Nov 22, 2024, 12:23 AM

News:

Stay tuned as we migrate data from our old forum !


Introduction to VPN blocks and circumvention methods

Started by trilight, May 29, 2022, 12:22 PM

Previous topic - Next topic

trilight

A cat-and-mouse game – Introduction to VPN blocks and circumvention methods

Among the many uses of VPNs, accessing restricted websites is one of the most evident. By encrypting and relaying their communication through a trusted middle-man, netizens can access restricted content while preventing their ISP from eavesdropping. Reasons for censoring in the first place range from overzealous free WiFi operators to pervasive surveillance by a state-actor. Understandably, many governments are unhappy losing control over their citizens in cyberspace, particularly Middle-Eastern and Asian countries. China and its Great Firewall has been on the edge of censorship technologies, with the goal of controlling the flow of information to ensure the unity of society, but the West is not so far behind. The proliferation of internet monitoring technologies through commercialisation and loosely regulated neocapitalism puts everyone at risk.

What to do when the VPN is not working?

VPN blocks rely on the same methods as active web filtering, with a few added particularities. Amongst the most common is tampering of the DNS resolver: a domain name is very hard to change, much harder than an IP address, and often immutable in practice. The more popular a VPN provider is, the more its domain and IP addresses are likely to be blocked. Another classic method is port and protocol blocking: by default, OpenVPN uses UDP over port 1194, both of which can be blocked. Switching to port 80 (HTTP) or 443 (HTTPS) over TCP may help in some cases. More advanced systems like China's Great Firewall can detect the fingerprint of VPN protocols given enough time, resulting in a rapid block. Bypassing this requires using a bridge with a protocol such as Shadowsocks or obfs4, and neither are failproof. Both aim at obfuscating traffic to avoid detection, the former by making it look like a HTTPS connection and the latter by making it look like nothing.

Building resilient systems

The amount of efforts required to circumvent VPN blocks can vary greatly, with China as one of the toughest challenge. Security through obscurity is an option, relying on smaller providers and self-hosted VPN services, although it is not sufficient on its own. The implementation of several protocols and gateways, say in preparation of a trip, will prove useful to those needing access to a free internet. The Tor project is a great example of a resilient system built to circumvent censorship: through obfs4, snowflakes (a protocol relying on domain fronting), hidden bridges and more, it is the go-to tool when all else fails. Despite the tremendous amounts spent on censorship technologies, we are still one step-ahead in that game. Controlling the internet is not possible without cutting the access of a whole country, provided one knows how to resist.