45 comments

[ 1.7 ms ] story [ 121 ms ] thread
and why is that?
I suspect there is an archived site that was removed/censored by the government.

But this site is still available through archive.org, so as a drastic measure, they block archive.org entirely.

The joke's on them because https works just fine like all other https sites.
I'm on ACT, and it appears that I can access both http://web.archive.org/ and https://web.archive.org/

On Airtel, I can't access the http version. So must be an Airtel specific block, unrelated to the "Indian Government."

archive.org is still getting blocked over Airtel: http://paste.ubuntu.com/25276595/
That's not blocking. I get exactly the same response from Germany. What's happening is this:

  HTTP/1.1 301 Moved Permanently
  Location: https://archive.org
They're upgrading you from HTTP to HTTPS. curl, by default, does not follow redirects. Add `--location` to enable it:

  $ curl --location --head archive.org
  HTTP/1.1 301 Moved Permanently
  Server: nginx/1.4.6 (Ubuntu)
  Date: Wed, 09 Aug 2017 13:20:21 GMT
  Content-Type: text/html; charset=UTF-8
  X-Powered-By: PHP/5.5.9-1ubuntu4.21
  Location: https://archive.org
  Age: 0
  Connection: keep-alive
  Via: 1.1 akamai (ACE 5.8.1/5.8.1)

  HTTP/1.1 200 OK
  Server: nginx/1.4.6 (Ubuntu)
  Date: Wed, 09 Aug 2017 13:20:22 GMT
  Content-Type: text/html; charset=UTF-8
  Connection: keep-alive
  X-Powered-By: PHP/5.5.9-1ubuntu4.21
  Set-Cookie: PHPSESSID=kb7jsuslq8hrsfg96obqc5gnq3; path=/; domain=.archive.org
EDIT: Apparently archive.org does not do HSTS. If they did, a lot less people would be noticing the censorship.
Check the first response on the paste that I posted. The response is an iframe:

    <meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0"/><style>body{margin:0px;padding:0px;}iframe{width:100%;height:100%}</style><iframe src="http://www.airtel.in/dot/?dpid=1&dpruleid=3&cat=107&dplanguage=-&url=http%3a%2f%2farchive%2eorg%2f" width="100%" height="100%" frameborder=0></iframe>
which has the following content:

>Your requested URL has been blocked as per the directions received from Department of Telecommunications, Government of India. Please contact administrator for more information.

Can access both on my Airtel 4G.
Airtel is usually very responsive in these cases, while ACT isn't. I'm on ACT and I can also access fine.
One of the best things I did recently was setup dnscrypt-proxy locally. Most of the Indian ISPs just do transparent DNS proxying and dns-crypt helps avoid those. Lots of them do DPI on HTTP requests, so HTTPS-everywhere helps as well.
Similarly in the U.K., Potasto2 is a good solution to this kind of filtering. It sets up a local vpn server that allows you to customize DNS servers and proxy settings without added latency of a remote VPN (but of course without the added benefit of encryption.) It's the only way I've found to use non-ISP DNS servers on non-jailbroken iOS when connected to a mobile network.
In the current scenario this would be illegal to circumvent in most cases so if DoT puts block, don't try to circumvent even if it is possible. In India the law situation pretty bad so.....
I'm amused by "Please contact administrator for more information".

... "But I _am_ administrator!?"

May be related to this article?

Airtel is sniffing and censoring CloudFlare’s traffic in India and CloudFlare doesn’t even know it. - https://medium.com/@karthikb351/airtel-is-sniffing-and-censo...

Nopes, this is entirely different. CF was being MITM'd by airtel (likely still is) because airtel was/is their upstream ISP for their edge locations in India.

archive.org is blocked in India because of a court order somewhere.

The following article has a tweet from a journo which says its because it was hosting a movie (Jab Harry Met Sejal) illegally and the Madras court thought banning archive.org is a solution.

http://www.dailyo.in/variety/internet-archive-dot-block/stor...

Update: A more detailed from from the BBC. https://www.bbc.co.uk/news/amp/technology-40875528

For people saying; "its working for me". Here is the explanation.

The block has been implemented using a hosts based method. Such methods work in HTTP as anyone on the network can intercept the traffic and modify it. This snooping is not possible in HTTPS, hence the word secure.

(Update: The above statement is misleading. Please read TallGuyShort's comment for clarity).

This kind of block sometimes take time to propagate given how our ISP networks are setup. The blockage can be implemented at any level. ISP, acquiring ISP, backbone etc.

But even HTTPS can get blocked via DNS provided you are using a DNS which is under the influence of DoT. Most internet users use Google DNS(8.8.8.8) or OpenDNS(208.67.222.222) or Berkeley DNS (4.2.2.2) as their DNS (They have fallback ips also). This is set in your network adapter settings or router settings. They are not under the influence of the DoT. I am not sure if there is a DNS block as I use Google DNS.

Also, IP based blockage is possible which restricts access to HTTPS sites but it is not the case here.

Censorship is no solution to piracy or terrorism. Burying your head in the sand doesn't solve the problem.

Edit: Updated to read TallGuyShort's comment.

>> The block has been implemented using a hosts based method

I'm curious what exactly you mean by hosts-based. For it affect HTTP but not HTTPS, routers would have to be inspecting TCP packets and parsing HTTP. I'd call that packet-sniffing. hosts-based sounds like the DNS-level block to me. Am I missing something?

You are correct. I should have explained it better. I tried to over simplify it and ended up writing misinformation.
Using an alternative DNS server won't necessarily save you from DNS-based censorship. The ISP can modify any DNS traffic they want.

I actually had an ISP once that redirected all 53 port traffic to their own DNS server. It was "fun" every time this DNS server went down.

AFAIK, Jio, at least is using IP based blocking. Unable to ping or connect to any port on the the blocked IP addresses.
(comment deleted)
I also tweeted to @DoT_India

Let see their response

So, it is the Judiciary (Chennai High Court) which ordered the ban and Indian Gov. followed it.
Sometimes I think court orders should be voted on. And if 5 people think your order is stupid you lose your fucking job. Get disbarred from law for life.
"Judicial independence is the concept that the judiciary needs to be kept away from the other branches of government. That is, courts should not be subject to improper influence from the other branches of government, or from private or partisan interests.

Judicial Independence is vital and important to the idea of separation of powers."[1]

1: https://en.wikipedia.org/wiki/Judicial_independence

Yes, I know, but then we should have some procedure to prevent idiots from becoming judges.
DNS should be encrypted to prevent this kind of blocking. Were still using DNS technology from the 80s.
HTTPS or HTTP; archive.org is not blocked across india,misleading & incorrect post title.