Internet Censorship: Difference between revisions
Initial commit |
Marked this version for translation |
||
| Line 1: | Line 1: | ||
<languages /> | <languages /> | ||
<translate> | <translate> | ||
<!--T:1--> | |||
As we all know, there's all sorts of censorship online. This page is focused on the censorship enforced by governments or ISPs(Internet Service Provider) to block websites. <strong>Nothing in this post has been tested on apple products as they're unusable garbage.</strong> | As we all know, there's all sorts of censorship online. This page is focused on the censorship enforced by governments or ISPs(Internet Service Provider) to block websites. <strong>Nothing in this post has been tested on apple products as they're unusable garbage.</strong> | ||
</translate> | </translate> | ||
<translate> | <translate> | ||
== Methods == | == Methods == <!--T:2--> | ||
</translate> | </translate> | ||
<translate> | <translate> | ||
<!--T:3--> | |||
=== IP Address Based Filtering === | === IP Address Based Filtering === | ||
This method is pretty simple, IP addresses associated with the website get banned. This method is not commonly used due to IPv4 addresses being shared in a lot of cases. | This method is pretty simple, IP addresses associated with the website get banned. This method is not commonly used due to IPv4 addresses being shared in a lot of cases. | ||
| Line 14: | Line 16: | ||
<translate> | <translate> | ||
<!--T:4--> | |||
=== DNS Level Filtering === | === DNS Level Filtering === | ||
A DNS server simply gives you the IP address of a website. Without a DNS server, your computer can't understand where to connect. In this method, ISP's DNS server refuses to give you the correct IP address of a website. | A DNS server simply gives you the IP address of a website. Without a DNS server, your computer can't understand where to connect. In this method, ISP's DNS server refuses to give you the correct IP address of a website. | ||
| Line 19: | Line 22: | ||
<translate> | <translate> | ||
<!--T:5--> | |||
=== Deep Packet Inspection === | === Deep Packet Inspection === | ||
The most intrusive and hard to bypass in all methods. ISPs inspect your web requests and do the filtering based on the [https://en.wikipedia.org/wiki/Server_Name_Indication SNI]. More on that later. | The most intrusive and hard to bypass in all methods. ISPs inspect your web requests and do the filtering based on the [https://en.wikipedia.org/wiki/Server_Name_Indication SNI]. More on that later. | ||
| Line 24: | Line 28: | ||
<translate> | <translate> | ||
<!--T:6--> | |||
== How to test what filtering method your ISP uses == | == How to test what filtering method your ISP uses == | ||
If your ISP does IP based filtering(which is pretty unlikely), you can't do much about it except using proxies. In other scenarios, you can check for DNS level filtering very easily, see the bypass section below. DPI is way harder but we'll get to that. To see what filtering system they use, first test the DNS filtering bypass method. If it doesn't work, it's DPI. | If your ISP does IP based filtering(which is pretty unlikely), you can't do much about it except using proxies. In other scenarios, you can check for DNS level filtering very easily, see the bypass section below. DPI is way harder but we'll get to that. To see what filtering system they use, first test the DNS filtering bypass method. If it doesn't work, it's DPI. | ||
| Line 29: | Line 34: | ||
<translate> | <translate> | ||
== Bypassing the filters == | == Bypassing the filters == <!--T:7--> | ||
</translate> | </translate> | ||
<translate> | <translate> | ||
<!--T:8--> | |||
=== Proxies/VPNs === | === Proxies/VPNs === | ||
This method might be the most known of all. Everyone knows how to download a free VPN and use it. However, this method is not recommended since almost all of those VPNs are insecure and slow. If you have a trusted VPN or proxy service, you can use that. I won't give any names since I don't know any. | This method might be the most known of all. Everyone knows how to download a free VPN and use it. However, this method is not recommended since almost all of those VPNs are insecure and slow. If you have a trusted VPN or proxy service, you can use that. I won't give any names since I don't know any. | ||
| Line 38: | Line 44: | ||
<translate> | <translate> | ||
<!--T:9--> | |||
=== DNS Changing === | === DNS Changing === | ||
To evade DNS based filtering, you can change your DNS address or even better, use <strong>DNS over HTTPS</strong>. Cloudflare's DNS servers are pretty good. Their address is 1.1.1.1(one.one.one.one for DoH). There is no standard way to change your DNS servers so you'll have to check online for your operating system or browser. | To evade DNS based filtering, you can change your DNS address or even better, use <strong>DNS over HTTPS</strong>. Cloudflare's DNS servers are pretty good. Their address is 1.1.1.1(one.one.one.one for DoH). There is no standard way to change your DNS servers so you'll have to check online for your operating system or browser. | ||
| Line 43: | Line 50: | ||
<translate> | <translate> | ||
<!--T:10--> | |||
=== DPI Bypassing === | === DPI Bypassing === | ||
This part is the most complicated by far. You can use some programs to trick your ISP to allow your packets. This method is hard compared to others so be prepared to spend a few hours at worst but it pays off. <strong>There is no silver bullet for this method.</strong> Each setting changes from ISP to ISP, meaning you'll have to experiment with it if you're unlucky. Let's start with some tools. Some of these tools have prebuilt settings that will most likely work. | This part is the most complicated by far. You can use some programs to trick your ISP to allow your packets. This method is hard compared to others so be prepared to spend a few hours at worst but it pays off. <strong>There is no silver bullet for this method.</strong> Each setting changes from ISP to ISP, meaning you'll have to experiment with it if you're unlucky. Let's start with some tools. Some of these tools have prebuilt settings that will most likely work. | ||
| Line 48: | Line 56: | ||
<translate> | <translate> | ||
<!--T:11--> | |||
==== [https://github.com/ValdikSS/GoodbyeDPI GoodbyeDPI] (Windows) ==== | ==== [https://github.com/ValdikSS/GoodbyeDPI GoodbyeDPI] (Windows) ==== | ||
This is the most useful tool for Windows. You can download it and use <strong>2_any_country_dnsredir.cmd</strong>. GoodbyeDPI also has premade settings that you can try by editing the .cmd file. At <strong>line 7</strong> you can change the number at the end. It can be anything from 1 to 9. Try them all and see if they work. | This is the most useful tool for Windows. You can download it and use <strong>2_any_country_dnsredir.cmd</strong>. GoodbyeDPI also has premade settings that you can try by editing the .cmd file. At <strong>line 7</strong> you can change the number at the end. It can be anything from 1 to 9. Try them all and see if they work. | ||
| Line 53: | Line 62: | ||
<translate> | <translate> | ||
<!--T:12--> | |||
==== [https://github.com/krlvm/PowerTunnel PowerTunnel] (Windows/Linux/Android) ==== | ==== [https://github.com/krlvm/PowerTunnel PowerTunnel] (Windows/Linux/Android) ==== | ||
This might be the least working program of all. It's pretty simple to use and doesn't have a lot to offer compared to the alternatives. Works on my machine™. | This might be the least working program of all. It's pretty simple to use and doesn't have a lot to offer compared to the alternatives. Works on my machine™. | ||
| Line 58: | Line 68: | ||
<translate> | <translate> | ||
<!--T:13--> | |||
==== [https://github.com/xvzc/SpoofDPI SpoofDPI] (Linux) ==== | ==== [https://github.com/xvzc/SpoofDPI SpoofDPI] (Linux) ==== | ||
Even simpler than PowerTunnel, this either just works or not. Give it a try, it'll take less than 2 minutes. | Even simpler than PowerTunnel, this either just works or not. Give it a try, it'll take less than 2 minutes. | ||
| Line 63: | Line 74: | ||
<translate> | <translate> | ||
<!--T:14--> | |||
==== [https://github.com/hufrea/byedpi/ ByeDPI] ([https://github.com/dovecoteescapee/ByeDPIAndroid Android]/Linux/Windows) ==== | ==== [https://github.com/hufrea/byedpi/ ByeDPI] ([https://github.com/dovecoteescapee/ByeDPIAndroid Android]/Linux/Windows) ==== | ||
ByeDPI is a pretty simple program but doesn't have any premade settings. Android one is pretty easy to use but on computers it can be complicated. | ByeDPI is a pretty simple program but doesn't have any premade settings. Android one is pretty easy to use but on computers it can be complicated. | ||
| Line 68: | Line 80: | ||
<translate> | <translate> | ||
<!--T:15--> | |||
==== [https://github.com/nomoresat/DPITunnel-android DPI Tunnel] (Android) ==== | ==== [https://github.com/nomoresat/DPITunnel-android DPI Tunnel] (Android) ==== | ||
By far the best solution for android. Offers stuff like an auto tester and multiple profiles. However <strong>this program requires root access</strong>. If you don't know what that means, you can't run it. | By far the best solution for android. Offers stuff like an auto tester and multiple profiles. However <strong>this program requires root access</strong>. If you don't know what that means, you can't run it. | ||
| Line 73: | Line 86: | ||
<translate> | <translate> | ||
<!--T:16--> | |||
== Important notes == | == Important notes == | ||
There are some important things you should keep in mind for your own safety and convenience. | There are some important things you should keep in mind for your own safety and convenience. | ||
Revision as of 20:42, 4 August 2024
As we all know, there's all sorts of censorship online. This page is focused on the censorship enforced by governments or ISPs(Internet Service Provider) to block websites. Nothing in this post has been tested on apple products as they're unusable garbage.
Methods
IP Address Based Filtering
This method is pretty simple, IP addresses associated with the website get banned. This method is not commonly used due to IPv4 addresses being shared in a lot of cases.
DNS Level Filtering
A DNS server simply gives you the IP address of a website. Without a DNS server, your computer can't understand where to connect. In this method, ISP's DNS server refuses to give you the correct IP address of a website.
Deep Packet Inspection
The most intrusive and hard to bypass in all methods. ISPs inspect your web requests and do the filtering based on the SNI. More on that later.
How to test what filtering method your ISP uses
If your ISP does IP based filtering(which is pretty unlikely), you can't do much about it except using proxies. In other scenarios, you can check for DNS level filtering very easily, see the bypass section below. DPI is way harder but we'll get to that. To see what filtering system they use, first test the DNS filtering bypass method. If it doesn't work, it's DPI.
Bypassing the filters
Proxies/VPNs
This method might be the most known of all. Everyone knows how to download a free VPN and use it. However, this method is not recommended since almost all of those VPNs are insecure and slow. If you have a trusted VPN or proxy service, you can use that. I won't give any names since I don't know any.
DNS Changing
To evade DNS based filtering, you can change your DNS address or even better, use DNS over HTTPS. Cloudflare's DNS servers are pretty good. Their address is 1.1.1.1(one.one.one.one for DoH). There is no standard way to change your DNS servers so you'll have to check online for your operating system or browser.
DPI Bypassing
This part is the most complicated by far. You can use some programs to trick your ISP to allow your packets. This method is hard compared to others so be prepared to spend a few hours at worst but it pays off. There is no silver bullet for this method. Each setting changes from ISP to ISP, meaning you'll have to experiment with it if you're unlucky. Let's start with some tools. Some of these tools have prebuilt settings that will most likely work.
GoodbyeDPI (Windows)
This is the most useful tool for Windows. You can download it and use 2_any_country_dnsredir.cmd. GoodbyeDPI also has premade settings that you can try by editing the .cmd file. At line 7 you can change the number at the end. It can be anything from 1 to 9. Try them all and see if they work.
PowerTunnel (Windows/Linux/Android)
This might be the least working program of all. It's pretty simple to use and doesn't have a lot to offer compared to the alternatives. Works on my machine™.
SpoofDPI (Linux)
Even simpler than PowerTunnel, this either just works or not. Give it a try, it'll take less than 2 minutes.
ByeDPI (Android/Linux/Windows)
ByeDPI is a pretty simple program but doesn't have any premade settings. Android one is pretty easy to use but on computers it can be complicated.
DPI Tunnel (Android)
By far the best solution for android. Offers stuff like an auto tester and multiple profiles. However this program requires root access. If you don't know what that means, you can't run it.
Important notes
There are some important things you should keep in mind for your own safety and convenience.
- Do NOT install a certificate authority(CA) if you don't know what you're doing!
- Generally, stay away from random VPN services. If you absolutely must use a VPN, choose something well known.