Internet Censorship

From FemWiki
Revision as of 15:51, 7 October 2024 by Astolfo (talk | contribs) (Added confirmed bypasses)
Jump to navigation Jump to search
Other languages:

As we all know, there's all sorts of censorship online. This page is focused on the censorship enforced by governments or ISPs(Internet Service Provider) to block websites. Nothing in this post has been tested on apple products as they're unusable garbage.

Methods

IP Address Based Filtering

This method is pretty simple, IP addresses associated with the website get banned. This method is not commonly used due to IPv4 addresses being shared in a lot of cases.

DNS Level Filtering

A DNS server simply gives you the IP address of a website. Without a DNS server, your computer can't understand where to connect. In this method, ISP's DNS server refuses to give you the correct IP address of a website.

Deep Packet Inspection

The most intrusive and hard to bypass in all methods. ISPs inspect your web requests and do the filtering based on the SNI. More on that later.

How to test what filtering method your ISP uses

If your ISP does IP based filtering(which is pretty unlikely), you can't do much about it except using proxies. In other scenarios, you can check for DNS level filtering very easily, see the bypass section below. DPI is way harder but we'll get to that. To see what filtering system they use, first test the DNS filtering bypass method. If it doesn't work, it's DPI.

Warning: Your ISP may be (and probably is) using multiple filtering methods like DNS and DPI combined.

Bypassing the filters

Proxies/VPNs

This method might be the most known of all. Everyone knows how to download a free VPN and use it. However, this method is not recommended since almost all of those VPNs are insecure and slow. If you have a trusted VPN or proxy service, you can use that. I won't give any names since I don't know any.

DNS Changing

To evade DNS based filtering, you can change your DNS address or even better, use DNS over HTTPS. Cloudflare's DNS servers are pretty good. Their address is 1.1.1.1(one.one.one.one for DoH). There is no standard way to change your DNS servers so you'll have to check online for your operating system or browser.

Info: There is usually no need to use ISP's DNS servers. You won't lose anything by switching your DNS servers from ISP's to something else. Even if your ISP doesn't apply DNS filtering, it's still a good idea to change it for performance reasons.

DPI Bypassing

This part is the most complicated by far. You can use some programs to trick your ISP to allow your packets. This method is hard compared to others so be prepared to spend a few hours at worst but it pays off. There is no silver bullet for this method. Each setting changes from ISP to ISP, meaning you'll have to experiment with it if you're unlucky. Let's start with some tools. Some of these tools have prebuilt settings that will most likely work.

GoodbyeDPI (Windows)

This is the most useful tool for Windows. You can download it and use 2_any_country_dnsredir.cmd. GoodbyeDPI also has premade settings that you can try by editing the .cmd file. At line 7 you can change the number at the end. It can be anything from 1 to 9. Try them all and see if they work.

PowerTunnel (Windows/Linux/Android)

This might be the least working program of all. It's pretty simple to use and doesn't have a lot to offer compared to the alternatives. Works on my machine™.

SpoofDPI (Linux)

Even simpler than PowerTunnel, this either just works or not. Give it a try, it'll take less than 2 minutes.

ByeDPI (Android/Linux/Windows)

ByeDPI is a pretty simple program but doesn't have any premade settings. Android one is pretty easy to use but on computers it can be complicated.

DPI Tunnel (Android)

By far the best solution for android. Offers stuff like an auto tester and multiple profiles. However this program requires root access. If you don't know what that means, you can't run it.

zapret (OpenWRT/Linux/Windows/OpenBSD/FreeBSD)

The most complicated of all. Supports Linux and other operating systems like OpenWRT for network wide bypass. Zapret has its own method checker and is complicated to use compared to others. I'm currently using this for network wide bypass. You can DM me on Matrix for help.

Important notes

There are some important things you should keep in mind for your own safety and convenience.

  • Do NOT install a certificate authority(CA) if you don't know what you're doing!
  • Generally, stay away from random VPN services. If you absolutely must use a VPN, choose something well known.
  • DPI Bypass tools may break some sites, especially government sites in some countries. You'll need to temporarily disable your proxy to use these sites.

Helper tools

Most of the DPI bypass tools work by giving you a proxy endpoint and expects you to set up your machines accordingly. On most browsers you can use FoxyProxy to easily switch proxies or make rules to switch automatically.

Confirmed bypasses

This is a list of ISPs and firewalls we managed to bypass successfully. This list is merely here so you can be certain there is a way to bypass DPI if you're dealing with one of these. If your enemy isn't listed here, that doesn't mean it's impossible to bypass. We just don't have access to it to try for ourselves. Feel free to reach us if you need any help.

ISPs

  • Türk Telekom(and derivatives)
  • Kablonet
  • TürkNet
  • Türkcell

Firewalls

  • XLOG with Eduroam
Retrieved from "https://wiki.femboy.group/index.php?title=Internet_Censorship&oldid=123"