We’ve been running a series of guides that show just how easy it is to bi-pass general DNS censorship. It’s general DNS censorship that has been proposed in the PROTECT-IP Act among other things. Rather than simply debate philosophically on why the PROTECT-IP act will do absolutely nothing to deter copyright infringement, we decided to do one better and prove it instead.
Note: This is an article I wrote that was published elsewhere first. It has been republished here for archival purposes
Hiding your IP address, using a proxy, using the onion router and obtaining an IP address to a website so you won’t have to rely on a public DNS server – these seem like a very intimidating tasks for the unprepared. To be honest, when I first chose to try and figure these out, it seemed intimidating even to me – especially given that I don’t really even make use of proxy servers (or do any of the above for that matter). So really, I felt that I could relate to a number of moderately informed users on these topics.
Certainly, being able to remain anonymous online is something that can benefit many people – especially those who are marginalized by their own government in various ways – but I personally never felt that motivated to use any tools as it seemed to be an unnecessary layer of security when I simply browse news articles and listen to Creative Commons music among other things. So, a vast majority of the guides I’ve written over the last few weeks have been quite a learning experience to me.
The PROTECT-IP act has given me motivation to figure out how all of these methods work mainly due to the arbitrary nature of it all. If Hollywood doesn’t like that fan edit of a short clip, they can make that whole website disappear. If the RIAA thinks that a site like SoundClick doesn’t need to be seen by anyone else, they can erase easy access to that site almost with the snap of their fingers. So, how does the PROTECT-IP act work? Just look at the following from Wikipedia’s entry:
The Protect IP Act says that an “information location tool shall take technically feasible and reasonable measures, as expeditiously as possible, to remove or disable access to the Internet site associated with the domain name set forth in the order”. In addition, it must delete all hyperlinks to the offending “Internet site”.
At a technical level domain name servers would be ordered to blacklist the suspected websites. Although the websites would remain reachable by IP address, links directing to them would be broken.[9] Also search engines—such as the already protesting Google—would be ordered to remove links in their index of the web of an allegedly infringing website. Furthermore, copyright holders themselves would be able to apply for court injunctions to have sites’ domains blacklisted.
To me, the scarier part is the fact that DNS servers would be affected by this. Forget search engines censoring websites based on copyright complaints, that has been happening for years through the DMCA. What I was more concerned about was the DNS servers because it would affect every internet user that uses that given server. So really, the taller order was figuring out how to make DNS censorship useless.
What struck me when writing these guides was just how easy some of these methods really were. In some instances, the only way to make defeating such censorship easier is to have a really big red button on the side of your computer that you can press to make DNS censorship go away. As such, I am convinced, at this point, that the PROTECT-IP Act will do absolutely nothing to curb copyright infringement. Sure, it’ll hamper free speech, sure it’s probably unconstitutional, sure it is politically unsound, sure it’ll probably hurt small and medium business, sure it’s probably anti-competitive, sure it’ll probably cause some security headaches, but stopping copyright infringement? Not by a long shot. Not with such methods I found that would be useful in circumventing such censorship anyway.
So, without further ado, the list including pros and cons of each (each method links to a corresponding guide we wrote):
Quick Explanation:
A security tunnel that protects your data as it travels from your computer to the VPN server before letting it out on to the internet. As long as that VPN service is outside the United States, it’ll be very difficult to stop users using such services to circumvent DNS censorship.
Pros:
Very good security benefits. For the most part, it’s reliable. Plenty of technical support to go around depending on which VPN service you choose. Access pretty much everything on the internet. Very good for privacy.
Cons:
Costs money. May include bandwidth caps. Reliability of service isn’t consistent for every VPN service (though frontrunners are generally easier to spot in terms of reliability). Reportedly, you may need to install software you aren’t completely familiar with (depends on which service is being used).
Quick Explanation:
For most users, there is actually a hosts file on their computer that can be used to connect domain name to server IP address without the use of a public DNS server. If a website is censored through a DNS server, one can simply use the HOSTs file so that a public DNS server isn’t even used in the first place. You just type in the domain name in your URL and the website would still appear.
Pros:
Completely removes the need to use a public DNS server when accessing specific websites. Prevents links from breaking due to DNS censorship. Enables you to have greater power over how you view webpages. No installation or downloading of software.
Cons:
Requires maintenance. Not always easy to find in your system (solved by our guide). May raise security issues on a LAN with multiple users (difficult to see how in a number of cases since one can use the HOSTs file to increase security for others). Side benefit of having an effective way of blocking ads on the web (hint: Use 127.0.0.1 for domains that deliver ads). You also need to find accurate IP addresses in the first place (solved by two other guides we have in this list.
3. Using TOR
Quick Explanation:
TOR is more or less a network of proxies. One person accesses a proxy and that proxy forwards that access to another proxy, trying to erase the users tracks. That proxy sends that stream to another proxy and the stream keeps going through these steps until it finally reaches what is known as an “exit-node”. That exit node then accesses the internet on the users behalf and acts as an intermediary in the process. As long as that exit node exists outside of the US, there is a very good chance that it won’t be affected by DNS censorship imposed by the ISPs onto their DNS servers.
Pros:
Added bonus of a very secure source of anonymity (not 100% chance of anonymity of course, but close enough). An interesting way of seeing the internet through the eyes of someone not in your country.
Cons:
You might not be able to get everything your want from the internet through this network (there may be way of making things not break through this, but it isn’t without the risk of compromised security). Requires downloading content to run (though installation is minimal)
Quick Explanation
Just by using publicly available DNS look-up tools, one can easily obtain server IP addresses for later use. If a domain is censored, one can simply replace the domain name part of the URL with the IP address and still access the website.
Pros:
Potentially obtain multiple IP addresses for later use. Free. Obtain the addresses once and you don’t have to worry about losing access to the site for as long as the server IP address remains the same.
Cons:
Preferably, the IP addresses must be obtained before the site is actually censored (there may be a brief window between when the domain is censored and when DNS records are updated, but there’s no telling how long that window is for sure). If the website obtains a new server and changes all of its IP addresses and you don’t have the new addresses, then you could lose the ability to use the website. There’s no guarantee this will always be an option should ISPs start blocking IP addresses as well.
Quick Explanation:
Since we are talking about censoring DNS servers in the US, one can always just use a DNS server over seas (like ones used by ISPs overseas). By changing a your DNS server, you are no longer relying on a server that could be censored by the US government and/or corporate interests.
Pros:
No installation or downloading of additional software (everything you need should be on your computer already). Just a few menu clicks away. Can always be changed again at a later time without too much hassle.
Cons:
Can be a security risk to your computer if not done properly. Difficult to obtain DNS server IP addresses that will guaranteed be available for the foreseeable future. No guarantee that ISPs won’t start blocking this type of activity.
Quick Explanation:
In Windows at least, one can simply open up command prompt (explained in tutorial) and simply type in “ping [insert domain name here]” and obtain a server IP address for later use.
Pros:
No installation or downloading of any software (use what you already have on your computer). Probably the fastest way to shield yourself from censorship. Only one command is technically necessary before you get what you are after.
Cons:
Obtaining this information through command prompt must be done before the domain is censored. Only one IP address can be obtained this way. If the website changes IP address for their server, you’ll lose access to the site unless you have the new one as well.
Quick Explanation:
It’s a simple plug-in for FireFox you can download and install. After getting a nice list of simple proxies that preside outside of the US, you have a better chance at accessing the website that has been censored by the US government and/or corporate interests.
Pros:
Easy to install. Being able to access censored websites can merely be a click away. A fast fix with minimal effort if you have access to a decent size list of proxies (provided in guide).
Cons:
Reliability is no guarantee. Based on the technological aspect of this method, it’s not that secure since you are relying on one proxy. Not able to use this method for all kinds of web traffic. Confined to FireFox.
Quick Explanation:
A simple plug-in for FireFox (or Chrome) you can download and install. If a website has had it’s domain seized, then you can be redirected to an alternate domain and still access the website.
Pros:
Easy to install. Is maintained for you through updates.
Cons:
Uses DNS servers that can be censored. Depends on there being an alternative domain name being used in the first place for access (if an alternate domain doesn’t exist, then the site might not be accessible in this fashion). Technically, the site could be censored and block all possible updates as well.
Final Thoughts
By no means is this list comprehensive in any way. Still, I think some of these methods go way beyond circumventing types of censorship as suggested by the PROTECT-IP act.
It’ll be interesting to see how some services respond both who support internet censorship and those who are against internet censorship. I have a feeling it will be extremely difficult to stop these already existing methods to defeat DNS censorship. If, say, ISPs find a way to stop all of the above, a combination of some of the above or any enhancements to any of the above, I’ll be very impressed. Good luck to the ISPs on stopping this, they are going to need it.
Drew Wilson on Twitter: @icecube85 and Google+.