Governmental Porn Blocks Have Started – How Circumvent Them

[rawTOP]

The government of Thailand has blocked 190 porn sites. Presumably more will be blocked in the future. Other countries are talking about age verification systems, etc. While it may seem trivial to fight to see porn, the same blocking mechanisms they use block porn they can use to block political discussions, access to objective news, etc.

Here's a rundown of how governments and corporations block you and what you can do to circumvent the block. Even if you don't need these technologies, it's good to support them because other people do need them…

DNS Blocks ➜ DoH (DNS over HTTPS)

The most common way to block a website is to block it when you first try to connect. When you type in "breeding.zone" into the address bar, your computer needs to convert that domain  name into an IP address. So it asks what's called a DNS server to tell it the IP address. If your government tells your ISP to block Breeding Zone they'll simply return a "I don't know the IP for that site" and you can't connect.

So you might think, "I'll just ask a different DNS server". The problem is that some ISPs won't let you talk to any DNS server except theirs – they block the port for DNS on their connection to the Internet so you can only talk to DNS servers in their network (which they control).

The solution is DNS over HTTPS (DoH). It makes DNS requests look like regular web requests so your ISP can't tell you're talking to a DNS server outside their network.

Ideally DoH should be configured in your OS. When it's configured in your OS everything on that device will use it. Supposedly it's possible with iOS 14, but I can't figure it out. And configuring it on MacOS won't be possible until v11 (which is about to be released). I'm not a Windows or Android person, so not sure about those.

So, for now, the one way you can use DoH is to use Firefox. In Firefox go to Preferences, search for DNS and simply turn on DNS over HTTPS. It's actually really simple. For this reason I strongly suggest everyone use Firefox. AFAIK, it's the only browser that has really embraced DoH.

UPDATE: You can also turn on DoH in Chrome. At least I think it's DoH, it might be DoT (which can be blocked). They call it "Secure DNS" and don't say which type of encrypted DNS they use. To turn it on in Chrome, go to Settings ➜ Privacy and Security ➜ Security, then under "Advanced" you'll see "Use secure DNS". Toggle the option if it's not already toggled, then choose one of the providers listed under "With", and you're done.

Packet Inspection ➜ ESNI (Encrypted Server Name Indication)

Once you have an IP address each time your computer requests something from the site it will encrypt the request if you're using HTTPS, but the one piece of information it can't encrypt is the server name (e.g. "breeding.zone" – essentially the domain name) – it's sent in clear text because there are usually multiple sites on each IP and the encryption certificates are for each site, not for the IP. Sending the server name in clear text allows the server to know which encryption certificate to use to decrypt the request. What this means is that your network provider can look at the packet, see the server name and block your request at that point. It's a lot more work for them than blocking you at the DNS level, but they can do it.

Encrypting the server name requires "ESNI" (Encrypted Server Name Identification). Not all sites are configured to use ESNI, but you can tell Firefox to use it when supported if you do the following… In the address bar type "about:config". It will ask you if you're sure you want to go further, say yes. Then type in ESNI and you'll see a few lines of information. The top one will have the word "false". Double click on that word and it will turn to "true". Once you do that ESNI is enabled.

Blocking IP Addresses

The last way network providers can block you from seeing sites is to block the entire IP address. To do that they need to resolve the IP address themselves and then block the IP for the site. There's nothing YOU can do to stop this. But hosting companies can fight it a few different ways. They can mix desirable content and undesirable content on the same IP, so if the IP is blocked they're blocking stuff they didn't want to block. Or they can constantly change the IP address, so it's a huge game of whack-a-mole and the government / corporation can never keep up with all the changes. That's difficult with IPv4 (IP addresses that consist of 4 numbers separated by periods) because IPv4 addresses are pretty limited, but it's completely doable with IPv6 (IP addresses that consist of 8 alphanumeric strings separated by colons). There are literally billions of available IPv6 addresses.

 

I'll update this post as more information becomes available, but for now, use Firefox and tweak the settings to protect yourself.

[EricX]

Dies that work for all versions of Firefox (I.e. iOS too) or just the desktop versions of Firefox?

[rawTOP]

56 minutes ago, ericbttmffx said:

Dies that work for all versions of Firefox (I.e. iOS too) or just the desktop versions of Firefox?

I believe so, but can't say for sure. I still use Safari on iOS.

[AlexBBPig]

I've used Firefox for a while now. DoH does work on the desktop version.

[shortstackhole]

could always use a vpn and spoof your ip address. its what i did in highschool to get around the 'morality filter'. i used tor. had it installed on a jump drive and id use the school computers to get on social media or play games

[rawTOP]

3 hours ago, putitinmecoach said:

could always use a vpn and spoof your ip address. its what i did in highschool to get around the 'morality filter'. i used tor. had it installed on a jump drive and id use the school computers to get on social media or play games

Realize that unless you do many of the steps above, VPNs have data on all your browsing and they sell that data to the highest bidder. VPNs can get you around blocks, but most of them do not increase your privacy.

[kinkysuBB]

On 11/11/2020 at 12:20 PM, rawTOP said:

Realize that unless you do many of the steps above, VPNs have data on all your browsing and they sell that data to the highest bidder. VPNs can get you around blocks, but most of them do not increase your privacy.

There are some that come well recommended by privacy advocates. I use one myself, despite living in a liberal democracy with good data protection laws, just on point of principle really. But they’re the ones that cost the most money.

I know you know that, so I’m not really aiming that at you!

Edited November 17, 2020 by subBottomKink

[Guest Goodbye]

This is making me realize the importance of an IT background...

I need to really brush up on my soft skills... 

But thanks for the insight... 

[AirmaxUK]

There a good comparison of VPN services on Wikipedia: [think before following links] https://en.wikipedia.org/wiki/Comparison_of_virtual_private_network_services

I took the line that you get what you pay for, so I avoided anything 'free'.

I ended up with NordVPN on my devices which seems to work quite well for me on iOS, MacOS, and Linux. I had some trouble with some features in the ARM 32bit Linux version of their native client software (Killswitch and Nordlynx wouldn't work) but using OpenVPN client seems okay. It seems pretty fast - I have gigabit fibre and routing through the VPN mostly affects the latency - the speed is pretty good unless you connect to an endpoint somewhere far off like Costa Rica.  I like their kill switch feature which stops all communication if the VPN disconnects - that way you don't leak anything accidentally. 

I've noticed that some websites (Footlocker and my banks notably) won't talk to me at all when I'm on NordVPN - even on a UK server - and I have to switch it off for that. If it were not for that I'd enable it on my router for all traffic.  The only other problem has been that some hotels or companies with public wifi also prevent connections to the VPN service.   

macOS Big Sur is reported to have system wide DNS over HTTPS built in - but I can't seem to find out any info about using it. (If anyone knows, drop me a DM)  

[ErosWired]

On 11/4/2020 at 8:23 AM, ericbttmffx said:

Dies that work for all versions of Firefox (I.e. iOS too) or just the desktop versions of Firefox?

The about:config functionality does not appear to be available on Firefox for iOS. When I try it on either an iPhone or an iPad, all the browser returns is a blank white screen. And why should we be surprised? This is a company that will allow no app to be sold through its app store unless the app meets its content restrictions. They have no interest in allowing users of “their” equipment (oddly overlooking the fact that we bought it from them in exchange for our money) to be reconfigured to bypass their control.

[rawTOP]

On 2/14/2021 at 12:34 AM, ErosWired said:

The about:config functionality does not appear to be available on Firefox for iOS. When I try it on either an iPhone or an iPad, all the browser returns is a blank white screen. And why should we be surprised? This is a company that will allow no app to be sold through its app store unless the app meets its content restrictions. They have no interest in allowing users of “their” equipment (oddly overlooking the fact that we bought it from them in exchange for our money) to be reconfigured to bypass their control.

ALL browsers on iOS are Safari. The only thing Apple allows developers to do is change the user interface of Safari. Actual other browsers are banned from iOS devices. That means Firefox on iOS isn't really Firefox - it's Safari with an interface done by folks at Mozilla.

[ellentonboy]

I find all of this information disconcerting, to say the least.  I have had multiple android devices destroyed, phones and laptops, by a hacker who sent a virus thru and changed all the permissions on my devices.  I could not even donate the devices, they were of no use.   I was deliberately targeted, filed police reports, but in the end no one was held accountable.  With my apple phones, I could actually see myself moving in one of the apps, yet I was sitting in my house.  When I contacted Apple, they pointed fingers at my internet provider.  I tried to constantly change the wifi information, only to have them break back in.  I even moved to a new apartment,  hired the "Geek Squad" to come to my new apartment, change the wifi password and he left assuring me I would not be hacked.  Assuming I was safe, I thought I would have some fun on A4A, only to be recognized by the people that had previously targeted me.  They got into both phone devices and actually re-arranged photos that are on my MacBook Air, sort of a way to tell me they had gotten into that as well.   My partner was just about ready to hang himself, thinking we would have to relive everything we had gone through before, just because I decided to get on A4A and find someone for us to play with.   I had to contact Apple and spend over an hour and a half with one of their specialists to see if they could help us regain control of our devices.  I think our phones are safe, but I am not 100 percent sure.  

Enough about my poor judgment, I do have a question regarding how I am able to get onto BZ.  When I tried going through Safari I could not connect. I have to type in google, then type Breeding Zone in the search bar, and then I can get in.   I see @rawtop has stated that all browsers on IOS are safari.  So, is my current way of connecting the correct and only way to get onto BZ?  

I know, I know I need to take some IT courses because I feel like I have no privacy and there is always someone watching.  I have tried VPN's only to have them limit my connection to my bank, or the IRS, or other government agencies.   I've been told to get rid of my MacBook and switch to a non-Apple laptop, but with the years of money I invested in iTunes I am reluctant to close my MacBook forever.  Yes Apple got my money for iTunes as well, since oh, like 2004.  I have over 2000 songs that not only show what poor taste I have in music (anyone remember Amber, Deborah Cox?), but also I fell for the idea that Apple would continue to support iPods and I tunes in general, now I see they are no longer going to make those kind of products.

So yes, if you have a bridge for sale, I would be the first guy to approach.....

Anyone have any advice, because frankly, all the hacking and turning my webcam on to record me, has taken the gay out of my gay life........

[ErosWired]

4 hours ago, rawTOP said:

ALL browsers on iOS are Safari. The only thing Apple allows developers to do is change the user interface of Safari. Actual other browsers are banned from iOS devices. That means Firefox on iOS isn't really Firefox - it's Safari with an interface done by folks at Mozilla.

Well alrighty, then. I did not know that. In my book Apple just left the Devious column, bypassed Diabolical, and went straight for Despicable.

[BootmanLA]

1 hour ago, ellentonboy said:

Enough about my poor judgment, I do have a question regarding how I am able to get onto BZ.  When I tried going through Safari I could not connect. I have to type in google, then type Breeding Zone in the search bar, and then I can get in.   I see @rawtop has stated that all browsers on IOS are safari.  So, is my current way of connecting the correct and only way to get onto BZ? 

FWIW, although I use an Android phone day-to-day, I have an iPhone I connect to wi-fi to use to test websites under development to see what they look like in Safari.

When I go to [think before following links] https://breeding.zone directly in the Safari Browser, it takes me to this site. That makes me think that you're probably trying the wrong URL (the address in the title bar) - for instance, if you're using "breedingzone.com" that won't work.

If that isn't the problem, I can't really suggest why Safari won't work directly for you. It should never be necessary to go through Google to get to a website if you're using the correct URL.

[ejaculaTe]

8 hours ago, BootmanLA said:

FWIW, although I use an Android phone day-to-day, I have an iPhone I connect to wi-fi to use to test websites under development to see what they look like in Safari.

When I go to [think before following links] [think before following links] https://breeding.zone directly in the Safari Browser, it takes me to this site. That makes me think that you're probably trying the wrong URL (the address in the title bar) - for instance, if you're using "breedingzone.com" that won't work.

If that isn't the problem, I can't really suggest why Safari won't work directly for you. It should never be necessary to go through Google to get to a website if you're using the correct URL.

Using desktop versions of Safari, Firefox, and Chrome, the URL breedingzone.com took me this site. The URL breedingzone.net could not be found when using all 3 browsers. If I typed breeding zone.com (notice the space between "breeding" and "zone"), I landed on a search results page in DuckDuckGo.