💾 Archived View for dfdn.info › dfdn › internetfreedom.gmi captured on 2024-05-12 at 15:17:03. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-02-05)
-=-=-=-=-=-=-
A Guide to Restoring Your Internet Freedom at School, at Work, and in Countries that Block Websites
The following post recently drew my attention. It highlights the problem individuals face in trying to restore their Internet freedom while under the thumb of an authoritarian organization or regime.
"Well, I don't know if this is the right place to post this, but I [have had quite a bit of difficulty encrypting my operating system]. I'm [at] a boarding school, and they want to know what everybody does on the internet or on your offline computer usage, even if it's private. So I am trying to install in my PC another OS, leaving Windows as the decoy OS, and [for] the hidden [OS], I thought Ubuntu or maybe Zorin OS could be OK. But once I installed VeraCrypt, the option of "create [a] hidden operating system" is unavailable and so is every other option that has to do with the hidden OS. I've searched on the Internet but I haven't found any answers..."
Let's call the poster of the above message "ImprisonedStudent". The assault on ImprisonedStudent's Internet freedom by the very aggressive and knowledgeable IT staff of the British Boarding school he attends almost makes China's Internet access policies seem reasonable by comparison. He later revealed that the use of the TOR browser or TAILS is grounds for expulsion, and that his laptop and possessions are subject to search without his permission. The problem becomes especially difficult when a corporate or government entity has authority to search computers, personal possessions, and even living quarters for evidence of noncompliance.
Many of us find ourselves under much the same circumstances--whether at school, at work, at the public library, at the local free wifi hotspot, or in a totalitarian country. Restrictions are being placed on where we can go on the Internet, what we can see, and what we can learn. And, bit by bit, our privacy is being taken away, along with our ability to keep secret what we learn and who we are from the entities that want to know. We have no control over these entities. Instead, they have control over us.
Before releasing this article, I thought carefully about who may read it and what they may do with the information that I would provide. The thought of criminals using it to evade legitimate laws and school children using it to go to places on the Internet they shouldn't worried me. However, all this information is on the Internet. Anyone who is determined to find and use it for evil purposes can do the same research I did. The only people who would then be in the dark are those honest individuals who legitimately need to have access to parts of the Internet to which some bureaucrat has denied them access, often for arbitrary reasons, like just not wanting to accept responsibility for not blocking it. For example, some school districts block access to the educational material in National Geographic or forbid searching terms like "China", "Russia", or "Iran". The government of Turkey blocks the Wikipedia article on Turkey in their country, so it's citizens cannot access information about their government that casts it in a bad light. There are times when we legitimately need access to information on the Internet to which we are denied access. I have written this article to help honest seekers of knowledge to have increased access to it.
Over the years, I have had occasions when information or software I legitimately needed was blocked. One example occurred some years ago when I was the victim of an IT bureaucracy run a muck. At work I was forced to use a VPN to connect to a computer system in a building a few miles away. I was debugging a large piece of code, but I was intentionally blocked by the IT staff from uploading or downloading any files. This meant that I could not do my job without getting in my car and driving miles just to upload or download a file, which I often needed to do several times a day. My management apparently couldn't have cared less about this situation. I soon found an existing hole in the security that let me upload files. Unfortunately, the hole was plugged 24 hours later, and I was back to not being able to do my job again. Soon after that, I simply refused to continue to use the unworkable system. I stopped my debugging work for 10 months until a workable system was devised. Another example occurred recently when I found myself at a public library needing to download an innocuous Linux package, but the software archive website was blocked. These are just two examples where the powers-that-be have chosen to cover their own butts rather than give people depending on their computer systems access they legitimately need.
Be aware that in the United States the laws have been written to favor corporations at the expense of individuals. Any time you open a hole in a firewall at your place of work, you are compromising the security of your work's computer network. This is technically "attacking" a business computer network--even though you are on the inside trying to get out, rather than the other way around, and this has been illegal in the United States sinced 2013 (court case: Craigslist v. 3Taps). You could theoretically be prosecuted for this. The question is whether using a VPN or SSH tunneling or using other software is considered opening a hole in a firewall. That is a question to which I don't know the answer. It may depend on exactly what your software is doing. In theory, network administrators could tell you not to run any software whatsoever on the computers on their network because this could compromise their network's security. And, technically they are correct. In this instance, they could have you prosecuted for installing some completely innocuous software that doesn't even communicate with the Internet. My advice to you is to think very carefully about just how badly you need to go to a blocked website before you try to bypass the network's security to get there. This is not something you should take lightly.
In general, the limiting of our Internet access is an on-going cat-and-mouse game to prevent us from having access to information. Every time we mice find a way to get around the cat's restrictions, it adds more restrictions through more restrictive software, new policies, or new laws. This means that no one-size-fits-all solution exists for taking back our Internet freedom, or likely ever will exist.
With this in mind, this article spells out some approaches and tools that may help you take back your Internet freedom. Depending on the level of competence of the IT staff that you are under the thumb of and the software they are using, not all of the approaches and tools that I will describe will work in your particular circumstances. You will have to try each one that you feel safe experimenting with to see which ones work and which ones don't. I will limit the techniques and software options that I present to those that can be used with laptops and desktop computers. In my opinion, cellphones give users less control, and are therefore, riskier to use.
Be aware that this cat-and-mouse game is esoteric and complicated. If you are not willing to put time and effort into protecting yourself, it is best not to play. If you play and get caught, the consequences can vary depending on the authorities you are trying to skirt--anything from nothing, to a figurative slap on the wrist, to expulsion from school, to being fired from your job, to a jail sentence in a country with a totalitarian government. I should also warn you that I am not an expert in this area, so you should carefully verify any of the approaches presented here that you decide to take. Be sure you thoroughly understand what you are doing, and make sure it will work for you and keep you hidden from whoever you are trying to hide.
A Summary of Some Methods of Accessing Blocked Websites
Here are some approaches that may yield access to blocked websites or online communication services, depending on the level of sophistication of the blocking techniques employed. The list below begins with the easiest approaches that are generally the least likely to succeed and progresses to the more difficult or expensive approaches that are more likely to succeed.
20 Methods of Accessing Blocked Websites
Substitute HTTPS websites for HTTP websites.
Try to access web pages deep within websites.
Use the mobile versions of websites.
Use the IP addresses of websites instead of the URL addresses (i.e. 162.227.49.15, instead of cheapskatesguide.org) to bypass DNS filters.
Use "Anonymous View" on Startpage.com
Connect through a proxy server.
Use proxy software (like Wireguard)
Install the FoxyProxy add-on to the Firefox browser.
Use the Firefox DNS over HTTPS add-on.
Add the UltraSurf extension (Windows only) to the Firefox browser.
Use the JonDo browser.
Run the TOR browser or the TAILS operating system (with or without bridges, meek-azure, scramblesuit bridge).
Translate a foreign website with Google Translate.
Connect to your home computer via Windows Remote Desktop (not secure).
Connect to a decentralized network like ZeroNet, I2P, IPFS, etc.
Use SSH Tunneling to your home computer.
Use DNS or ICMP tunneling.
Connect to VPN software running on your home computer.
Use a commercial VPN Service (illegal in China).
Use your cell phone as a modem.
Details of the implementations of these approaches and links to details will be presented later in this article.
Hiding Information that can be used to Identify You
Before we get to the details of how to get to blocked websites, let's talk about how to protect yourself by hiding your activities. Generally, keeping your activities secret from IT staff or other authorities means hiding the following information:
Information You Should Hide to Avoid Being Identified
Your computer's MAC address
The particular web pages (and their IP addresses) that you visit
The IP address you are connecting from
The contents of your browser's cache
Your browser's fingerprint
Your account ID, if you are using an individual account
The software tools you are using to bypass restrictions
Your physical location while you are connected to the network
The fact that you know how to hide these things
The fact that you possess software that can get past website blocks
The more of this information that you can hide, the higher your level of protection. Remember, all an authority may need to penalized you is a small amount of evidence that you are engaging in prohibited activities. They may not need absolute proof of your activities.
You will have to employ different techniques to hide the above information depending on how you are connecting to the Internet. Four example connection scenarios are given below. Carefully read through all four scenarios and the rest of this article before trying to connect to any blocked websites using any techniques outlined in this article.
Hiding Your Activities with Encryption
You should always use encryption for two reasons. First, with encryption, no one can inadvertently stumble upon your activities. Second, encrypted files and partitions that you can't be forced to decrypt mean that, even if you are suspected of a prohibited activity, no concrete evidence can be found in your possession to prove that you have engaged in the activity. This does not mean that you cannot be punished. It just means that punishment is less likely, as long as you continue to deny that you have engaged in the activity. Hopefully you will not put yourself in a position where you will have to deny anything. But, denying that you downloaded some innocent piece of software that you needed in a hurry to get your job done may be better than being harassed or punished for it.
By far, the best option would be to create a bootable USB stick with a hidden operating system. A hidden operating system is an operating system on what is called an "inner volume" of an encrypted drive. TrueCrypt and VeraCrypt can create an encrypted drive with inner outer volumes. The drive then has two passwords: one to unlock the outer volume and another to unlock the inner volume. If the encrypted drive is discovered, and you are forced to unlock it, you can unlock the outer volume, and no one can prove that an inner volume exists. The use of an encrypted USB stick with an operating system hidden in an inner volume would mean that even if your laptop were to be searched, nothing would be found on it. Since a well-concealed USB flash drive is far harder to find than a laptop, the chances that it would be found by a search are less than the chances that your laptop would be found.
Unfortunately, it seems that the three best open-sourced encryption tools--Truecrypt, Veracrypt, and LUKS--do not appear to allow users to encrypt either a Windows or a Linux "system partition" (a partition with an operating system on it) on a USB stick. If I find a way to do this, I will update this article. You can still use the aforementioned encryption software to put a hidden volume on a USB stick, as long as it doesn't contain an operating system. The fact that you cannot install a hidden operating system on a USB stick means you will have to go with a less secure option with a higher risk of getting caught.
You can encrypt the hard drive on your computer with a hidden operating system. In countries where encryption is illegal, you will be far more likely to be caught with an encrypted computer hard drive. But, this may be your best option in a British boarding school or in any country where strong encryption is legal.
Another option is to encrypt a USB stick and put portable applications (applications that do not have to be installed) like the TOR browser in a hidden, inner volume. Other examples of portable applications are other Internet browsers and their plug-ins, proxy software, ZeroNet software, I2P software, or other decentralized network software.
I should mention that the TOR network is run by volunteers who run TOR relay nodes. Anyone running a TOR relay node can in theory see the traffic running through his node. This causes some individuals to worry that their data, including online accounts and passwords, can be stolen while using the TOR network. I don't have enough information to know how likely this is to occur.
Maintaining Plausible Deniability
If you've paid much attention to politics, you are aware that one of politicians' favorite tools is plausible deniability. Regardless of what they are accused of, they nearly always find some way of maintaining that someone else did it without their knowledge. Plausible deniability is your last-ditch backup if all else has already failed. Protect it carefully. In high-risk scenarios, encrypt everything with a hidden volume. Hide USB sticks containing software in places that can't be traced back to you. And, avoid as much as possible using accounts with your name attached to them.
Practicing Secrecy
If you find a method of getting to blocked websites that works at your school, place of work, or in your country, keep it secret. Unfortunately, the surest way to make your method obsolete is to tell other people about it. This is also the surest way of getting yourself caught.
Let me tell you a story that illustrates my point. Back in the late 1980's, I saw a neat screen saver running on a coworker's computer. I asked where he had found it and if I could have a copy. He gave me a copy, and I put it on my work computer. I was aware that management didn't want us running "unapproved" software on our work computers. However, I didn't think they cared about something as innocuous as a screen saver. Two or three people noticed the screen saver running on my computer and asked for copies, which I gave them. After a couple of weeks, my boss came to me and asked where I had obtained the screen saver. Apparently it had been passed around to several people by this point, and he had traced the trail back to me. I told him who had given it to me. However, since I was the low man on the totem pole, he made me remove every copy of the screen saver from everyone's computer. The moral of this story is that if you spread information around enough, the authorities will find out, and they will trace it back to you. If you are unable to defend yourself, they will penalize you. This is not something you want to have happen to you at your school or work, and especially not in a country where the information is illegal or where you could be seen as aiding "criminals" (people who want to know things the government doesn't want them to know).
Four Internet Connection Scenarios, their Associated Risks, and Risk Countermeasures
Individuals will be connecting to the Internet under a finite number of scenarios that depend on the country in which they live, the organization for which they work, or the school they attend. This section discusses details of four scenarios: connecting to the Internet 1) using a personal laptop at an open wifi access point, 2) using a personal laptop and an individual account at school or work, 3) using a public, work-owned or school-owned computer and an individual account, and 4) from a country with a government that limits internet freedom.
Scenario 1: Using a Personal Laptop at an Open wifi Access Point
If you have access to an open wifi access point (otherwise known as a "hotspot") at your school, place of work, or in your country that lets anyone connect to it without an account, and where no cameras are recording your presence, you have it made. Ultimately all you need to worry about is keeping your MAC address and personal identity secret. If the wifi hotpot is one to which a large number of random people connect frequently, you are in even better shape because this makes it harder for authorities to identify you by something unique to your laptop--like the type and version of web browser you use, your operating system, the resolution of your screen, data you may have downloaded without being able to hide it, etc.
A MAC address is a string of hexidecimal numbers that uniquely identifies every computer on the planet. Actually, it uniquely identifies every network card (or network interface) on the planet. So, for example, if your laptop has an Ethernet port and a wifi card, your laptop will have two MAC addresses--one when it is connected via ethernet, and one when it is connected via wifi. MAC addresses look like this: 34:e4:ae:ef:53:93. To prevent authorities that have the power to confiscate your computer from being able to identify it as one that has accessed forbidden content, you will need to reset your computer's MAC address to a random MAC address before you connect to the Internet each time. One tool that can do this is Macchanger. Macchanger is available for Windows and Linux. To install Macchanger in Ubuntu or Linux Mint, type at the Linux command prompt:
sudo apt-get install macchanger macchanger-gtk
You can download a different program to change the MAC address of a network interface on a Windows computer here. The Linux command to tell Macchanger to generate a random MAC address is:
sudo macchanger -r eth0
In place of the ethernet network interface, eth0, substitute the network interface that you are using to connect to the internet. The Linux "ifconfig" command or the Windows "ipconfig" command will list the network interfaces that are currently enabled on your computer.
For increased privacy, you should take the same precautions to hide your MAC address in every scenario discussed hereafter.
If you are worried that "authorities"--be they network administrators or other people in authority at your school or work, or police in your country--may later find and search you, use a portable Internet browser that is different from the one you usually use. Make sure it is on the inner volume of an encrypted USB flash drive. Once you have taken the necessary steps to hide your identity while connected, assuming you deem them necessary, you may try any of the methods listed above in "A Summary of the Methods of Accessing Blocked Websites". Be sure not to inadvertently reveal your identity by logging in to an online account that is associated with your real name.
Scenario 2: Using a Personal Laptop to Connect to a Wifi Access Point using an Assigned School or Work Account
If you can only access the Internet through an assigned, individual account, then you are in a much more difficult position because all IP addresses that you visit directly from school or work can be tied to your account. If you are on your personal laptop, some tools and methods which may (or may not) successfully cloak the website addresses that you visit are:
13 Methods of Obscuring Websites You Visit on Your Laptop
Proxy servers
Proxy software (like Wireguard)
"Anonymous View" on Startpage.com
The DNS over HTTPS add-on for Firefox
The UltraSurf extension (Windows only) to the Firefox browser
The TOR browser or the TAILS operating system (with or without bridges, meek-azure, scramblesuit bridge)
Connecting to your home computer via Windows Remote Desktop (not secure)
Accessing websites on a decentralized network like ZeroNet, I2P, IPFS, etc.
Using SSH Tunneling to your home computer
Using SOCKS 5 Tunneling to your home computer
Using DNS or ICMP tunneling
Connecting to VPN software running on your home computer
A commercial VPN Service (illegal in China)
In some ways, a risky option is to use TAILS on a USB stick. TAILS is an operating system that was designed to be ultra secure. It comes with many useful programs, including the TOR browser. The logic behind using TAILS is that only a secure operating system can truly protect your online anonymity. Unfortunately, because a USB stick cannot be encrypted with a hidden operating system using any encryption program that I could find, you will not be able to hide the fact that you have a copy of TAILS if your TAILS USB stick is discovered. This was the option that would have caused ImprisonedStudent to be expelled if he had been caught. This is too bad because TAILS is among the most powerful tools that I know for restoring an individual's Internet freedom. A bit of good news is that the TAILS USB stick is by default non-persistent, so no trace of your online activities can be gleaned from it if it happens to be discovered in your possession. If you decide to take the TAILS approach, your success depends on keeping your TAILS USB stick hidden. Two ways of doing this are to hide it in a public place or to make it look like something else, like perhaps a tube of Chapstick.
If you decide to use a proxy server or the equivalent in the form of a browser add-on, TAILS, or the TOR browser, a network administrator will likely know that you have connected to a proxy or a TOR node (a computer in the TOR network). If this is prohibited, then you will likely face consequences. The same is true if you use a commercial VPN service and that is prohibited.
Your best options may be to connect to your home computer via Windows Remote Desktop, SSH tunneling, SOCKS 5 tunneling, DNS tunneling, or ICMP tunneling. You can also connect through VPN software running on your home computer. All of these methods allow you to connect to your home computer from your school or work computer and access websites on the Internet through your home computer. As long as you have an encrypted connection to your home computer, nothing that passes between your laptop and your home computer can be seen in plain text by a network administrator at your school or work. The details of implementing these methods will be explained later in this article.
Another option is to connect to the Internet via TAILS or the TOR browser in bridge mode. A TOR bridge (also know as a TOR relay bridge) is a computer that is a TOR node (AKA a TOR relay node, or just a TOR relay) that fewer people know about. If your school or work network is blocking TOR traffic, you may still be able to use a TOR bridge to connect to the TOR network. If you cannot find a TOR bridge that is not blocked, your only options are to either run your own TOR bridge from home or to get a friend who you trust to do it for you. Although it should go without saying, your network administrator could recognize a TOR bridge that you are using as such and cause you to face penalties. The only way to be sure that a TOR bridge will be unknown to your network administrator is if it is running on your home computer or the computer of a trusted friend, and no one else knows about it. The use of TOR bridges will be discussed later in this article.
If you are on a very strict network that will only allow access to certain websites on a "whitelist", then you will not be able to reach your home computer's IP address via an HTTP or HTTPS connection. Proxy servers, TAILS, and commercial VPN servers will also not be useful to you. In this scenario, your only options may be SSH, SOCKS 5, DNS, or ICMP tunneling which do not require an HTTP or HTTPS connection. Redirecting all your traffic through DNS or ICMP requests allows you to avoid even logging into your assigned account. The downside of this is that running a server on your home computer weakens its security. But, the more you know about what you are doing, the more secure you can make your home server.
Scenario 3: Using a Work-Owned, or School-Owned Computer and an Assigned Account to Connect to the Internet
This is the worst scenario so far because not only are you identified as soon as you log in to your account, but you are stuck with a computer that is not under your control. If you are not allowed to use your own laptop but must use your school's or your company's computer, you have no way of knowing what monitoring software has been installed on the computer. Monitoring software makes simple proxies insufficient for hiding your activities. In order to hide what you are doing, you will have to use portable software on a USB stick. In this scenario, your best approaches may be:
4 Methods of Obscuring Activities on a Computer You Don't Own
You can connect to a commercial VPN service from a portable browser on an encrypted USB stick. The USB stick should contain an encrypted file or partition with outer and inner volumes. It should also have an unencrypted area containing portable encryption software for decrypting the encrypted volumes. The inner volume will contain the portable browser. This will give you plausible deniability.
For SSH tunneling to your home computer, you can use a portable SSH client on the inner volume of an encrypted USB stick, similar to #1.
If you just want to chat with your friends about non-confidential matters, you may try chatting in Google Docs.
For private emails, encrypt the contents of your email and send it via any email service of your choice that isn't blocked.
Several portable browsers exist. They include the TOR browser and a portable version of Firefox, The FoxyProxy and HTTPS everywhere add-ons are also available for Firefox. Firefox now also provides the capability of DNS over HTTPS, which can help prevent a network administrator from being able to see the websites you visit by looking at DNS requests. Remember that when you type a URL into an Internet browser, that URL is translated into an IP address by a DNS server. Requests to and responses from a DNS server can be intercepted by a network administrator. TAILS is also portable by default, but if you cannot boot the computer you're using with a bootable USB stick, because the computer's BIOS has been locked, or because it uses UEFI, then you will not be able to use TAILS.
Software exists that allows network administrators to see the screens of every user on the network. As far as I know, this software must be installed on each computer in the network. This means that, if you are on a school or company computer, it is likely that no matter what you do, if an administrator happens to be watching, he will be able to see what you are doing. One way of doing something without literally being under the eyes of a network administrator is to run a script on your USB stick that calls other programs in the background. For example, you could run a script called something innocuous that downloads files from a website with a command line script and pipes the screen output to a null file. Remember that network administrators have access to everything on the network, so if a network administrator becomes suspicious, he will have access to your code while your USB stick is connected to the computer.
By the way, years ago I worked for more than one compnay that told employees never to connect USB sticks to their computers. We did anyway, just to get our work done, and to my knowledge no one was ever reprimanded for doing so. I think companies have given up protecting against this, but an organization I worked for recently actually had the naivety to tell us never to connect a USB stick that had ever been connected to any outside computer to any of our work computers. Apparently, they did not understand that we had now way of knowing if this had happened at the factories that made the particular USB stick or the company computer.
Scenario 4: Connecting to the Internet in a Country with a Government that Limits Internet Freedom
In this scenario, you risk prison by proceeding. So, you should be very sure that you understand exactly what you are doing before choosing to do so.
The use of a commercial VPN service is most likely illegal. TOR is also likely illegal. Even hard-to-break encryption software may be illegal. Your home and your computer and may be searched at any time.
Your best hope of remaining undetected is probably through the use of the TOR browser or TAILS with a TOR bridge. Be aware that just visiting the TAILS website (assuming you can reach it at all) will likely put you on a list of TAILS users. The risk of being put on a list also applies in "democracies" like the United States. The best method of avoiding getting on a list will be to download TAILS at a highly-trafficked public wifi hotspot where you are not required to use a personal account. However, the TAILS website will most likely be blocked. If you can get to the TAILS website, download as much information about TAILS as you can. Then follow the lengthy process given on the TAILS website to make sure your TAILS download has not been tampered with. Also, be aware that when TAILS boots up, it takes you to the TAILS website automatically, unless you have taken steps to prevent it.
If the TAILS website is blocked, you can try installing ZeroNet, I2P, or torrent software (assuming their software-download websites and torrent trackers aren't also blocked) and using one of them to download a copy of TAILS from one of their file sharing sites. Then locate the SHA256 or other number for the version of TAILS that you have just downloaded (assuming you can find it), and verify that your version has not been tampered with. As I have mentioned in other articles (here, here, and here), decentralized networks are in themselves good sources of information that may be restricted in certain countries. And, they are very difficult for governments to block--once you have the software.
You may also want to try JonDo. From the little I have seen of JonDo, it seems to be tailor-made for getting around all kinds of Internet blocking methods. Though it also provides services other than Internet surfing, they cost money to use. More details about JonDo will be given later in this article.
From conversations on ZeroNet, I know that many people in China use VPN's, even though VPN's are illegal. Perhaps, most people in China are unable to obtain a copy of TAILS, thanks to their government blocking the TAILS website--as well as known TOR relay nodes and many torrent trackers. My understanding is that meek-azure bridges are still effective at getting around the blocking of TOR nodes; however, this may be old information. Remember, I said this is a cat-and-mouse game. Things are always changing. I must assume that users of VPN's know that Chinese authorities can tell that they are using VPN's, so the penalties must not be severe enough to deter them. However, the use of the TOR network is also illegal in China, so perhaps the Chinese people don't see a difference between using TOR and using a VPN.
China blocks many decentralized networks. For the past three years, China has not only blocked the ZeroNet website on the Clearnet, it has also blocked many of the torrent trackers that ZeroNet user nodes use to connect to each other. China also blocks TOR relay nodes (those it knows about) that allow ZeroNet users to remain anonymous. Some Chinese ZeroNet users say that the ZeroNet blockade in China is largely successful, and others say it is largely unsuccessful. The difference may be that some users have access to large, up-to-date lists of torrent trackers, and others have not yet found them. Should you be successful in your attempts to obtain a copy of the ZeroNet software, you can find an up-to-date list of trackers at the Syncronite "zite" on ZeroNet (http://127.0.0.1:43110/15CEFKBRHFfAP9rmL6hhLmHoXrrgmw4B5o/). You'll also find instructions there on how to update your personal tracker list.
Other methods of getting around countries' internet blockades also exist. Some Chinese people use I2P, ShandowSocksR, and v2ray. Of course, the Chinese government is actively fighting to impede its citizens access to these also. In addition to ZeroNet, decentralized networks like IPFS, LokiNet, Dat, Retroshare, ScuttleButt, and Secure ScuttleButt can also be used to gain access to information blocked in countries that block websites. If you live in one of these countries and have a friend in another country, you can try employing one of these tunneling methods to your friend's computer: SSH, SOCKS 5, DNS, or ICMP. Or, you can ask your friend to set up a VPN server. For those who can afford to rent a server from a commercial Internet hosting company in another country, using tunneling software to access blocked websites through it is another option. There are also free and paid SOCKS proxy servers, but since they are on a published list, many may be blocked.
Details of Selected Techniques for Connecting to Blocked Websites
Up to this point, not given much detailed information has been given about how to actually use the techniques for connecting to blocked websites. Below are some of the details and links to more complete information.
Using the Mobile Versions of Websites
If a network administrator has blocked a particular website, but not the mobile page of the website, you may be able to get through that way. The mobile website for example.com may be something like m.example.com, mobile.example.com, example.com/mobile, example.com/m, or example.com/mobileweb.
Going to Web Pages Deep within Websites
Sometimes, you may be able to get to a page deep within a website. For example, https://cheapskatesguide.org may be blocked, but https://cheapkatesguide.org/articles/zeronet.html may not be blocked. My recollection is that most blocking software will block every page within a website, but you may get lucky if the administrators of your network aren't using effective blocking software.
Using "Anonymous View" on Startpage.com
Startpage.com is a search engine that anonymizes Google searches. Nothing has to be installed to use it. Just go to startpage.com, enter a search term, and click on the "Search" button. To the right of many search results, you will see the words, "Anonymous View" in blue. Clicking on these words will take you to a proxied web page containing the information on the original web page. Since, you never go to the original web page, your system administrator might not be alerted to the fact that you are viewing the information. Most of the time "Anonymous View" is not blocked, even when many other proxy servers are.
Connecting through a Proxy Server
Proxy server websites are usually the first to be blocked. However, new ones crop up all the time. If you can find a proxy server that has not been blocked yet, you will be able to use it to go wherever you want on the internet. Just go to an unblocked website running a proxy server and type in the URL of the website you want to go to. Here are some websites with free proxy servers:
A List of Free Proxy Server Websites
Anonymouse - anonymouse.org
CroxyProxy - https://www.croxyproxy.com/
HideMe - https://hide.me/en/proxy
Hidester - https://hidester.com/proxy/
NinjaWeb - https://ninjaweb.xyz/Topproxylist.html
ProxFree - https://www.proxfree.com/
ProxySite - https://www.proxysite.com/
Startpage - https://www.startpage.com/
NewIPNow - https://newipnow.com/
KProxy - https://www.kproxy.com/
To find more free proxy server websites go to Security Gladiators or Free Proxy Lists. Free Proxy Lists has pages and pages of IP addresses (and port numbers) to hundreds of proxy servers all over the world. You can also search for "free online proxy" in any search engine.
Another way to use a proxy server is to go to the Windows Control Panel/Network and Internet/Internet Options/Connections/LAN Settings. Check the "Use a proxy server for your LAN" box. Enter the IP address of the proxy server. The port number is often 8080.
You can also set up the Firefox browser to use a proxy. In the Firefox browser, go to Settings/Preferences/Network Settings/Settings. Click on "Manual proxy configuration". Then type the proxy's IP address onto the "HTTP Proxy" line. Try 8080 for the port number if you don't know it. Enter the same proxy address and port on the "SSL Proxy" line.
Proxy services are not without problems. Be aware that connecting to a website on the Internet through a proxy is usually slower than a regular Internet connection, so you will probably not be able to watch videos over a proxied connection. You should also know that, as with VPN services, most proxy services fail to live up to their promises of security and anonymity.
You can use the Proxy Checker tool to verify that a proxy service is actually doing what it claims.
Using Proxy Software
Some proxy servers are accessed through Internet browser add-ons or software that connects to the server and then boots your browser. Some require you to pay for their services and others are free. Three examples are Whoer, UltraSurf, and FoxyProxy.
Install the FoxyProxy Add-on to the Firefox Browser
FoxyProxy is a 15-year-old Firefox browser add-on that can connect to proxy servers in many countries. It installs just like any other Firefox add-on. FoxyProxy is no longer free. To install FoxyProxy, in Firefox, go to Settings/Add-ons and on the "Find more extensions" line, type "FoxyProxy". Then install it.
Using the Firefox DNS over HTTPS Add-on
DNS over HTTPS (DoH) is a method for encrypting information sent to and from DNS servers, the servers that translate URL addresses into IP adresses. This is usually used when customers don't want their ISP's to know what websites they are visiting. However, it can be used to prevent any monitoring software between the user's browser and the DNS server from gathering IP addresses. So, it should prevent governments that are trying to monitor Internet usage from being able to see IP addresses visited by individuals that use DNS over HTTPS and a DNS server in another country. In-county DNS service providers are likely being forced to supply governments with users' data.
Rumor has is that some governments are able to crack the SSL/TLS encryption that encrypts some HTTPS websites. So, you may not want to place a large amount of trust in DoH. There are different versions of TLS with different encryption strengths. TLS version 1.2 was used by about 94% of HTTPS websites in 2018. TLS version 1.3 is beginning to be deployed. If you are interested, you can get an idea of the relative level of SSL/TLS security available on a particular website here.
To enable DNS over HTTPS in Firefox, go to Settings/Preferences/General/Network Settings/Settings and check the "Enable DNS over HTTPS" box. Then select either the Default DNS server, or click on the "custom" button and enter the IP address of a DNS server you want to use. You may not want to use the default DNS server that is run by Clouldflare. Since Cloudflare was instrumental in de-platforming 8Chan, some no longer trust it. My belief is that no large company that does business in a particular country can be trusted not to give users' data to the government of that country. The reason is that across the board, large companies share their customers' data with governments. So, if you want to prevent that, your best hope is to use a smaller company that does not do business in your country. You can select a DNS server either in the network settings of your operating system, the configuration settings of your Internet browser, or in the configuration settings of your router. To see which DNS server you are presently using, go What's My DNS Server?
Adding the UltraSurf extension to the Firefox Browser
The UltraSurf add-on for Firefox (Windows only) requires no installation, so you may be able to use it on a heavily-restricted network. UltraSurf connects to the closest available proxy using your computer's default browser and then opens an private window in that browser. You can then use the browser to visit blocked websites. Unfortunately, UltraSurf is only available on Windows computers.
Using the JonDo browser
JonDo is a proxy program that makes an effort to circumvent Internet censorship through IP obfuscation, strong encryption, and authentication via multiple layers of encryption. JonDoFox is a profile for the Firefox browser that is optimized for secure web surfing. JonDoBowser is an internet browser. JonDo can be installed on your computer or used as a portable program on an encypted USB stick. Anonymity is provided by JonDo through AN.ON, in which "only certified and publicized persons and organizations may operate [an anonymizing] server", and the TOR network. Users have the option of avoiding blackades by some governments of the JonDo anonymizing servers through TCP/IP or Skype "tunneling". JonDo also gives users the option of using an HTTP/HTTPS or SOCKS proxy.
JonDo is free for surfing the web and FTP file downloads. All other web services that it provides (messengers like Pidgin, IRC chat services, email, and other programs that use SOCKS proxies) cost money to use.
JonDo comes with a fairly comprehensive manual, which is rather uncommon with most software today. The manual also gives much general information about how users can protect their privacy against the tactics that are used to strip them of it. However, the manual has been translated from German and uses a different jargon than you may be used to. For example, what the TOR community refers to as "nodes" or "TOR relay nodes", JonDo refers to as "mixes".
Using the TOR Browser or the TAILS Operating System
The TOR browser can be downloaded here. If you live in a country that has passed laws against using TOR or blocks TOR relay nodes (such as Egypt, China, or Turkey) you should use the TOR browser in bridge mode. Here is a link to a page on the TAILS website that gives an overview of when to use bridges. WARNING: clicking on a link to the TAILS website from some countries can put you at risk of being added to a list of TAILS users. Many websites in "democratic" countries also block TOR users. So, be prepared for that, and also be prepared to prove to those websites that do not block TOR users that you are not a robot by going through their annoying captcha tests.
The TAILS operating system is designed to be ultra secure. A higher level of security means TAILS gives added anonymity protection beyond what can be offered by the TOR browser and a normal Linux, Mac, or Windows operating system. So, you should consider using it. TAILS can be downloaded here. Carefully follow the directions on the TAILS website to make sure the version of TAILS that you download has not been tampered with, especially if you live in a country with a government that denies its citizens Internet freedom or monitors their Internet usage, which includes many "democracies".
One way to set up the TOR browser to operate in bridge mode is to do the following (does not works with newer versions of the TOR browser). First, disconnect your computer from the Internet. Then boot up the TOR browser. It should complain that it cannot connect, and you should see a page with a "connect" button and a "configure" button. Click on the "configure" button. Then click on the check box next to "Tor is censored in my country". Then click on "select a built-in bridge" and use the type of bridge you want from the pull-down menu. To find more bridges that you can use with the TOR browser, go to the TOR bridge database. You can specify any bridge that you want to use with the TOR browser by clicking on "Provide a bridge I know" and entering the IP address of the bridge and a port number. More information on the use of TOR bridges can be found here.
In my opinion, a major problem with most Internet browsers is that developers keep changing the way they work. The TOR browser is no exception. Newer versions set up bridge mode differently. One would almost think that TOR browser developers want to confuse users about how to set up bridge mode. Users must apparently edit the /etc/tor/torrc file to set up bridge mode in version 8.0.3 of the TOR browser. Some information on setting up bridge mode in version 9.0 can be found here.
Connecting to your Home Computer via Windows Remote Desktop
The Windows Remote Desktop application in Windows 7 and Windows 10 has known security issues, so it's not a great method for connecting to your home computer from work or school. However, if you choose to do so anyway, you can set up a Remote Desktop Connection in Windows by going to Accessories/Remote Desktop Connection. Click on the "Options" button and then the "Advanced" tab. Click on the "Settings" button. Click on "Use the RD Gateway Server settings". Then enter the IP address of your school or work computer. Your school or work computer must have a static IP address for this to work. Get the IP address using the ipconfig command in a DOS window on your school or work computer. Click on "OK", and then "Connect". If that doesn't work, try "Automatically detect RD Gateway server settings", but be aware that this is even less secure because the whole world can now connect to your home computer. You should now be able to open a window to your home computer's desktop from school or work using Remote Desktop Connection on your school or work computer and start surfing. For more information see this.
Connecting to a decentralized network like ZeroNet, I2P, or IPFS
Communicating freely with others does not always require going to a website on the Internet that may be blocked by your network administrators. Decentralized networks like ZeroNet and I2P have secure and anonymous email, chat rooms, forums, and social sites that are similar to secure, simplified versions of FaceBook and Reddit. And, the number of websites on decentralized networks is growing daily. These sites allow users to communicate with varying levels of privacy. ZeroNet works with the TOR browser to prevent users' IP addresses from being revealed (when in "TOR Always" mode) and to encrypt all data from users' computer to the decentralized network via TLS encryption. ZeroNet software does not require users to open a port on their home routers. I2P does require an open router port.
Decentralized networks are specifically designed to be harder for governments to block. For example, the Turkish government cannot block the Wikipedia entry for Turkey on the IPFS network. Although IPFS has only static content, ZeroNet and I2P both have dynamic content, including email and forums for communication. So, if you are looking for a way to communicate with your friends, decentralized networks are another type of tool you can employ. ZeroNet works with just about any browser, and the TOR browser can be used to hide your IP address for greater anonymity.
As was mentioned previously, totalitarian governments block websites on the Clearnet where software for connecting to decentralized networks can be downloaded. One approach to solving this problem would be to find any decentralized network software that you can, install it on your computer, and then ask the network's users how to get other software or to post other software on a their file sharing sites. Bit-torrent sites are another source of decentralized network software. Be sure to verify that the software has not been tampered with before you use it.
SSH Tunneling to your Home Computer
Linux comes with a built-in SSH server and client. If you are running Windows on your your home computer and your laptop, you'll have to install them. You can read a tutorial on installing and using the Windows Freesshd server and the Putty client here. SSH uses port 22, so you will have to open that port on your home router and forward it to your home computer that is running the SSH server. Putty is a portable application, which means you can hide it on an encrypted USB stick. However, it is a powerful program that has many other uses, so you may not even need to hide it.
Using SOCKS 5 Tunneling to Your Home Computer.
SOCKS 5 tunneling is a special type of SSH tunneling where special programs send traffic down the SSH tunnel. Any computer with Linux installed can be used as your home server. As with SSH tunneling, your data is encrypted, and you'll have to open port 22 on your home router and forward it to your Linux server. If your home server has a firewall enabled on it, you'll have to open port 22 in the firewall. You can use the Firefox browser as your SOCKS client on your laptop. You just have to configure the Firefox browser correctly. Instructions for creating a SOCKS 5 Tunnel using Linux can be found here. Instructions for creating a SOCKS 5 tunnel using Windows can be found here.
Using DNS or ICMP Tunneling
DNS tunneling is the establishment of a covert connection between two computers using DNS packet data injection. It may be used to bypass blocks on websites by network administrators at your place of work. It may also be used to obtain free Internet access through bypassing captive portals at wifi hotspots. DNS tunneling cannot be easily blocked by a network that allows Internet access because users' browsers must be allowed to send and receive DNS packets in order for users to be able to surf the Internet using URL addresses. Deep Packet Inspection (DPI) is required for network administrators to detect DNS tunneling. With DNS tunneling the user uses DNS client software like dnscat2 to connect to another computer running a DNS server. You can get more details here and here. You will need to know Linux to use these approaches.
An ICMP tunnel establishes a covert connection between two computers, a client and server, using data injected into ICMP echo requests and reply packets. Network administrators will not be able to detect ICMP tunneling on their networks unless they have DPI capability. This type of tunneling can be blocked by network administrators by blocking ICMP traffic or only allowing fixed sized ICMP packets. Here is a fairly technical article on how to implement ICMP tunneling.
Connecting to VPN software running on your home computer
Several open-sourced VPN tools exist for turning a home computer into a VPN server. These may allow you to get past website blocking at school or work, but will not be of much use to you in protecting your privacy if you live in a country that blocks websites because such a country will know that you are using a VPN from your home. Directions for installing the Wireguard VPN server can be found here.
Using a Commercial VPN Service (Illegal in China)
Two problems with commercial VPN's are that they are generally not trustworthy, and the good ones cost money. I say they are not trustworthy because many have been caught not providing the security they promise. Also VPN's located in 14 eyes countries are giving their users' browsing histories to governments. If you are in a country that outlaws commercial VPN's, you will have to use one located outside that country. Otherwise, your government will very likely be able to force the VPN provider to spy on you. The VPN provider's website might also be blocked. If you do manage to successfully connect to a VPN service, the fact that you are using it can be discovered by your ISP and your government.
My understanding, which comes from things people living in China have said on ZeroNet, is that most of those who are bypassing China's "Great Firewall" are doing so with VPN's. If this is as widespread as it appears to be, then the Chinese government must not be rigorously enforcing their laws against using VPN's.
Using a Cell Phone as a Modem
Cellphones can share their Internet connections with laptops. To find out how to do this with an Android smartphone, go here. For an iPhone, go here.
Final Words
This article has addressed ways to access websites on the Internet that are blocked by the provider of your Internet connection under four general scenarios. These range from connecting to the Internet from an open wifi hotspot all the way up to using tools to access blocked sites on the Internet from countries that have made them illegal. Details and links to explanations of some methods of accessing blocked websites have also been given.
Whatever you ultimately decide to do with the information provided, remember, no method of getting to a blocked website is foolproof. This is a cat-and-mouse game in which the methods that the cat uses to block and detect you are always changing and improving. No method that you can employ can guarantee that you will not be caught and subjected to whatever penalties exist. In addition, I am not an expert in this area. Though I have been using the TOR browser and TAILS for years, and though I am a daily user of ZeroNet and have experience with other decentralized networks, as much as I would have liked to, I have not had time to try every technique presented in this article for myself. So, before you try any method that has been suggested, do your own research. Be sure you understand what you are doing. Understand the penalties you may personally face if you are caught. And, have good reasons for risking being subjected to them before your proceed.