/https://freenetproject.org/whatis.html |archive-date=16 September 2011 |website=The Freenet Project |access-date=16 September 2011}} (originally Freenet)

peer-to-peerIan ClarkefreeA decentralized, distributed data store using the contributed bandwidth and storage space of member computers to provide strong anonymity protection.
valign="top"

| I2P[https://geti2p.net/ "I2P Anonymous Network"], I2P Project, accessed 16 September 2011
(originally Invisible Internet Project)

re-routingI2P ProjectfreeUses a pseudonymous overlay network to allow anonymous web browsing, chatting, and file transfers, among other features.
valign="top"

| Java Anon Proxy[http://anon.inf.tu-dresden.de/publications/KWF2006ETRICSRevocableAnonymity.pdf "Revocable Anonymity"] {{Webarchive|url=https://web.archive.org/web/20110925033500/http://anon.inf.tu-dresden.de/publications/KWF2006ETRICSRevocableAnonymity.pdf |date=25 September 2011 }}, Stefan Köpsell, Rolf Wendolsky, Hannes Federrath, in Proc. Emerging Trends in Information and Communication Security: International Conference, Günter Müller (Ed.), ETRICS 2006, Freiburg, Germany, 6–9 June 2006, LNCS 3995, Springer-Verlag, Heidelberg 2006, pp.206-220 (also known as JAP or JonDonym)

re-routing (fixed)JonDos GmbHfree or paidUses the underlying anonymity service AN.ON to allow browsing with revocable pseudonymity. Originally developed in a project of the Technische Universität Dresden, the Universität Regensburg, and the Privacy Commissioner of Schleswig-Holstein.
valign="top"

| Psiphon[http://psiphon.ca/?page_id=94 "About Psiphon"] {{Webarchive|url=https://web.archive.org/web/20160316012519/https://psiphon.ca/?page_id=94 |date=16 March 2016 }}, Psiphon, Inc., 4 April 2011[https://launchpad.net/psiphon "Psiphon Content Delivery Software"] {{Webarchive|url=https://web.archive.org/web/20160304065144/https://launchpad.net/psiphon |date=4 March 2016 }}, Launchpad, accessed 16 September 2011

CGI proxyPsiphon, Inc.freeA simple-to-administer, open-source system for circumventing Internet censorship; in wide-scale use, with a cloud-based infrastructure serving millions of users.
valign="top"

| Proxify[https://proxify.com/about.shtml "About Proxify"], UpsideOut, Inc., accessed 17 September 2011

HTTP proxyUpsideOut, Inc.free or paidAn encrypted, public, web-based circumvention system. Because the site is public, it is blocked in many countries and by most filtering applications.
valign="top"

| StupidCensorship[http://www.aboutus.org/StupidCensorship.com About StupidCensorship.com], Peacefire, accessed 17 September 2011

HTTP proxyPeacefirefreeAn encrypted, public, web-based circumvention system. Because the site is public, it is blocked in many countries and by most filtering applications. [https://web.archive.org/web/20190220030324/https://www.mousematrix.com/ mousematrix.com] is a similar site based on the same software.
valign="top"

| Tor[https://www.torproject.org/about/overview.html.en "Tor: Overview"] {{Webarchive|url=https://web.archive.org/web/20150606002957/https://www.torproject.org/about/overview.html.en |date=6 June 2015 }}, The Tor Project, Inc., accessed 16 September 2011

re-routing (randomized)The Tor Projectfree{{Wikinews|German police seize Tor anonymity servers}} Allows users to bypass Internet censorship, while providing strong anonymity.
valign="top"

| Ultrasurf[http://www.ultrasurf.us/about.html "About UltraReach"] {{Webarchive|url=https://web.archive.org/web/20110925000125/http://ultrasurf.us/about.html |date=25 September 2011 }}, Ultrareach Internet Corp., accessed 16 September 2011

HTTP proxyUltrareach Internet CorporationfreeAnti-censorship product that allows users in countries with heavy Internet censorship to protect their Internet privacy and security.

See also

{{Portal|Internet|Freedom of speech}}

{{div col|colwidth=35em}}

{{div col end}}

References

{{Reflist|33em|refs=

Marcello Mari. [https://www.theguardian.com/technology/2014/dec/05/how-faceboook-tor-service-encourage-open-web How Facebook's Tor service could encourage a more open web] {{Webarchive|url=https://web.archive.org/web/20160610180205/https://www.theguardian.com/technology/2014/dec/05/how-faceboook-tor-service-encourage-open-web |date=10 June 2016 }}. The Guardian. Friday 5 December 2014.

}}