Blocking social media sites - ways to circumvent it.
The recent political events brought to mind something I've been curious about for some time. How do authoritarian governments block social media sites? I can imagine that the governments have control over their DNS zone and the "main" internet backbone connecting the country to the rest of the internet. I guess that editing the DNS record can "prevent" access, but I'm sure that's not how they do it because pointing to one of the many IPs will do it. Is there some type of layer 7 FW they use for it?
And how about using Tor or any other type of proxy to access those sites they're trying to prevent, do they block those applications too? But how about using other apps that have a "different category signature"? So maybe there's a proxy in the dark web that can be categorized as a shopping site so it's not easily identified by a web-control solution?
Do authoritarian governments implement some type of massive web-control filter solution at the gateway? If so, wouldn't it be "simple" to bypass with a satellite internet service from a different country, or maybe a wireless point-to-point or point-to-multipoint solution from a neighboring country and extend the network from there? I'm also thinking, do these governments inspect encrypted traffic as well? How could they? They don't have the keys...
If they implement a web control solution, are they commercial tools like umbrella or anything else out there?
I'm just trying to wrap my head around internet control at a large-massive scale what people can do to bypass the filters.
ASKER
So it turns out that Elon Musk says SpaceX Starlink internet service has been activated in Ukraine. I hope they can also find a solution to protect the power grid (if vulnerable) in case Putin decides to attack it again.
@David, the question is not related to my situation. But rather, I'm trying to understand how authoritarian governments implement technology to impose censorship over their citizens and how citizens use technology to circumvent the filters. The first counties that come to mind are Russia, CCP, North Korea, Cuba, Iran. But, it's interesting you mention US, England, and Canada as countries imposing censorship as well. Can you elaborate on that? I'm well aware of monitoring in the US, but not censorship.
what authoritative countries do is control the ISP's feeds. All traffic must route through the government agency.
As to censorship UK blocks child porn and incitement to murder among other things, and the US censored it's own government agencies under Trump by making the EPA remove pages from its website but that's getting political and this is not a politics site unless you count the Lounge.
ASKER
> not sure why child porn is not blocked across the web by all nations,
> not sure what the rationale would be for not doing it
It's more complex than just "we don't want [insert -anything- illegal here] to happen, so just block it."
Let's say that authorities determine that IP address 1.2.3.4 is hosting child porn or a drug marketplace. First, preventing all users within a country from accessing that IP requires there to be some type of "great firewall" type of mechanism like what you were asking about. And as described above, users who are determined to access the content can use a variety of techniques to circumvent the blocking measures. There's a supply-and-demand dynamic that comes into play here, and there are people who believe that no content at all should ever be blocked, no matter way, so they could potentially create their own ISP and tout it as some kind of "ultimate freedom" internet connection. In an indirect way, Tor could be classified that way.
Additionally, some countries prefer to err on the side of open access vs. controlled access, because of concerns that if some authoritarian-type of person or group were to be in power at some point in the future, they could potentially abuse such a national firewall to suppress free communication that could threaten their power, or even start "witch hunts" to track down people who speak out against the government.
Second, a lot of dark web operations are portable so they can easily move to another IP address and be up and running again in minutes or hours, while it may take days to get the official / federal authority to institute a block. So the blocks may not be effective unless carte blanche is given to the group that implements the block itself, so they can quickly block the new IPs as fast as they come up. However, carte blanche blocking power goes back to the possibility of one group having too much power and could potentially abuse it in the future.
Third, permitting illegal activities to occur (at least temporarily) can lead to being able to gather enough evidence to pursue arrests of the suppliers of the content. Additionally, random, publicized police action against such sites or their users can lead to "poisoned well" deterrent, where someone is hesitant to access illegal content in case it's a trap. HTTPS makes it more difficult to monitor communications but it's not impossible in every case. SNI and plaintext DNS lookups can sometimes (if there's a known/flagged hostname in front of the content) be sufficient evidence to get a warrant for someone's computer (presuming the computer is within the legal jurisdiction of the police).
. if you consider that a domain name for short duration is basically free this is known as domain tasting which gives you 5 days to cancel a domain. https://en.wikipedia.org/wiki/Domain_tasting
I suppose India has no hex tiles on that map is because it is too far North???
https://areomagazine.com/2022/02/18/elon-musks-satellites-will-probably-not-trigger-a-war-in-space/ explains quite well why StarLink won't be used to bypass the great firewall, China wouldn't have to shoot satellites down, just beam noise at them as they pass at the same frequency they receive from user terminals effectively blocks them so to do business in China SpaceX have to comply with their laws.