MCH2022 Curated content
Censoring the internet & how to bypass it
In recent times, internet censorship has increased throughout the world. With governments realising the potential of the internet in spreading information as well as misinformation.
To curb or rather control this, governments around the globe have taken to censoring parts of the internet by directing major ISPs to block access to those websites.
The ISPs around the globe have used different methods to block the access. Some resulting in DNS filtering to others doing SNI ( Server Name Information ) inspection.
There have been ways to bypass these restrictions, like DoH ( DNS over HTTPS ) and eSNI ( encrypted SNI ), now ECH ( Encrypted Client Hello ), supported by TLS 1.3.
To counter these, some authoritarian regimes ( like China ) have blocked eSNI traffic altogether, to be able to sniff the traffic and block the websites accordingly on their ‘Great Firewall’.
I will be talking about how these different mechanisms of blocking user traffic works, by doing a live demo of packet analysis using wireshark.
Later on in the talk, I will show a comparative study of the different ISPs around the globe and what their approaches are at blocking the internet ( if any ).
After understanding how the technologies work, I will show ways to bypass the censorship by some open source tools, DIY solutions and finally some paid/managed alternatives. What are the things that one should look for when choosing one such paid solution.
Towards the end, I will announce the open source repo for the tool used to conduct this project, where people can contribute and use it for their own research purposes.
I am analysing some of the major ISPs 'around the globe' and how they’re blocking websites and easy + cost-effective ways to bypass them. There has been some previous research into this, but that has included some limited dataset, back in 2020. From then to now a few things have changed including the way ISPs are blocking websites.
With this project I am trying to :
1. Analyse the global censorship of internet
1. Globally how different ISPs block the network traffic
2. Distribute the client globally and ask volunteers to run this atleast once
2. Release the client and server code as open source
3. Publish all the data, country wise on a github repo for everyone to consume
The talk would be in two parts :
- First : Where I talk about the technical nitty-gritties as to how censoring in modern times work.
- Second : After understanding how the technologies work, we will try to bypass those by some open source tools, some DIY solutions and finally some paid/managed alternatives, what are the things to look for when choosing one such provider.
Hence, even for folks who aren't much into the technical details of censorship, would have some arsenal of tools to bypass it, by the end of the talk.
Starting with the famous question : \
“What happens when you type a (https) URL in your browser and press enter ?” \
\
I will cover all the aspects starting with :
1. DNS lookup
2. TLS Handshake - ClientHello,TLS negotiation, ServerHello etc
3. Encrypted Data Transfer
All of these would be shown a live demo of in wireshark, alongwith decrypting the traffic using certificates.
Explaining these stages are important because each of these involve ISPs tampering with to censor the internet. Once we know how it’s done, we will figure out how to resolve this privacy issue. Like :
Stage
How ISPs censor
Confirmation Test
Bypass
DNS Lookup
Their own DNS as default
DNS filtering
Check on dnsleaktest.com
Use DoH ( DNS over HTTPS )
dnscrypt
TLS Handshake
SNI Inspection
Use the tool
Check on wireshark
Use VPN
eCH
Further move on to ECH ( Encrypted Client Hello ) and why China hates it .
Show a comparative analysis of the different ISPs I’ve tested using the tool.
Towards the end talk about the open source tool, the client and server code themselves.
The tool, client app :
1. Sends request to alexa top 1M domains
2. Records packet response and to find what kind of filtering is in place ( if any )
3. Sends data to central dashboard server for generating heatmaps and graphs
The tool, server app :
1. Will consume all the JSON data and validate its findings.
2. Generate heat maps for all the ISPs and different websites that are blocked.
Talk about solutions to bypassing the censorship :
1. Open source tools & solutions - DoH, changing default DNS etc
2. DIY things - self hosted 1-click VPN, ephemeral on-demand sshtunnel etc
3. Paid solutions - Things to look for when choosing one such paid solution
Additional information
| Type | Talk |
|---|---|
| Language | English |
More sessions
| 7/22/22 |
⚠️ Warning! This talk may contain hackers. There may be hackers in the room. There may be hackers surrounding the room. There may be hackers recording this. There may be hackers listening in. There may be hackers that exfiltrate data. There may be hackers wearing shirts. There may be hackers carrying spying devices. OH NO! There are hackers EVERYWHERE! What can we do now, except having a party?
|
| 7/22/22 |
What do big tech, synthesizers, the crucifixion and Matthäus Passion have in common? Find the answer in the tech performance The Silicon Passion. We’ve all embraced big tech —but is it a warm hug or a strangulation? Bear witness to a debate of biblical proportions between tech nerds, technology and its users. In The Silicon Passion SETUP, in collaboration with de Transmissie (David Schwarz en Derk Stenvers) and Rodrigo Ferreira, is looking for a way out of the pit that technology has ...
|
| 7/22/22 |
Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: https://wiki.mch2022.org/Static:Lightning_Talks
|
| 7/22/22 |
In this workshop, we will learn how to assemble tiny parts on circuit boards by building an electronic touch-activated purring kitten. Anyone can do it. Yes, even you who never touched anything electronic before. Takes 120mins, 20€/kit, avoid caffeine immediately before. Max 10 participants per session, sign up on PAPER at the Hardware Hacking Area.
|
| 7/22/22 |
This is a submission for a keynote talk at MCH2022. The Internet is both a familiar, comfortable place as well as a bottomless rabbit hole you can lose yourself in. The Internet has always been like this from its inception, the difference now is the scale and consequences are almost immeasurable - and it tests the limits of human imagination. When you look into the mirror of the Internet what you see reflected back depends on what you are looking for. It has become largely a reflection of ...
|
| 7/22/22 |
Have you ever forgotten a passphrase or lost a hardware token? Lost access to enough Bitcoin to buy a pizza or two? Encryption is fundamental to securing our liberties, but key and password management remain difficult even for professionals, let alone the general public. This talk presents Passcrow, an Open Source project attempting to address one of crypto's largest usability issues: password and key recovery in a decentralized environment.
|
| 7/22/22 |
Thanks to DNSSEC and DANE, it is possible to automatically verify user@domain.name identities by checking with domain.name servers. The real problem however, is integration with existing protocols, instead of inventing something completely new and perhaps web-only. The purpose of our work on Realm Crossover mechanisms has been to design generic solutions that extend many different application protocols, without changing their protocol specs.
|
