1. Welcome to PHCorner Forums. Take a moment to Sign up and gain unlimited access and extra privileges that guests are not entitled to, such as:

    All that and more! Registration is quick, simple and absolutely free. Join our community today!

Tutorial Simplified internet censorship with tools

Discussion in 'Free Internet Tricks' started by yus15, Sep 5, 2014.

Thread Status:
Not open for further replies.
  1. yus15

    yus15 Support Team Staff Member Support Team

    How the Net Works

    Local computer networks, called Local Area Networks, or LANs, physically connect a number of computers and other devices at the same physical location to one another. They can also connect to other networks via devices called routers that manage the information flow between networks. Computers in a LAN can communicate with each other directly for purposes like sharing files and printers, or playing multi-player networked video games. A LAN could be useful even if it were not connected to the outside world, but it clearly becomes more useful when it is.

    Standards for connecting devices

    Most LANs today are built with wired Ethernet or with wireless Ethernet (802.11 or Wi-Fi) technology. All of the interconnections (of LANs and other devices) that make up the Internet use common technical standards, or Internet protocols, to let computers find and communicate with to one another. Often, the interconnections use privately-owned equipment and facilities, and are operated on a for-profit basis. In some jurisdictions, Internet connections are extensively regulated by law. In others, there is little or no regulation.

    The most basic standard that unites all of the devices on the global Internet is called the Internet Protocol (IP).

    Standards for identifying devices on the network

    When your computer connects to the Internet, it is normally assigned a numeric IP address. Like a postal address, the IP address uniquely identifies a single computer on the Internet. Unlike the postal address, however, an IP address (particularly for a personal computing device) is not necessarily permanently associated with a specific computer. So, when your computer disconnects from the Internet and reconnects at a later time, it may receive a different (unique) IP address. The IP protocol version currently in predominant use is IPv4. In the IPv4 protocol, an IP address is written as four numbers in the range 0-255, separated by dots (e.g.

    Domain names and IP addresses

    All Internet servers, such as those which host Web sites, also have IP addresses. For example, the IP address of Please or Register to view links is Since remembering IP addresses is cumbersome and IP addresses might change over time, specific systems are in place to make it easier for you to reach your destination on the Internet. This system is the Domain Name System (DNS), where a set of computers are dedicated to serving your computer with the IP addresses associated with the human-memorable "names".

    For example, to access the Witness Web site you would type in the Please or Register to view links address, also known as a domain name, instead of Your computer then sends a message with this name to a DNS server. After the DNS server translates the domain name into an IP address, it shares that information with your computer. This system makes Web browsing and other Internet applications more human-friendly for humans, and computer-friendly for computers.


    Mathematically speaking, IPv4 allows for a pool of about 4.2 billion different computers to be connected to the Internet. There is also technology that lets multiple computers share a single IP address. Despite this, the pool of available addresses was more or less exhausted at the beginning of 2011. As a result, the IPv6 protocol has been devised, with a much larger repository of possible unique addresses. IPv6 addresses are much longer, and even harder to remember, than traditional IPv4 addresses. An example of an IPv6 address is:


    Although as of 2011 less than 1% of the Internet uses the IPv6 protocol, this will probably change dramatically in the near future.

    Protocols for sending information through the network

    There is a wide variety of Internet software to accommodate proper handling of the various forms of information according to specific protocols, such as:

    • e-mail via Simple Mail Transport Protocol (SMTP)
    • instant messaging via Extensible Messaging and Presence Protocol (XMPP)
    • file sharing via File Transfer Protocol (FTP),
    • peer-to-peer file sharing via BitTorrent protocol
    • Usenet news via Network News Transfer Protocol (NNTP)
    • a combination of protocols: voice communication using Voice Over Internet Protocol (VoIP), Session Initiation Protocol (SIP) and Real-time Transport Protocol (RTP)
    The Web

    Although many people use the terms "the Internet" and "the Web" interchangeably, actually the Web refers to just one way of communicating using the Internet. When you access the Web, you do so using software called a Web browser, such as Mozilla Firefox, Google Chrome, Opera, or Microsoft Internet Explorer. The protocol that the Web operates on is called the Hyper-Text Transfer Protocol or HTTP. You might also have heard of HTTPS, which is the secure version of HTTP that uses Transport Layer Security (TLS) encryption to protect your communications.

    Connecting to the Internet

    To connect your computer to the Internet, you may need some extra equipment, such as a modem or a router, to first connect to your ISP's network. Usually, end-user computers or home networks are connected with ISPs via one of several technologies:

    • telephone modem ("dial-up"), sending Internet data over telephone lines in the form of a telephone call
    • DSL, a more efficient and higher-speed way to send data over telephone lines over short distances
    • cable modem (or "cable Internet"), sending Internet data over a cable television company's coaxial cable
    • fiber-optic cables, particularly in densely-populated areas of developed countries
    • wide-area fixed wireless links, particularly in rural areas
    • data service over the mobile phone network.

    Why This Matters

    Another example is DNS servers, which were described as helping provide IP addresses corresponding to requested domain names. However, in some cases, these servers can be used as censoring mechanisms by preventing the proper IP address from being returned, and effectively blocking access to the requested information from that domain.

    The Layered Networking Model

    Internet protocols rely on other protocols. For example, when you use a Web browser to access a Web site, the browser relies on the HTTP or HTTPS protocol to communicate with the Web server. This communication, in turn, relies on other protocols. Suppose we are using HTTPS for a particular Web site to ensure that we access it securely.


    In the above example, the HTTPS protocol relies on the TLS protocol to perform encryption of the communications so that they are private and unmodified as they travel across the network. The TLS protocol, in turn, relies on the TCP protocol to ensure that information is not accidentally lost or corrupted in transmission. Finally, TCP relies on the IP protocol to ensure that data is delivered to the intended destination.

    While using the encrypted HTTPS protocol, your computer still uses the unencrypted DNS protocol for retrieving an IP address for the domain name. The DNS protocol uses the UDP protocol to mark the request for proper routing to a DNS server, and UDP relies on IP for actual transmission of data to the intended destination.
    Last edited: Sep 5, 2014
    John Ace Lopez and xSilent like this.
  2. yus15

    yus15 Support Team Staff Member Support Team

    Using Ports

    The IANA (Internet Assigned Names Authority) assigns port numbers for various higher-level protocols used by application services. A few common examples of the standard assigned port numbers are:

    • 20 and 21 - FTP (file transfer)
    • 22 - SSH (secure shell remote access)
    • 23 - Telnet (insecure remote access)
    • 25 - SMTP (send e-mail)
    • 53 - DNS (resolves a computer's name to an IP address)
    • 80 - HTTP (normal Web browsing; also sometimes used for a proxy)
    • 110 - POP3 (receive e-mail)
    • 143 - IMAP (send/receive e-mail)
    • 443 - HTTPS (secure Web connections)
    • 993 - secure IMAP
    • 995 - secure POP3
    • 1080 - SOCKS proxy
    • 1194 - OpenVPN
    • 3128 - Squid proxy
    • 8080 - Standard HTTP-style proxy

    Cryptography is a form of technical defense against surveillance that uses sophisticated mathematical techniques to scramble communications, making them unintelligible to an eavesdropper. Cryptography can also prevent a network operator from modifying communications, or at least make such modifications detectable. It usually works like a tunnel from the software you are using, such as a Web browser, to the other end of the connection, such as a Web server.
    Last edited: Sep 5, 2014
    John Ace Lopez likes this.
  3. yus15

    yus15 Support Team Staff Member Support Team

    DNS Filtering and Spoofing

    When you enter a URL in a Web browser, the first thing the Web browser does is to ask a DNS (Domain Name System) server, at a known numeric address, to look up the domain name referenced in the URL and supply the corresponding IP address.


    If the DNS server is configured to block access, it consults a blacklist of banned domain names. When a browser requests the IP address for one of these domain names, the DNS server gives a wrong answer or no answer at all.


    When the DNS server gives a meaningless answer or no answer, the requesting computer fails to learn the correct IP address for the service it wanted to contact. Without the correct IP address, the requesting computer cannot continue, and it displays an error message. Since the browser does not learn the Web site's correct IP address, it is not able to contact the site to request a page. The result is that all of the services under a particular domain name, such as all of the pages on a particular Web server, are unavailable. In this case, deliberate blocking may wrongly appear as a technical problem or random failure.

    Similarly, a censor could force a DNS entry to point to an incorrect IP address, thus redirecting Internet users to incorrect Web sites. This technique is called DNS spoofing, and censors can use it to hijack the identity of a particular server and display forged Web sites or reroute the users' traffic to unauthorized servers that could intercept their data. (In some networks, the wrong answer would lead to a different Web server that clearly explains the nature of the blocking that has occurred. This technique is used by censors who don't mind admitting that they are engaged in censorship and who don't want users to be confused about what has taken place.)

    IP Filtering

    When data is sent over the Internet, it is grouped into small units, called packets. A packet contains both the data being sent and information about how to send the packet, such as the IP addresses of the computer it came from and the one it should go to. Routers are computers that relay packets on their way from a sender to a receiver, determining where they go next. If censors wants to prevent users from accessing specific servers, they can configure routers that they control to drop (ignore and fail to transmit) data destined for IP addresses on a blacklist or to return an error message for them. Filtering based solely on IP addresses blocks all services provided by a particular server, such as both Web sites and e-mail servers. Since only the IP address is inspected, multiple domain names that share the same IP address are also blocked, even if only one was originally meant to be prohibited.

    Keyword Filtering

    IP address filtering can only block communication on the basis of where packets are going to or coming from, not what they contain. This can be a problem for the censor if it is impossible to establish the full list of IP addresses containing prohibited content, or if an IP address contains enough non-prohibited content to make it seem unjustifiable to totally block all communication with it. There is a finer-grained control possible: the content of packets can be inspected for banned keywords. As network routers do not normally examine the entire packet contents, extra equipment may be needed; the process of examining packet contents is often called deep packet inspection.

    Alternatively, the censor can use a forced HTTP proxy, as described earlier.

    Traffic Shaping

    Traffic shaping is a technique utilized by network managers to make a network run smoothly by prioritizing some kinds of packets and delaying other kinds of packets that meet certain criteria. Traffic shaping is somewhat similar to controlling vehicle traffic on a street. In general, all vehicles (packets) have the same priority, but some vehicles are temporarily delayed by traffic controllers or stop lights to avoid traffic jams at certain points. At the same time, some vehicles (fire trucks, ambulances) may need to reach their destination faster, and therefore they are given priority by delaying other vehicles. Similar logic is applicable to Internet packets that need low latency for optimal performance (such as voice over IP, VoIP).

    Traffic shaping can also be used by governments or other entities to delay packets with specific information. If censors want to restrict access to certain services, they can easily identify packets related to these services and increase their latency by setting their priority low. This could give users the misleading impression that a site is inherently slow or unreliable, or it could simply make the disfavored site unpleasant to use relative to other sites. This technique is sometimes used against peer-to-peer file-sharing networks, such as BitTorrent, by ISPs that disfavor file sharing.

    Port Blocking

    Blacklisting individual port numbers restricts access to individual services on a server, such as Web or e-mail. Common services on the Internet have characteristic port numbers. The relationships between services and port numbers are assigned by IANA, but they are not mandatory. These assignments allow routers to make a guess as to the service being accessed. Thus, to block just the Web traffic to a site, a censor might block only port 80, because that is the port typically used for Web access.

    Access to ports may be controlled by the network administrator of the organization that hosts the computer you're using whether a private company or an Internet cafe, by the ISP that is providing Internet access, or by someone else such as a government censor who has access to the connections that are available to the ISP. Ports may also be blocked for reasons other than pure content censorship to reduce spam, or to discourage disfavored network uses such as peer-to-peer file sharing, instant messaging, or network gaming.

    If a port is blocked, all traffic on this port becomes inaccessible to you. Censors often block the ports 1080, 3128, and 8080 because these are the most common proxy ports. If this is the case, you won't be able to directly use any proxies that require use of those ports; you'll have to use a different circumvention technique or else find or arrange for the creation of proxies that are listening on an uncommon port.

    For example, in one university, only the ports 22 (SSH), 110 (POP3), 143 (IMAP), 993 (secure IMAP), 995 (secure POP3) and 5190 (ICQ instant messaging) may be open for external connections, forcing users to use circumvention technology or access services on nonstandard ports if they want to use other Internet services.

    Internet Shutdown

    Shutting down Internet connectivity is an example of extreme censorship perpetrated by governments in response to sensitive political and social events. However, complete network disruption (i.e. from both domestic and international networks) requires intense work, since it is necessary to shut down not only the protocols that connect the country to the international network but also the protocols that connect ISPs with one another and with users. Countries have shut down Internet access completely (Nepal in 2005, Burma in 2007 and Egypt and Libya in 2011) as a means to quell political unrest. These shutdowns lasted from a few hours to several weeks, though some people managed to connect through dial-up to an ISP abroad or by using mobile connections or satellite links.

    John Ace Lopez likes this.
  4. yus15

    yus15 Support Team Staff Member Support Team

    What is HTTPS?

    HTTPS is the secure version of the HTTP protocol used to access Web sites. It provides a security upgrade for accessing Web sites by using encryption to stop eavesdropping and tampering with the contents of your communications. Using HTTPS to access a site can prevent network operators from knowing which part of the site you're using or what information you sent to and received from the site. HTTPS support is already included in every popular Web browser, so you don't need to install or add any software in order to use HTTPS.

    Usually, if a site is available through HTTPS, you can access the site's secure version by entering its address (URL) beginning with https:// instead of Please or Register to view links. You can also tell if you are using the secure version of a site by looking at the address displayed in your Web browser's navigation bar, and seeing whether it begins with Please or Register to view links.

    Examples of sites that offer HTTPS

    Here are a few examples of popular sites that offer HTTPS. In some cases, the use of HTTPS is optional on these sites, not mandatory, so you have to explicitly choose the secure version of the site in order to get the benefits of HTTPS.

    Site name
    Insecure (HTTP) version Secure (HTTPS) version
    Please or Register to view links
    Please or Register to view links
    Google Search
    Please or Register to view links
    Please or Register to view links
    Please or Register to view links
    Windows Live Mail (MSN Hotmail)
    Please or Register to view links

    For example, if you make a Google search from Please or Register to view links instead of Please or Register to view links, your network operator will not be able to see what terms you searched for, and therefore it can't block Google from answering "inappropriate" searches. (However, the network operator could decide to block encrypted.google.com in its entirety.) Similarly, if you use Twitter through Please or Register to view links instead of Please or Register to view links, the network operator can't see which tweets you are reading, what tags you are searching for, what you post there, or which account you log into. (However, the network operator could decide to block all access to twitter.com using HTTPS.)

    HTTPS and SSL

    HTTPS makes use of an Internet security protocol called TLS (Transport Layer Security) or SSL (Secure Sockets Layer). You may hear people refer to a site "using SSL" or being "an SSL site". In the context of a Web site, this means that the site is available through HTTPS.

    Using HTTPS in addition to circumvention technology

    Even circumvention technologies that use encryption are not a substitute for using HTTPS, because the purpose for which encryption is used is different.

    For many kinds of circumvention technology, including VPNs, proxies, and Tor, it is still possible and appropriate to use HTTPS addresses when accessing a blocked site through the circumvention technology. This provides greater privacy and prevents the circumvention provider itself from observing or recording what you do. This could be important even if you're confident that the circumvention provider is friendly to you, because the circumvention provider (or the network that the circumvention provider uses) could be broken into or pressured to provide information about you.

    Some circumvention technology developers like Tor strongly urge users to always use HTTPS, to make sure that circumvention providers themselves can't spy on users. You can read more about this issue at Please or Register to view links. It's good to get in the habit of using HTTPS whenever possible, even when using some other method for circumvention.

    Tips for using HTTPS

    If you like to bookmark sites that you access frequently so that you don't have to type in the full site address, remember to bookmark the secure version of each site instead of the insecure version.

    In Firefox, you can install the HTTPS Everywhere extension to turn on HTTPS automatically whenever you visit a site that's known to offer HTTPS. It is available from Please or Register to view links.
    John Ace Lopez likes this.
  5. yus15

    yus15 Support Team Staff Member Support Team

    Risks when not using HTTPS

    When you don't use HTTPS, a network operator such as your ISP or a national firewall operator, can record everything you do including the contents of the specific pages that you access. They can use this information to block particular pages or to create records that might be used against you later on. They can also modify the contents of Web pages to delete certain information or to add malicious software to spy on you or infect your computer. In many cases, other users of the same network can also do these things even if they aren't officially the network operator.

    In 2010, some of these problems were dramatized by a program called Firesheep, which makes it extremely easy for users on a network to take over other users' social networking site accounts. Firesheep works because, at the time it was created, these social networking sites were not commonly using HTTPS, or were using it in a limited way to protect only some portions of their sites. This demonstration created a lot of attention in international media, and also led more sites to require the use of HTTPS or to offer HTTPS access as an option. It also allowed technically unskilled people to abuse others by breaking into their accounts.

    In January 2011, during a period of political unrest in Tunisia, the Tunisian government began tampering with users' connections to Facebook in a way that allowed the government to steal users' passwords. This was done by modifying the Facebook login page and invisibly adding software that sent a copy of the user's Facebook password to the authorities. Such modifications are technically straightforward to perform and could be done by any network operator at any time. As far as we know, Tunisian Facebook users who were using HTTPS were totally protected from this attack.

    Risks when using HTTPS

    When it's available, using HTTPS is almost always safer than using HTTP. Even if something goes wrong, it shouldn't make your communications any easier to spy on or filter. So it makes sense to try to use HTTPS where you can (but be aware that, in principle, using encryption could be restricted by law in some countries). However, there are some ways that HTTPS might not provide complete protection.

    Certificate warnings

    Sometimes, when you try to access a web site over HTTPS, your Web browser will show you a warning message describing a problem with the site's digital certificate. The certificate is used to ensure the security of the connection. These warning messages exist to protect you against attacks; please don't ignore them. If you ignore or bypass certificate warnings, you may still be able to use a site but limit the ability of the HTTPS technology to protect your communications. In that case, your access to the site could become no more secure than an ordinary HTTP connection.

    If you encounter a certificate warning, you should report it by e-mail to the Webmaster of the site you were trying to access, to encourage the site to fix the problem.

    If you're using an HTTPS site set up by an individual, such as some kinds of Web proxies, you might receive an certificate error because the certificate is self-signed, meaning that there is no basis given for your browser to determine whether or not the communication is being intercepted. For some such sites, you might have no alternative but to accept the self-signed certificate if you want to use the site. However, you could try to confirm via another channel, like e-mail or instant messaging, that the certificate is the one you should expect, or see whether it looks the same when using a different Internet connection from a different computer.

    Mixed content

    A single Web page is usually made up of many different elements, which can come from different places and be transferred separately from one another. Sometimes a site will use HTTPS for some of the elements of a Web page but use insecure HTTP for the others. For example, a site might allow only HTTP for accessing certain images. As of February 2011, Wikipedia's secure site has this problem; although the text of Wikipedia pages can be loaded using HTTPS, all of the images are loaded using HTTP, and so particular images can be identified and blocked, or used to determine which Wikipedia page is a user is reading.

    Redirection to insecure HTTP version of a site

    Some sites use HTTPS in a limited way and will force users back to using insecure HTTP access even after the user initially used HTTPS access. For example, some sites use HTTPS for login pages, where users enter their account information, but then HTTP for other pages after the user has logged in. This kind of configuration leaves users vulnerable to surveillance. You should be aware that, if you get sent back to an insecure page during the course of using a site, you no longer have the protections of HTTPS.

    Networks and firewalls blocking HTTPS

    Because of the way HTTPS hinders monitoring and blocking, some networks will completely block HTTPS access to particular Web sites, or even block the use of HTTPS altogether. In that case, you may be limited to using insecure access to those sites while on those networks. You might find that you're unable to access a site because of blocking of HTTPS. If you use HTTPS Everywhere or certain similar software, you may not be able to use some sites at all because this software does not permit an insecure connection.

    If your network blocks HTTPS, you should assume that the network operator can see and record all of your Web browsing activities on the network. In that case, you may want to explore other circumvention techniques, particularly those that provide other forms of encryption, such as VPNs and SSH proxies.

    Using HTTPS from an insecure computer

    HTTPS only protects the contents of your communications while they travel over the Internet. It doesn't protect your computer or the contents of your screen or hard drive. If the computer you use is shared or otherwise insecure, it could contain monitoring or spying software, or censorship software that records or blocks sensitive keywords. In that case, the protection offered by HTTPS could be less relevant, since monitoring and censorship could happen within your computer itself, instead of at a network firewall.

    Vulnerability of HTTPS certificate system

    There are problems with the certificate authority system, also called public-key infrastructure (PKI) used to authenticate HTTPS connections. This could mean that a sophisticated attacker could trick your browser into not displaying a warning during an attack, if the attacker has the right kind of resources. It has not yet been clearly documented that this is taking place anywhere. This is not a reason to avoid using HTTPS, since even in the worst case, the HTTPS connection would be no less secure than an HTTP connection.
    John Ace Lopez likes this.
  6. yus15

    yus15 Support Team Staff Member Support Team

    Low-Bandwidth Filters

    Low-bandwidth filters are Web services designed to make browsing the Web easier in places where connection speeds are slow. They remove or reduce images, remove advertisements, and otherwise compress the Web site to make it use less data, so that it downloads faster.

    But, as with translation and aggregation services, you can also use low-bandwidth filters to bypass simple Web site blocking by fetching Web sites from their servers rather than from your computer. One useful low-bandwidth filter is at Please or Register to view links.
    John Ace Lopez likes this.
  7. yus15

    yus15 Support Team Staff Member Support Team

    HTTPS Everywhere

    HTTPS Everywhere is a Firefox add-on produced as a collaboration between The Tor Project ( Please or Register to view links) and the Electronic Frontier Foundation ( Please or Register to view links). It encrypts your communications with a number of major Web sites, including Google, Wikipedia, and popular social networking platforms such as Facebook and Twitter.

    The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS. (Although the extension is called "HTTPS Everywhere", it only activates HTTPS on a particular list of sites and can only use HTTPS on sites that have chosen to support it. It cannot make your connection to a site secure if that site does not offer HTTPS as an option.)

    Please note that some of those sites still include a lot of content, such as images or icons, from third party domains that is not available over HTTPS. As always, if the browser's lock icon is broken or carries an exclamation mark, you may remain vulnerable to some adversaries that use active attacks or traffic analysis. However, the effort required to monitor your browsing should still be usefully increased.

    Some Web sites (such as Gmail) provide HTTPS support automatically, but using HTTPS Everywhere will also protect you from SSL-stripping attacks, in which an attacker hides the HTTPS version of the site from your computer if you initially try to access the HTTP version.

    Additional information can be found at: Please or Register to view links.


    First, download the HTTPS Everywhere extension from the official Web site: Please or Register to view links.

    Select the newest release. In the example below, version 0.9.4 of HTTPS Everywhere was used. (A newer version may be available now.)


    Click on "Allow". You will then have to restart Firefox by clicking on the "Restart Now" button. HTTPS Everywhere is now installed.



    To access the HTTPS Everywhere settings panel in Firefox 4 (Linux), click on the Firefox menu at the top left on your screen and then select Add-ons Manager. (Note that in different versions of Firefox and different operating systems, the Add-ons Manager may be located in different places in the interface.


    Click on the Options button.


    A list of all supported Web sites where HTTPS redirection rules should be applied will be displayed. If you have problems with a specific redirection rule, you can uncheck it here. In that case, HTTPS Everywhere will no longer modify your connections to that specific site.


    Once enabled and configured, HTTPS Everywhere is very easy and transparent to use. Type an insecure HTTP URL (for example, Please or Register to view links).


    Press Enter. You will be automatically redirected to the secure HTTPS encrypted Web site (in this example: Please or Register to view links). No other action is needed.


    If networks block HTTPS

    Your network operator may decide to block the secure versions of Web sites in order to increase its ability to spy on what you do. In such cases, HTTPS Everywhere could prevent you from using these sites because it forces your browser to use only the secure version of these sites, never the insecure version. (For example, we heard about an airport Wi-Fi network where all HTTP connections were permitted, but not HTTPS connections. Perhaps the Wi-Fi operators were interested in watching what users did. At that airport, users with HTTPS Everywhere were not able to use certain Web sites unless they temporarily disabled HTTPS Everywhere.)

    In this scenario, you might choose to use HTTPS Everywhere together with a circumvention technology such as Tor or a VPN in order to bypass the network's blocking of secure access to Web sites.

    Adding support for additional sites in HTTPS Everywhere

    You can add your own rules to the HTTPS Everywhere add-on for your favorite Web sites. You can find out how to do that at: Please or Register to view links. The benefit of adding rules is that they teach HTTPS Everywhere how to ensure that your access to these sites is secure. But remember: HTTPS Everywhere does not allow you to access sites securely unless the site operators have already chosen to make their sites available through HTTPS. If a site does not support HTTPS, there is no benefit to adding a ruleset for it.

    If you are managing a Web site and have made an HTTPS version of the site available, a good practice would be to submit your Web site to the official HTTPS Everywhere release.
    John Ace Lopez likes this.
  8. yus15

    yus15 Support Team Staff Member Support Team

    Domains and DNS

    If you have identified, suspect or were told that the main censorship technique on your network is based on DNS filtering and spoofing, you should consider these techniques.

    Using alternative Domain Servers or Names

    Simply speaking, a DNS server translates a human-friendly Internet address such as google.com into the IP address, such as, that identifies the specific server or servers on the Internet associated with that name. This service is most often accessed through DNS servers maintained by your Internet Service Provider (ISP). Simple DNS blocking is implemented by giving an incorrect or invalid response to a DNS request, in order to prevent users from locating the servers they're looking for. This method is very easy to implement on the censor side, so it is widely used. Keep in mind that often there are several censorship methods are combined, so DNS blocking may not be the only problem.

    You can potentially bypass this type of blocking in two ways: by changing your computer's DNS settings to use alternative DNS servers, or by editing your hosts file.

    Alternative DNS Servers

    You can bypass the DNS servers of your local ISP, using third-party servers to let your computer find the addresses of domains that may be blocked by the ISP's DNS servers. There are a number of free, internationally available DNS services that you can try. OpenDNS ( Please or Register to view links) provides one such service and also maintains guides on how to change the DNS server that your computer uses ( Please or Register to view links). There is also an updated list of available DNS servers from around the world at Please or Register to view links.

    Here is a list of publicly-available DNS services, via the Internet Censorship Wiki at Please or Register to view links. (Some of these services may themselves block a limited number of sites; consult the providers' sites to learn more about their policies.)

    Publicly-available DNS servers
    Provider Google Google OpenDNS OpenDNS DynDNS DynDNS Visizone Visizone NortonDNS NortonDNS DNS Advantage DNS Advantage DNSResolvers DNSResolvers Level 3
    Cable & Wireless

    Once you've chosen a DNS server to use, you need to enter your selection into your operating system's DNS settings.

    Change your DNS settings in Windows

      • Open your Control Panel under the Start menu.

      • Under Network and Internet, click on "View network status and stats".

      • Click on your wireless connection at the right side of the window.

      • The Wireless Network Connection Status window will open. Click on Properties.

      • In the Wireless Network Connection Properties window select Internet Protocol Version 4 (TCP/IPv4), and click on Properties.

      • You should now be in the Internet Protocol Version 4 (TCP/IPv4) Properties window, where you are going to specify your alternate DNS address (for example: Google Public DNS)

      • At the bottom of the window, click on "Use the following DNS server addresses" and complete the fields with your preferred and alternate DNS server IP information. When you are done, click OK. By default the first DNS server will be used. The alternate DNS server can be from another company.

    Credits goes to flossmanuals (y) :ROFLMAO:
    John Ace Lopez and makitasana like this.
  9. yus15

    yus15 Support Team Staff Member Support Team

Thread Status:
Not open for further replies.

Share This Page