we decided to do one better and prove it instead.
Hiding your IP address, using a proxy, using the onion router and obtaining
an IP address to a website so you won’t have to rely on a public DNS server –
these seem like a very intimidating tasks for the unprepared.
Certainly, being able to remain anonymous online
is something that can benefit many people –
especially those who are marginalized by their own government in various ways –
The PROTECT-IP act has given me motivation to figure out
how all of these methods work mainly due to the arbitrary nature of it all.
If Hollywood doesn’t like that fan edit of a short clip,
they can make that whole website disappear.
If the RIAA thinks that a site like SoundClick doesn’t need to be seen by anyone else,
they can erase easy access to that site almost with the snap of their fingers.
So, how does the PROTECT-IP act work?
Just look at the following from Wikipedia’s entry:
The Protect IP Act says that an “information location tool
shall take technically feasible and reasonable measures, as expeditiously as possible,
to remove or disable access to the Internet site associated with
the domain name set forth in the order”.
In addition, it must delete all hyperlinks to the offending “Internet site”.
At a technical level domain name servers would be ordered to
blacklist the suspected websites.
Although the websites would remain reachable by IP address,
links directing to them would be broken.
Also search engines—such as the already protesting Google—
would be ordered to remove links in their index of the web
of an allegedly infringing website.
Furthermore, copyright holders themselves
would be able to apply for court injunctions to have sites’ domains blacklisted.
To me, the scarier part is the fact that DNS servers would be affected by this.
Forget search engines censoring websites based on copyright complaints,
that has been happening for years through the DMCA.
What I was more concerned about was the DNS servers
because it would affect every internet user that uses that given server.
So really, the taller order was figuring out how to make DNS censorship useless.
What struck me when writing these guides
was just how easy some of these methods really were.
In some instances, the only way to make defeating such censorship easier
is to have a really big red button on the side of your computer
that you can press to make DNS censorship go away.
As such, I am convinced, at this point, that the PROTECT-IP Act
will do absolutely nothing to curb copyright infringement.
Sure, it’ll hamper free speech, sure it’s probably unconstitutional,
sure it is politically unsound,
sure it’ll probably hurt small and medium business,
sure it’s probably anti-competitive,
sure it’ll probably cause some security headaches,
but stopping copyright infringement?
Not by a long shot.
Not with such methods I found that would be useful
in circumventing such censorship anyway.
So, without further ado, the list including pros and cons of each
(each method links to a corresponding guide we wrote):
1. Using a VPN Service
A security tunnel that protects your data as it travels from your computer
to the VPN server before letting it out on to the internet.
As long as that VPN service is outside the United States,
it’ll be very difficult to stop users using such services to circumvent DNS censorship.
Very good security benefits. For the most part, it’s reliable.
Plenty of technical support to go around depending on which VPN service you choose.
Access pretty much everything on the internet. Very good for privacy.
Costs money. May include bandwidth caps.
Reliability of service isn’t consistent for every VPN service
(though frontrunners are generally easier to spot in terms of reliability).
Reportedly, you may need to install software you aren’t completely familiar with
(depends on which service is being used).
For most users, there is actually a hosts file on their computer that can be used
to connect domain name to server IP address without the use of a public DNS server.
If a website is censored through a DNS server, one can simply use the HOSTs file
so that a public DNS server isn’t even used in the first place.
You just type in the domain name in your URL and the website would still appear.
Completely removes the need to use a public DNS server
when accessing specific websites.
Prevents links from breaking due to DNS censorship.
Enables you to have greater power over how you view webpages.
No installation or downloading of software.
Requires maintenance. Not always easy to find in your system (solved by our guide).
May raise security issues on a LAN with multiple users
(difficult to see how in a number of cases since one can use the HOSTs file
to increase security for others).
Side benefit of having an effective way of blocking ads on the web
(hint: Use 127.0.0.1 for domains that deliver ads).
You also need to find accurate IP addresses in the first place
(solved by two other guides we have in this list.
3. Using TOR
TOR is more or less a network of proxies.
One person accesses a proxy and that proxy forwards that access to another proxy,
trying to erase the users tracks.
That proxy sends that stream to another proxy and the stream
keeps going through these steps until it finally reaches what is known as an “exit-node”.
That exit node then accesses the internet on the users behalf
and acts as an intermediary in the process.
As long as that exit node exists outside of the US,
there is a very good chance that it won’t be affected by DNS censorship
imposed by the ISPs onto their DNS servers.
Added bonus of a very secure source of anonymity
(not 100% chance of anonymity of course, but close enough).
An interesting way of seeing the internet through the eyes
of someone not in your country.
You might not be able to get everything your want from the internet
through this network (there may be way of making things not break through this,
but it isn’t without the risk of compromised security).
Requires downloading content to run (though installation is minimal)
Just by using publicly available DNS look-up tools,
one can easily obtain server IP addresses for later use.
If a domain is censored, one can simply replace the domain name
part of the URL with the IP address and still access the website.
Potentially obtain multiple IP addresses for later use. Free.
Obtain the addresses once and you don’t have to worry about losing access
to the site for as long as the server IP address remains the same.
Preferably, the IP addresses must be obtained before the site is actually censored
(there may be a brief window between when the domain is censored
and when DNS records are updated,
but there’s no telling how long that window is for sure).
If the website obtains a new server and changes all of its IP addresses
and you don’t have the new addresses,
then you could lose the ability to use the website.
There’s no guarantee this will always be an option
should ISPs start blocking IP addresses as well.
5. Changing Your DNS Server
Since we are talking about censoring DNS servers in the US,
one can always just use a DNS server over seas (like ones used by ISPs overseas).
By changing a your DNS server, you are no longer relying on a server
that could be censored by the US government and/or corporate interests.
No installation or downloading of additional software
(everything you need should be on your computer already).
Just a few menu clicks away.
Can always be changed again at a later time without too much hassle.
Can be a security risk to your computer if not done properly.
Difficult to obtain DNS server IP addresses
that will guaranteed be available for the foreseeable future.
No guarantee that ISPs won’t start blocking this type of activity.
In Windows at least, one can simply open up command prompt
(explained in tutorial) and simply type in “ping [insert domain name here]”
and obtain a server IP address for later use.
No installation or downloading of any software
(use what you already have on your computer).
Probably the fastest way to shield yourself from censorship.
Only one command is technically necessary before you get what you are after.
Obtaining this information through command prompt must be done
before the domain is censored.
Only one IP address can be obtained this way.
If the website changes IP address for their server,
you’ll lose access to the site unless you have the new one as well.
It’s a simple plug-in for FireFox you can download and install.
After getting a nice list of simple proxies that preside outside of the US,
you have a better chance at accessing the website that has been censored
by the US government and/or corporate interests.
Easy to install.
Being able to access censored websites can merely be a click away.
A fast fix with minimal effort if you have access to a decent size list of proxies (provided in guide).
Reliability is no guarantee. Based on the technological aspect of this method,
it’s not that secure since you are relying on one proxy.
Not able to use this method for all kinds of web traffic.
Confined to FireFox.
8. Using MAFIAAFire
A simple plug-in for FireFox (or Chrome) you can download and install.
If a website has had it’s domain seized,
then you can be redirected to an alternate domain and still access the website.
Easy to install. Is maintained for you through updates.
Uses DNS servers that can be censored.
Depends on there being an alternative domain name being used
in the first place for access(if an alternate domain doesn’t exist,
then the site might not be accessible in this fashion).
Technically, the site could be censored and block all possible updates as well.
By no means is this list comprehensive in any way.
Still, I think some of these methods go way
beyond circumventing types of censorship as suggested by the PROTECT-IP act.
It’ll be interesting to see how some services respond both who support internet censorship and those who are against internet censorship.
I have a feeling it will be extremely difficult to stop
these already existing methods to defeat DNS censorship.
If, say, ISPs find a way to stop all of the above,
a combination of some of the above or any enhancements to any of the above,
I’ll be very impressed.
Good luck to the ISPs on stopping this, they are going to need it.
Have a tip? Want to contact the author?