Fabien Benetou's PIM | Bypassing / Censorship

Learn it before you actually need it

Information - Communities - Tools - Do it yourself - See also

(eventually replace by Αναστασία's scissors)

Legislative framework

France
- limited to Internet
  - LOPPSI 1697/2271

Information

Cship the Internet censorship wiki
- provide information about the different methods of access filtering and ways to bypass them.
Access Denied: The Practice and Policy of Global Internet Filtering MIT Press 2008
- documents and analyzes Internet filtering practices in over three dozen countries, offering the first rigorously conducted study of this accelerating trend.
Bypassing Internet Censorship (formally CircumventionTools) by FLOSS Manuals
- provides an introduction to the topic and explains some of the software and methods most often used for circumventing censorship.
- see their dedicated website https://www.howtobypassinternetcensorship.org and @ByPassCensor
Reporters Sans Fronti�res Internet section
- "Don�t wait to be deprived of news to stand up and fight for it"
UNESCO Observatory on the Information Society
- Monitoring the Development of the Information Society towards Knowledge Societies
Electronic Privacy Information Center (EPIC)
- Focusing public attention on emerging privacy and civil liberties issues
Chilling Effects Clearinghouse understand the protections that the [U.S.] First Amendment and intellectual property laws give to your online activities.
Global Internet Censorship, and What We Can Do About It by Jed Crandall, Santa Fe Institute 2009

Communities

HerdictWeb by project of the Berkman Center for Internet & Society at Harvard University
- seeks to gain insight into what users around the world are experiencing in terms of web accessibility; or in other words, determine the herdict.

Tools

Tor: anonymity online
- helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.
- Tor and censorship: lessons learned by Roger Dingledine, 26th Chaos Communication Congress: Here be dragons (26C3) 2009
- Tor: Building, Growing, and Extending Online Anonymity by Andrew Lewman, FOSDEM February 2010
Sesawe.net
- a global alliance dedicated to bringing the benefits of uncensored access to information to Internet users around the world.
FoxyProxy
- advanced proxy management tool that completely replaces Firefox's limited proxying capabilities. It automatically switches an internet connection across one or more proxy servers based on URL and IP patterns.
VPN
- PRQ OpenVPN tunnel solution
- Ipredator Idleworks 2009
- VyprVPN Golden Frog
- hadoPING offshore company with service entry-points in France, Germany, Iceland and Sweden
Protocol bypassing (mainly used for open wifi networks)
- ICMPTX (IP-over-ICMP) HOWTO by Thomer M. Gil
- NSTX (IP-over-DNS) HOWTO by Thomer M. Gil
  - DNStunnel.de - free DNS tunneling service
- Proxytunnel Connecting outside through HTTP(S) proxies
- Tunneling SSH over HTTP(S) with Apache server and SSH client, DAG
- Point-to-point tunneling protocol (PPTP) method for implementing virtual private networks.
- Poptop - Open Source PPTP Server server solution for Linux.
- tinc tunnelling and encryption to create a secure private network between hosts on the Internet.
  - tinc: the difficulties of a peer-to-peer VPN on the hostile Internet FOSDEM February 2010
I2P Anonymous Network routing traffic through other peers, as shown in the following picture. All traffic is encrypted end-to-end.
distributions
- Ubuntu Privacy Remix (UPR)
- BackTrack
search privacy
- Google
  - Scroogle from Google Watch
  - GoogleSharing
Vanish Enhancing the Privacy of the Web with Self-Destructing Data
Off-the-Record Messaging (OTR) private conversations over instant messaging by providing Encryption, Authentication, Deniability, Perfect forward secrecy
ProxyChains TCP and DNS through proxy server. HTTP and SOCKS

Do it yourself

Create an SSH tunnel (to read content)

You need first to rent the server in an Internet location (country but eventually backbone position) that has access to the resources you are intersted in.

server side : create a new user without a shell or a home
- useradd -s "/usr/sbin/nologin" temporarytunnel
- passwd temporarytunnel
client side : keep open a tunnel with a defined local port
- ssh temporarytunnel@server.com -D 3248 -N
- configure your clients to connect through the tunnel (thus the same port)
  - for example in your browser proxy option select sock4 proxy pointing to 127.0.0.1 port 3248
- optionally configure your clients to use DNS through the tunnel tool
  - e.g. network.proxy.socks_remote_dns=true in Firefox
- connect to a web server with geolocalization (by IP) to check which connection you are actually using

See also SSH Tunnelling according to CircumventionTools and Wikipedia:Corkscrew (program) to run the connections over most HTTP and HTTPS proxy servers or my notes on Lighttpd (and Apache on setting up a forward proxy).

Provide a temporary SSH tunnel (to publish content)

check GatewayPorts yes in /etc/ssh/sshd_config
1. more details at Shell and with man:sshd
from the machine you want to share content ssh user@server.tld -R server.tld:port:127.0.0.1:443 -N
1. this will open a specific port on the remote server tunneling to your local machine on port 443 (http over SSL) and avoid requesting for a prompt
check that is working https://server.tld:port/
share https://server.tld:port/ to people you trust

Note that you should consider

dynamically change the port in a deterministic way (using timestamp, weather, a mix...)
use locally a strict httpd policy (basically only allow 127.0.0.1 traffic)
use an .htpasswd file else anybody which scans server.tld for open ports and find the https will be able to connect to it and crawl its content

Censorship {Bypassing}