45 comments

[ 3.1 ms ] story [ 109 ms ] thread
What's to stop ISPs blocking the Immunicity proxy as well? The ORG stated that

☑ web blocking circumvention tools

will be one of the checkboxes.

Yeah or they end up as a honey pot for the govt providing a neatly compiled list of addresses.
This was exactly my first thought too. I was hoping for something clever in the "How it works" section of their website, but it's just a simple proxy which resides on their servers. If gateway.immunicity.net gets blocked then it's game over isn't it?
In that case it's probably best to buy your own cheap VPS and setup openvpn on it, I can't see them taking down VPS providers.
http://www.theregister.co.uk/2013/07/04/payment_block_swedis... Are you sure about that? Slowly but steady they are closing all our public and completely legal private venues of communication, all with the help of companies such as VISA and Mastercard.
You're mixing-up VPN (Virtual Private Network) and VPS (Virtual Private Server). A VPS can be used as a personal VPN, among other things. As parent suggested, it would be hard to imagine a ban on VPSs.
Then you use mullvad.net and pay with cash by snail mail.
On the plus side, their proxy resolves to about 15 highly diverse IPs, including IPv6 (cough IPv6 tunnel).
Deep Packet Inspection... aaannd the game is over. Sorry, but the only the way to defend is to do something against it, protest, demonstrate, campaigns. And to attack the arguments of the politicians with a very strong backup or to leave the country.

Vote for: http://www.pirateparty.org.uk/

If you know 'anything' that really circumvents DPI, please let me know, I will buy it, now! :) (Hopefully I can shoot my own Satellite into space someday..)

Ssh vpn proxy in the USA, fairly simple and even dpi can't do shit about that.
I have read the oppsite, can you show me how vpn+proxy over ssh can prevent getting blocked from DPI? I thought they block everything not on their whitelist.
Well that would mean they would have to block most non-mainstream sites or alternatively block a ton of things. Of course with a whitelist it is more difficult but it is almost certainly not they way they will do it.
Given what we already know about the extent of DPI monitoring on the US internet, and the US govs data sharing programs, why do you think this a more practical choice than actual democratic representation in the long term?
Block any TCP protocol starting with string "SSH-"

Problem solved.

Seriously people think SSH or VPN is advanced? Every clear text handshake protocol could be blocked at ease.

Sure, then SSH is blocked. SSH is very necessary in the day to day work for a ton of people, and it would shut down businesses.
Right. The trick is not to use something that's technically infeasible to block, but to use something that's politically infeasible to block.
Politicians doesn't give a shit about your business, if you use porn-enabled SSH, you are a terroist suspect and a threat to childrens of the nation.
Any protocol that runs over SSL on port 443?
Using sslh one can actually host both https sites and ssh on one port. I used this to hop over a very restrictive firewall in my company, it works great.
Https handshake is also clear text. There's was previous attempt to block certain types of SSL cert in the past.
As pointed out by est, you can snoop on SSL certificates passing over the wire and drop connections containing canonical names you don't like, or signed by CAs you don't like.

You can also drop and throttle HTTPS connections without effecting genuine use, while completely buggering up P2P and other bulky uses.

They could certainly inspect 6in4 traffic, but at the moment major UK ISPs aren't even offering native IPv6, so doing so would be fairly tenuous.
Yes, I do. Repeatedly and often, and I'll continue to do so till they put me behind bars and beyond if I could.

However I'll only release it on a gradual level as it's a cat and mouse game.

http://clientconfig.immunicity.org/pacs/all.pac

This is essentially just a list of (presumably unblocked) proxies for the sites on their (quite short) list. They don't provide anything aside from ease of configuration (which admittedly might be worthwhile for some).

When the proxies get blocked, they'll have to either find replacements or shrink their list.

There's only one proxy, at the top. The list contains blocked hosts to use it with.
You can just opt out of Cameron's porn filter.

If you're not in a position to opt out of it (you're using someone else's connection) then you're in a legally[1] grey area and you want to weigh the chance of being caught with the penalties involved with the benefits gained.

Students at Universities have been thrown out because they did something minor but against the ToS of their Uni. This has considerable impact - they have some years on their CV that they have to explain to potential employers. And while funding for Uni is lousy in the UK it's even worse for adults returning after dropping out before.

It's weird that there is so much kerfuffle about governments slurping data when services like these pop-up and offer proxies.

[1] You're using someone else's connection, which means there's possibly some agreement between you and them. If that agreement includes "don't evade the filters" then you're now potentially breaking English computer misuse laws.

> It's weird that there is so much kerfuffle about governments slurping data when services like these pop-up and offer proxies

It's not 'weird'. This is a battle of privacy for law abiding adults. Most of public can't even establish that blocking porn requires a system of such depth that it will infringe on their private life, let alone have the know-how to seek or set up these proxies.

The UK is the "New Egypt" today, thanks Cameron.
Cameron is asking ISPs to implement a filter that users can opt out of. If ISPs don't voluntarily implement this it'll probably become law.

Egypt - Egypt is a little bit different. (http://www.aljazeera.com/news/middleeast/2013/07/20137271645...)

We have excessive policing, but we tend not to kill protesters. (Certainly not in these kinds of numbers.)

We're not putting journalists in prison. (http://www.cpj.org/2013/07/egyptian-authorities-step-up-cens...)

@DanBC I'm stepping into hot ground, but I would like to share my opinoin with you. What about the government supported public exposure of demonstrants Faces and criminalizing every demonstrant? Isn't that the foundation of a state that prepares to do whatever it wants with it's "human ressources"? How will you know if protesters got killed when this info is censored, you even learned recently that the UK has a PRISM on it's own.
> you even learned recently that the UK has a PRISM on it's own.

I knew that for years. I've been talking about echelon and similar for many years.

> What about the government supported public exposure of demonstrants Faces

If you can show me demonstrators who hide their face and who don't commit acts of criminal damage or violence I'll agree the law is stupid.

> criminalizing every demonstrant?

UK laws around public protest are sub-optimal, and the police do misuse many powers. People who have been wrongfully arrested, or kettled, or similar have my full support in bringing those police officers to justice. But many people demonstrate peacefully every year and have no problems with police.

> How will you know if protesters got killed when this info is censored?

Look at the massive amount of press coverage around people killed by police - (http://news.bbc.co.uk/1/hi/uk/4713753.stm), (http://www.bbc.co.uk/news/uk-13268633) - do you honestly believe that information is or could be censored?

Lol.

One of the oldest and largest UK newspapers was forced to close by the government, and it's editor has been arrested. Along with the editor a number of journalists were arrested.

Yes, the UK does lock up journalists.

During the 2011 protests after a protest in Tottenham following the death of Mark Duggan, a local who was shot dead by police on 4 August 2011 termed the '2011 riots' by the UK government, so many were locked up the courts local jails were too full.

> One of the oldest and largest UK newspapers was forced to close by the government

Because employees of that newspaper broke laws about interception of phone calls.

If you mean "The News of The World" then you need to get your facts in order [1].

Their journalists and editor, Andy Coulson, were arrested for illegally hacking into personal voicemail accounts for the purpose of muck raking.

Rupert Murdoch chose to shut down the paper after the extent of the behaviour by that paper's staff was revealed to the British public. The UK government had no hand in closing the paper.

[1]: http://www.guardian.co.uk/media/phone-hacking

So run through their proxy instead?

No thanks.

Censorship concerns/debate aside, if you can opt-out of the filtering, isn't that a rather simple solution and quick fix? Or is the filter only for porn and the gov is just starting to censor things they don't like?
The latter and even when you opt out it appears to log everything.
Well basically you're both running through a proxy, just one is assigned "kid" privileges and one is assigned "adult" privileges. This is how my high school handled it way back when, Student accounts were put into kid privileges so obviously porn was blocked but also flash games, etc. However it was easy to circumvent by just finding a different site not on the blocked list and it'd take a couple of weeks for the proxy to update with the new games sites and then the hunt began again.

It was always a race against time as the proxy company was constantly supplied with the sites we were going to. So when 50 something kids are accessing some bizarre dutch domain name, they'll eventually look and find another site they had to ban.

The primary concern is that anyone who opts out of the filter will be being used to supply sites for the proxy to block, which is an ingenious way to do it when you're a commercial company. However, this is the government and being on a 'naughty' list is just giving them a blackmail list to compile against anyone.

I never get this logic either that the people must be oppressed, because surely people would read a fucking history book and figure out that always ends really poorly for the necks of those doing the oppressing.

Oppress people enough and you won't see them voting by the masses for an upstart political party, you'll be seeing a Maoist revolution from the downtrodden working class.

This is a proxy and as such it will be blocked, too. What's even more suspicious is they provide this service free of charge.

By the way, does anyone here know if VPN providers will also be on the UK blacklist?

If they are a few larger clients of ours (FTSE 100) will shit a brick.
I'm not sure we're talking about the same usage scenario.

If this was a problem there would be an exemption process for large companies, but I'm talking about private usage. I believe big corporations are not all that likely to use privacy-as-a-service VPNs. Or do you mean normal corporate VPN, as in dial-into-the-office VPN? That would obviously not be blockable or even blockworthy.

But as far as the privacy VPNs are concerned: If proxy sites are being blocked, isn't it reasonable to expect the same for VPN providers?

We have a number of clients using cheap/privacy vpns as their mobile ISPs fuck with the traffic going through plain IP connections.
That's reasonable, but I'm guessing most large corporations have their own VPN service that links directly into the company network, right? I would imagine the expense of having a CryptoCat account for every single employee on the road quickly becomes larger than the overhead of running your own VPN server.

I have some medium-sized corporate clients who have their own VPN servers at HQ in order to enable people to work from home, it would be trivial to use these for mobile devices as well.

If this great firewall of Cameron goes ahead (and I really don't think it will) I wouldn't be surprised if they distinguish between domestic and business customers. Business customers will be left to sort themselves to ensure compliance.
(comment deleted)