Speaking about Internet censorship, I would immediately like to clarify that censorship by itself is not bad. It bears in itself more of a blessing than harm. Like many other people, I do not want a hostile neighbor to go on the Internet and anonymously order my murder, or get another neighbor involved in ISIS operations and arrange jihad in my city. To avoid this, some countries block dangerous web resources.
But abuse of censorship, when the authorities use this tool to restrict your freedom and rights, is a real threat.
Let me give an example of my own vision of the abuse of censorship. At the end of 2017, protest actions were held in Iran, the main reason for which was dissatisfaction with high prices. To suppress the protests, the authorities blocked the Telegram messenger.
Telegram is the main messenger for Iranians, many make money with it, for many Telegram is a corporate messenger, for most it is the main means of communication with friends and relatives. Such rough action was costly for residents who are not able to bypass the lock. In fact, the most important communication channel was paralyzed.
Decisive actions to restrict online users during political protests in the East is common. For example, in 2011, during the protests in Egypt, the Internet was completely turned off. But doing so, the authorities missed the main point: the lack of Internet provoked people to go out of the houses and fill the streets that eventually led to the overthrow of President Hosni Mubarak.
A complete shutdown of the Internet is a special case, which cannot be circumvented by software. Another thing is the restriction of access to specific websites. There are two main ways to implement blocking: by IP address and via DNS.
When you type weather.com in your browser the data you enter is just a domain name. The site is hosted on the server, and the real address of the site is the IP address. But since it is more convenient for users to enter weather.com, rather than, for example, 188.8.131.52, they have come up with a domain name system.
Its essence is very simple: there are root DNS servers that know which domain name corresponds to which IP address. Local DNS servers that receive information from root servers. For example, your Internet service provider has a local DNS server. When you enter google.com in the address bar of your browser, your computer accesses the provider’s DNS server with the question “What IP address corresponds the name – google.com?” If this site is blocked, the provider’s DNS server will return a response with the IP address of the page with information about blocking the site based on the request of the authorities.
Such censorship can be bypassed by simply replacing a DNS server, for example, with a Google DNS server or using a VPN, where, as a rule, the DNS server specified in the VPN settings is used.
IP address blocking
When your computer receives information from the DNS server about the IP address of the requested site, it begins to exchange information with it, which, when converted by your browser, displays the site to you.
All requests from your computer go through the ISP and can be blocked by it. The most interesting thing is that there can be several sites using the same IP-address, and all of them will be blocked. And there have been quite a few such cases.
Counteraction to such an attack is Internet traffic proxying. This could be VPN, Tor, proxy, SSH, as long as the server through which you go online is in another country\jurisdiction.
Many people believe that this helps to completely bypass all blocks. In fact, connecting through a remote server, such as a VPN, you may fall under the restrictions of local providers, such as German if your output server is located in Germany.
Methods of blocking applications
When dealing with applications, such as messengers, everything happens in a similar way as in the case of websites. To work the messenger must contact the command and control server. Blocking may occur at the stage of initial connection. For example in Russia, when trying to block the IP addresses used by Telegram the authorities blocked more than 18 million IP addresses including those of Google, Amazon, Microsoft, etc. This action disrupted the work of many big companies, such as EA Games, Battle.net, Steam, Evernote, Gett, Spotify, etc.
Sometimes blocking by ports is performed. Each program that needs access to the network uses a port to connect to the network. For example, TeamViewer uses port 5938. If you block Internet traffic on these ports, the application will not be able to connect to the server.
This is usually practiced on the local. For example, at my previous place of work, the system administrator blocked port 5190, which was used at that time by the popular messenger. Blocking the port did not allow employees to use ICQ at work.
Many modern applications protect themselves from blocking by port. For example, if TeamViewer fails to establish a connection through port 5938, it will start to connect through ports 443 and 80 (they cannot be blocked as they are needed for working with websites).
Some applications provide the ability to specify a proxy server for connection or set the port independently.
When dealing with mobile applications, there is another method of blocking – contacting the App Store and Google Play. The application can be removed from the store and even forcibly blocked on users’ devices based on the request of the authorities. In China, a lot of applications were blocked this way, including VPN service applications, and even the New York Times application.
How to deal with such censorship?
To combat such censorship, you should jailbreak your device or install the application yourself. In the case of Android, you can download the application from an alternative app store. There is an alternative way to bypass the block – change your region in the settings. But this method does not always work: in China, the authorities are actively fighting this.
Censorship authorities constantly fight with all invented means of circumventing restrictions. The ports used during the VPN connection can be blocked, traffic can be analyzed for the use of the VPN and blocked too, eventually, they can block sites offering VPN services or instructions for circumventing geo blocking.