💾 Archived View for gemini.clehaxze.tw › gemlog › 2023 › 04-14-bypassing-indo-network-censorship.gmi captured on 2023-12-28 at 15:28:19. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-04-19)
-=-=-=-=-=-=-
Short post. I've traveled to Indonesia for a few weeks and I've found sites like Reddit is blocked. Although I come prepared with my own WireGuard VPN to bypass it. It's still annoyning. Mostly because the added latency. First I tried some low skill bypasses
After messing around. I find that Blznet, the ISP I ended up with does thw following network manipulation:
At this point, I don't believe the Indonesian goverment is capable of high skill attacks like DPI. Given the assumption thay are just looking at UDP and see if it's a DNS request. I set my browser to use DoH and.. bam! Reddit is back. This is not full proof though. The goverment can still look at SNI use a RST attack to block the connection. But it seems like they are not doing so. But if you are a high profile target, you probably want to use Tor or something much better than DoH only. This is a hostile network enviroment.
I've seen reports on the web saying encrypted DNS protocols are banned. But it seems not to be the case. DoH still works. Also, I'm unable to test if DNSSec works. All the banned sites I know don't have DNSSec. Also I didn't test if DNSCrypt works as DoH works well enough.
Fortunatelly it's simple DNS block right now. It does not look like they are looking at SNI, or at least not acting actively on it. I hope the situation doesn't get worse. This is still a very manageable level of censorship for us who know the Kung Fu.
I've read somewhere on the Internet that gambling sites are banned. For some reasons, some US brokers are banned. It seems that the old school brokers are banned. But exampted if they also provide banking services.
Some major brokers I checked are not banned: