This was exactly my first thought too. I was hoping for something clever in the "How it works" section of their website, but it's just a simple proxy which resides on their servers. If gateway.immunicity.net gets blocked then it's game over isn't it?
http://www.theregister.co.uk/2013/07/04/payment_block_swedis... Are you sure about that? Slowly but steady they are closing all our public and completely legal private venues of communication, all with the help of companies such as VISA and Mastercard.
You're mixing-up VPN (Virtual Private Network) and VPS (Virtual Private Server). A VPS can be used as a personal VPN, among other things. As parent suggested, it would be hard to imagine a ban on VPSs.
Deep Packet Inspection... aaannd the game is over. Sorry, but the only the way to defend is to do something against it, protest, demonstrate, campaigns. And to attack the arguments of the politicians with a very strong backup or to leave the country.
If you know 'anything' that really circumvents DPI, please let me know, I will buy it, now! :) (Hopefully I can shoot my own Satellite into space someday..)
I have read the oppsite, can you show me how vpn+proxy over ssh can prevent getting blocked from DPI? I thought they block everything not on their whitelist.
Well that would mean they would have to block most non-mainstream sites or alternatively block a ton of things. Of course with a whitelist it is more difficult but it is almost certainly not they way they will do it.
Given what we already know about the extent of DPI monitoring on the US internet, and the US govs data sharing programs, why do you think this a more practical choice than actual democratic representation in the long term?
Using sslh one can actually host both https sites and ssh on one port. I used this to hop over a very restrictive firewall in my company, it works great.
As pointed out by est, you can snoop on SSL certificates passing over the wire and drop connections containing canonical names you don't like, or signed by CAs you don't like.
You can also drop and throttle HTTPS connections without effecting genuine use, while completely buggering up P2P and other bulky uses.
This is essentially just a list of (presumably unblocked) proxies for the sites on their (quite short) list. They don't provide anything aside from ease of configuration (which admittedly might be worthwhile for some).
When the proxies get blocked, they'll have to either find replacements or shrink their list.
If you're not in a position to opt out of it (you're using someone else's connection) then you're in a legally[1] grey area and you want to weigh the chance of being caught with the penalties involved with the benefits gained.
Students at Universities have been thrown out because they did something minor but against the ToS of their Uni. This has considerable impact - they have some years on their CV that they have to explain to potential employers. And while funding for Uni is lousy in the UK it's even worse for adults returning after dropping out before.
It's weird that there is so much kerfuffle about governments slurping data when services like these pop-up and offer proxies.
[1] You're using someone else's connection, which means there's possibly some agreement between you and them. If that agreement includes "don't evade the filters" then you're now potentially breaking English computer misuse laws.
> It's weird that there is so much kerfuffle about governments slurping data when services like these pop-up and offer proxies
It's not 'weird'. This is a battle of privacy for law abiding adults. Most of public can't even establish that blocking porn requires a system of such depth that it will infringe on their private life, let alone have the know-how to seek or set up these proxies.
@DanBC I'm stepping into hot ground, but I would like to share my opinoin with you. What about the government supported public exposure of demonstrants Faces and criminalizing every demonstrant? Isn't that the foundation of a state that prepares to do whatever it wants with it's "human ressources"? How will you know if protesters got killed when this info is censored, you even learned recently that the UK has a PRISM on it's own.
> you even learned recently that the UK has a PRISM on it's own.
I knew that for years. I've been talking about echelon and similar for many years.
> What about the government supported public exposure of demonstrants Faces
If you can show me demonstrators who hide their face and who don't commit acts of criminal damage or violence I'll agree the law is stupid.
> criminalizing every demonstrant?
UK laws around public protest are sub-optimal, and the police do misuse many powers. People who have been wrongfully arrested, or kettled, or similar have my full support in bringing those police officers to justice. But many people demonstrate peacefully every year and have no problems with police.
> How will you know if protesters got killed when this info is censored?
One of the oldest and largest UK newspapers was forced to close by the government, and it's editor has been arrested. Along with the editor a number of journalists were arrested.
Yes, the UK does lock up journalists.
During the 2011 protests after a protest in Tottenham following the death of Mark Duggan, a local who was shot dead by police on 4 August 2011 termed the '2011 riots' by the UK government, so many were locked up the courts local jails were too full.
If you mean "The News of The World" then you need to get your facts in order [1].
Their journalists and editor, Andy Coulson, were arrested for illegally hacking into personal voicemail accounts for the purpose of muck raking.
Rupert Murdoch chose to shut down the paper after the extent of the behaviour by that paper's staff was revealed to the British public. The UK government had no hand in closing the paper.
Censorship concerns/debate aside, if you can opt-out of the filtering, isn't that a rather simple solution and quick fix? Or is the filter only for porn and the gov is just starting to censor things they don't like?
Well basically you're both running through a proxy, just one is assigned "kid" privileges and one is assigned "adult" privileges. This is how my high school handled it way back when, Student accounts were put into kid privileges so obviously porn was blocked but also flash games, etc. However it was easy to circumvent by just finding a different site not on the blocked list and it'd take a couple of weeks for the proxy to update with the new games sites and then the hunt began again.
It was always a race against time as the proxy company was constantly supplied with the sites we were going to. So when 50 something kids are accessing some bizarre dutch domain name, they'll eventually look and find another site they had to ban.
The primary concern is that anyone who opts out of the filter will be being used to supply sites for the proxy to block, which is an ingenious way to do it when you're a commercial company. However, this is the government and being on a 'naughty' list is just giving them a blackmail list to compile against anyone.
I never get this logic either that the people must be oppressed, because surely people would read a fucking history book and figure out that always ends really poorly for the necks of those doing the oppressing.
Oppress people enough and you won't see them voting by the masses for an upstart political party, you'll be seeing a Maoist revolution from the downtrodden working class.
I'm not sure we're talking about the same usage scenario.
If this was a problem there would be an exemption process for large companies, but I'm talking about private usage. I believe big corporations are not all that likely to use privacy-as-a-service VPNs. Or do you mean normal corporate VPN, as in dial-into-the-office VPN? That would obviously not be blockable or even blockworthy.
But as far as the privacy VPNs are concerned: If proxy sites are being blocked, isn't it reasonable to expect the same for VPN providers?
That's reasonable, but I'm guessing most large corporations have their own VPN service that links directly into the company network, right? I would imagine the expense of having a CryptoCat account for every single employee on the road quickly becomes larger than the overhead of running your own VPN server.
I have some medium-sized corporate clients who have their own VPN servers at HQ in order to enable people to work from home, it would be trivial to use these for mobile devices as well.
If this great firewall of Cameron goes ahead (and I really don't think it will) I wouldn't be surprised if they distinguish between domestic and business customers. Business customers will be left to sort themselves to ensure compliance.
45 comments
[ 3.1 ms ] story [ 109 ms ] thread☑ web blocking circumvention tools
will be one of the checkboxes.
Vote for: http://www.pirateparty.org.uk/
If you know 'anything' that really circumvents DPI, please let me know, I will buy it, now! :) (Hopefully I can shoot my own Satellite into space someday..)
Problem solved.
Seriously people think SSH or VPN is advanced? Every clear text handshake protocol could be blocked at ease.
You can also drop and throttle HTTPS connections without effecting genuine use, while completely buggering up P2P and other bulky uses.
However I'll only release it on a gradual level as it's a cat and mouse game.
This is essentially just a list of (presumably unblocked) proxies for the sites on their (quite short) list. They don't provide anything aside from ease of configuration (which admittedly might be worthwhile for some).
When the proxies get blocked, they'll have to either find replacements or shrink their list.
If you're not in a position to opt out of it (you're using someone else's connection) then you're in a legally[1] grey area and you want to weigh the chance of being caught with the penalties involved with the benefits gained.
Students at Universities have been thrown out because they did something minor but against the ToS of their Uni. This has considerable impact - they have some years on their CV that they have to explain to potential employers. And while funding for Uni is lousy in the UK it's even worse for adults returning after dropping out before.
It's weird that there is so much kerfuffle about governments slurping data when services like these pop-up and offer proxies.
[1] You're using someone else's connection, which means there's possibly some agreement between you and them. If that agreement includes "don't evade the filters" then you're now potentially breaking English computer misuse laws.
It's not 'weird'. This is a battle of privacy for law abiding adults. Most of public can't even establish that blocking porn requires a system of such depth that it will infringe on their private life, let alone have the know-how to seek or set up these proxies.
Egypt - Egypt is a little bit different. (http://www.aljazeera.com/news/middleeast/2013/07/20137271645...)
We have excessive policing, but we tend not to kill protesters. (Certainly not in these kinds of numbers.)
We're not putting journalists in prison. (http://www.cpj.org/2013/07/egyptian-authorities-step-up-cens...)
I knew that for years. I've been talking about echelon and similar for many years.
> What about the government supported public exposure of demonstrants Faces
If you can show me demonstrators who hide their face and who don't commit acts of criminal damage or violence I'll agree the law is stupid.
> criminalizing every demonstrant?
UK laws around public protest are sub-optimal, and the police do misuse many powers. People who have been wrongfully arrested, or kettled, or similar have my full support in bringing those police officers to justice. But many people demonstrate peacefully every year and have no problems with police.
> How will you know if protesters got killed when this info is censored?
Look at the massive amount of press coverage around people killed by police - (http://news.bbc.co.uk/1/hi/uk/4713753.stm), (http://www.bbc.co.uk/news/uk-13268633) - do you honestly believe that information is or could be censored?
One of the oldest and largest UK newspapers was forced to close by the government, and it's editor has been arrested. Along with the editor a number of journalists were arrested.
Yes, the UK does lock up journalists.
During the 2011 protests after a protest in Tottenham following the death of Mark Duggan, a local who was shot dead by police on 4 August 2011 termed the '2011 riots' by the UK government, so many were locked up the courts local jails were too full.
Because employees of that newspaper broke laws about interception of phone calls.
Their journalists and editor, Andy Coulson, were arrested for illegally hacking into personal voicemail accounts for the purpose of muck raking.
Rupert Murdoch chose to shut down the paper after the extent of the behaviour by that paper's staff was revealed to the British public. The UK government had no hand in closing the paper.
[1]: http://www.guardian.co.uk/media/phone-hacking
No thanks.
It was always a race against time as the proxy company was constantly supplied with the sites we were going to. So when 50 something kids are accessing some bizarre dutch domain name, they'll eventually look and find another site they had to ban.
The primary concern is that anyone who opts out of the filter will be being used to supply sites for the proxy to block, which is an ingenious way to do it when you're a commercial company. However, this is the government and being on a 'naughty' list is just giving them a blackmail list to compile against anyone.
I never get this logic either that the people must be oppressed, because surely people would read a fucking history book and figure out that always ends really poorly for the necks of those doing the oppressing.
Oppress people enough and you won't see them voting by the masses for an upstart political party, you'll be seeing a Maoist revolution from the downtrodden working class.
By the way, does anyone here know if VPN providers will also be on the UK blacklist?
If this was a problem there would be an exemption process for large companies, but I'm talking about private usage. I believe big corporations are not all that likely to use privacy-as-a-service VPNs. Or do you mean normal corporate VPN, as in dial-into-the-office VPN? That would obviously not be blockable or even blockworthy.
But as far as the privacy VPNs are concerned: If proxy sites are being blocked, isn't it reasonable to expect the same for VPN providers?
I have some medium-sized corporate clients who have their own VPN servers at HQ in order to enable people to work from home, it would be trivial to use these for mobile devices as well.