Step 6: How Internet Censorship Happens
Besides using legal or socio-cultural means to curtail access to particular types of information Online, the following are common technical methods used to prevent access to Online content.
Internet Protocol (IP) Address Blocking
Access to a particular IP address is denied. When information is sent over the Internet, it is broken up into a number of packets. In addition to the actual data being sent, each packet contains information about how to route the packet itself.
•This information contains both the IP address from which the packet was sent and that of its destination. Filtering software installed along the route taken by this packet can monitor for blocked IP addresses.
•If it recognizes a blocked IP address, it can replace the original packets with a request for an “access denied” page (or it can simply “drop” them).
If the target is on a “shared hosting” server (one of the more affordable ways to put up a website), then all sites on that server will be blocked. Similarly, IP blocking cannot be used to filter a particular video or Facebook profile.
Domain Name System (DNS) Filtering
If a DNS server is configured to filter content, it consults a “blacklist” of blocked domain names. When you enter a URL in a Web browser, the first thing the Web browser does is ask a DNS server to look up the domain name referenced in the URL and supply the corresponding IP address.
•When a browser requests the IP address for one of these ‘blacklisted’ domain names, the DNS server can give an answer that actually points to an “access denied” page, or it can give no answer at all.
•Because DNS traffic is rarely sent in a secure manner, even using an international
DNS server does not prevent this form of filtering, as your requests (and the corresponding responses) can be modified in transit.
DNS filtering has limitations similar to those of IP filtering, and also tends toward unintentional over-blocking.
Uniform Resource Locator (URL) Filtering
When requesting content over HTTP (versus encrypted HTTPS) the entire URL can be scanned for banned keywords. Regardless of the actual domain name or IP address you are trying to reach, filtering software can prevent access based on the presence of these keywords.
•This technique may be used to block access to an entire domain, to one particular website on a “shared hosting” server, or to a specific piece of content such as a video or Twitter profile.
•Keyword filtering can be applied to more than just URLs. With the right infrastructure, an ISP or government can inspect all unencrypted packets and block those containing certain keywords.
This process is often called “deep packet inspection” and refers to the process of monitoring traffic and censoring requests for banned content by performing a
“Deep inspection” of the content of individual data packets sent as part of a request.
Port Blocking
Servers listen on different numbered ports in order to provide different services. Ports are infrastructure within the larger communication framework of the internet, that serve as channels for different protocols or traffic types – each is referred to by a number.
One port (typically 465) might allow users to send emails securely, and another to receive them (993).
Another port is commonly used to communicate with HTTP websites (80), and yet another for encrypted Web traffic (443), etc.
These ports are generally consistent, so blacklisting a given port number will block a particular type of traffic, regardless of the actual server to which a request is being sent.
Portal Censorship
Major international Web platforms that serve content to people all over the world—such as Google’s search engine, YouTube, Twitter and Facebook—have at times complied with requests from governments to remove certain content from their portals. This renders content invisible to people who do not know where else to find it. Unfortunately, censorship circumvention tools are generally unable to get around this sort of blocking.
Internet Shutdown
In extreme cases, such as during a popular uprising, some governments have been known to disable their citizens’ access to the Internet entirely. Once again, thereis little that traditional circumvention solutions can do to address this form of censorship. Fortunately, such blockades tend to be extremely unpopular, and are rarely left in place for long.