Internet Censorship: Difference between revisions
|  Marked this version for translation | No edit summary | ||
| Line 91: | Line 91: | ||
| * Do <strong>NOT</strong> install a certificate authority(CA) if you don't know what you're doing! | * Do <strong>NOT</strong> install a certificate authority(CA) if you don't know what you're doing! | ||
| * Generally, stay away from random VPN services. If you absolutely must use a VPN, choose something well known. | * Generally, stay away from random VPN services. If you absolutely must use a VPN, choose something well known. | ||
| * DPI Bypass tools may break some sites, especially government sites in some countries. You'll need to temporarily disable your proxy to use these sites. | |||
| </translate> | |||
| <translate> | |||
| == Helper tools == | |||
| Most of the DPI bypass tools work by giving you a proxy endpoint and expects you to set up your machines accordingly. On most browsers you can use [https://getfoxyproxy.org/ FoxyProxy] to easily switch proxies or make rules to switch automatically. | |||
| </translate> | </translate> | ||
Revision as of 21:38, 4 August 2024
As we all know, there's all sorts of censorship online. This page is focused on the censorship enforced by governments or ISPs(Internet Service Provider) to block websites. Nothing in this post has been tested on apple products as they're unusable garbage.
Methods
IP Address Based Filtering
This method is pretty simple, IP addresses associated with the website get banned. This method is not commonly used due to IPv4 addresses being shared in a lot of cases.
DNS Level Filtering
A DNS server simply gives you the IP address of a website. Without a DNS server, your computer can't understand where to connect. In this method, ISP's DNS server refuses to give you the correct IP address of a website.
Deep Packet Inspection
The most intrusive and hard to bypass in all methods. ISPs inspect your web requests and do the filtering based on the SNI. More on that later.
How to test what filtering method your ISP uses
If your ISP does IP based filtering(which is pretty unlikely), you can't do much about it except using proxies. In other scenarios, you can check for DNS level filtering very easily, see the bypass section below. DPI is way harder but we'll get to that. To see what filtering system they use, first test the DNS filtering bypass method. If it doesn't work, it's DPI.
Bypassing the filters
Proxies/VPNs
This method might be the most known of all. Everyone knows how to download a free VPN and use it. However, this method is not recommended since almost all of those VPNs are insecure and slow. If you have a trusted VPN or proxy service, you can use that. I won't give any names since I don't know any.
DNS Changing
To evade DNS based filtering, you can change your DNS address or even better, use DNS over HTTPS. Cloudflare's DNS servers are pretty good. Their address is 1.1.1.1(one.one.one.one for DoH). There is no standard way to change your DNS servers so you'll have to check online for your operating system or browser.
DPI Bypassing
This part is the most complicated by far. You can use some programs to trick your ISP to allow your packets. This method is hard compared to others so be prepared to spend a few hours at worst but it pays off. There is no silver bullet for this method. Each setting changes from ISP to ISP, meaning you'll have to experiment with it if you're unlucky. Let's start with some tools. Some of these tools have prebuilt settings that will most likely work.
GoodbyeDPI (Windows)
This is the most useful tool for Windows. You can download it and use 2_any_country_dnsredir.cmd. GoodbyeDPI also has premade settings that you can try by editing the .cmd file. At line 7 you can change the number at the end. It can be anything from 1 to 9. Try them all and see if they work.
PowerTunnel (Windows/Linux/Android)
This might be the least working program of all. It's pretty simple to use and doesn't have a lot to offer compared to the alternatives. Works on my machine™.
SpoofDPI (Linux)
Even simpler than PowerTunnel, this either just works or not. Give it a try, it'll take less than 2 minutes.
ByeDPI (Android/Linux/Windows)
ByeDPI is a pretty simple program but doesn't have any premade settings. Android one is pretty easy to use but on computers it can be complicated.
DPI Tunnel (Android)
By far the best solution for android. Offers stuff like an auto tester and multiple profiles. However this program requires root access. If you don't know what that means, you can't run it.
Important notes
There are some important things you should keep in mind for your own safety and convenience.
- Do NOT install a certificate authority(CA) if you don't know what you're doing!
- Generally, stay away from random VPN services. If you absolutely must use a VPN, choose something well known.
- DPI Bypass tools may break some sites, especially government sites in some countries. You'll need to temporarily disable your proxy to use these sites.
Helper tools
Most of the DPI bypass tools work by giving you a proxy endpoint and expects you to set up your machines accordingly. On most browsers you can use FoxyProxy to easily switch proxies or make rules to switch automatically.