Access denied

Access denied

China’s most famous blogger, author of best-sellers and race car driver, Han Han, took a jab at his government last April after he was named one of the 100 most influential people by Time magazine. In his blog twocold he wrote, “Other Chinese nominees include sensitive word, sensitive word and sensitive word.” His post, referring to China’s web censors’ habit of blocking even commonplace names from web searches and blog sites, struck a chord with his readers. Within days, more than 20,000 commented on his post, most echoing Han’s exasperation with the Chinese censorship of the Internet.

China has one of the most advanced web monitoring and blocking systems. The system can be likened to a check at the airport. Every piece of luggage, coming in or going out, is put through a scanner. If any one of them contains weapons or narcotics, the scanner detects it immediately and the articles are impounded. Web filters work in a similar way. They scrutinise and block websites which could range from websites on free speech and democracy to ones on pornography, depending on the country using the system.

Internet sites can be blocked at different levels.

Censoring begins at home

The most basic form of censorship is the one parents employ at homes to prevent their children from browsing adult content. This can be done by altering a file called the host, which is a text document. The host file is like a contact list in your mobile phone where each name has a corresponding coordinate. It guides domain names to their respective Internet protocol (IP) addresses. Every device (computer or mobile) connected to the Internet has a unique IP address. Tweaking the host file ensures a user will not be able to access the desired website even when he has typed the correct domain name. Names of websites to be blocked can be added to a list in this file and directed to the loopback IP 127.0.0.1, a reserved IP address used when a programme needs to access a network service running on the same computer. When the user types the name of a website, the loopback IP will bring it back to the user’s machine, showing an error on the screen.

When blocking has to be done on a larger scale, like at the corporate or national level, all computers are routed through an intermediary device called a proxy server. These servers work as a front for a group of computers that connect to other network servers. Filters in these servers scan content as well as uniform resource locators (URLs). URL blocking is simple. The proxy server has a database of URLs called a black list, that it will block. It also contains a white list of URLs that can be browsed. Proxy servers’ URL databases are updated through web-based subscription services just like an anti-virus software.

HOW PROXY SERVER WORKS Proxy servers have a database of URLs divided into black and white lists. All sites in the black list are blocked. Proxy servers block content in a similar way

Content blocking uses a similar design like the URL blocking wherein blocking is based on keywords or the category to which a website belongs. In China, for example, websites containing key words and phrases such as democracy, Dalai Lama and Chinese occupation of Tibet are scrutinised and blocked. If a government bans the category called social networking, then all popular websites like Facebook and Orkut are likely to become out of bounds.

Denial of service

Popular whistleblower website wikileaks. org was unavailable for some time in December 2010. As on February 17, 2011, typing the domain name wikileaks. org would lead to a mirror site or an alternative site called wikileaks.info. But typing the IP address, http://213.251.145.96/, would open wikileaks.org. This was because the website was subjected to a distributed denial of service (DDoS) attack through a Domain Name Service (DNS) provider. DNS is an Internet service that translates domain names into IP addresses. When a new domain name is registered, the registrar enquires where the website is to be hosted.

VPN & ANONYMISERS CAN CIRCUMVENT CENSORS Virtual Private Network (VPN) creates a virtual tunnel through which data is sent in encrypted form to a remote server/computer which decodes it. Anonymiser websites act as proxy servers, shielding client’s identity and information

Once the website is hosted at a specific IP address, the server is linked to the domain name which the public uses to access the website. So, if a surfer types www.wikileaks.org, the DNS will connect it to http://213.251.145.96/. But if there is disconnect between the domain name and IP address, a browser will not be able to access the website. After the US cable leaks in 2010, Everydns.net, a DNS provider, withdrew its services to wikileaks. org. Result: most people could not access the site.

How to avoid scrutiny

An easy way to circumvent censors is to use a virtual private network (VPN). A VPN uses public Internet infrastructure but the content is only visible to the person sending the data. It is like a private tunnel that piggy rides a public set up. Data is first encrypted and sent to a remote server or computer which decodes the packets. Since VPN is used for secured corporate communications and remote desktop assistance, and not solely for Internet browsing, governments tend to ignore such networks.

Methods used to circumvent governmentsponsored Internet censorship are not 100 per cent foolproof

However, VPN networks are not absolutely filter proof—a procedure called deep packet inspection can analyse layers of information in an encrypted message.

Another way of avoiding detection is using an “anonymiser” website. Many websites allow anonymous browsing by making browsers invisible to Internet activity. The net-users’ traffic is routed thorough a tunnel created by the anonymiser website, in many ways mimicking the VPN network.

It acts as a proxy server, and shields the client’s computer and personal information from the server it is trying to communicate with.

Anonymiser websites are good as long as they are not identified by censors. They can be blocked using firewalls that moderate Internet traffic by filtering URLs, keywords and categories (see diagrams above).

12jav.net12jav.net