Censoring regimes in Turkey, Russia, China, Iran, and elsewhere are forcing activists to fight for their right to information, privacy, and worldwide freedom. So it’s a good time to know your Virtual Private Networks from your Deep Packet Inspections.
Oppressive regimes around the world are on a crusade against the Internet and all its promise–but though they may yet transform the digital world as we know it, such tactics currently look more like mere tilting against windmills. They simply won’t work–we’ll get into why that is below.
Most recently the Turkish government learned this after it blocked Twitter and YouTube in March in a vain effort to stop the publication of incriminating recordings that were leaked on social media. Within days, citizens were spray painting the IP addresses of public DNS servers on walls and just about everybody from the president of the country down was going around the ban.
The government responded with harsher measures (Turkey reportedly became the first country to block Google’s Public DNS Service), and citizens in turn found more sophisticated means to go around the restrictions. Since the vast majority of Internet content is stored outside the country’s borders, it became an endless cat-and-mouse game that the government just couldn’t win.
“Every Turkish citizen has become some kind of internet expert/amateur hacker after the ban,” tweeted the Turkish journalist Ipek Yezdani.
What is happening in Turkey, however, is part of a global trend and experts worry that if many governments team up, they could fragment the Internet into different “spinternets,” where users have vastly unequal digital experiences and abilities to communicate with one another. Russia, China, Iran, and Saudi Arabia are the ringleaders of this push, but different developments in many parts of the world, including in the U.S., which is dealing with net neutrality issues, could also contribute to such an outcome.
Meanwhile, a growing number of activists are also mobilizing to defend the Internet’s early promise of anonymity and freedom, and though the ensuing digital warfare could change the digital world beyond recognition, the odds are in the activists’ favor. The more technically inclined are already plugging into what may be the future of the Internet: extensive decentralized data networks, often invisible to each other and to Google, where governments and authorities have little say. The much-discussed “Darknet” is one of them, but ever more decentralized and anonymous alternatives are being invented all the time. It’s a bit like the digital Wild West of the 1990s, and the promises ahead seem limitless.
Unfortunately, the parallels with the early days of the Internet don’t end here. Once again those of us who are not intimately familiar with the latest technology–virtual private networks, anyone? onion routing?–can feel lost and confused. With a few well-placed keystrokes, one’s privacy can be compromised, and the Internet’s functionality reduced–much more palpably if they find themselves in one of the more censorious countries of the world but now increasingly in “the free world” as well.
With this as the backdrop, here is how the war for digital privacy and free speech is being waged by these regimes–and why they have not been winning.
COMMON GOVERNMENT TACTICS
Domain Name System (DNS) blocking: When you type a website address in your browser (e.g., www.twitter.com), a computer needs to translate the letters into its own Internet protocol which uses numbers (popularly known as IP addresses). To do so, it communicates with a special online server which stores the links between millions of domain names worldwide and their current number addresses. However, most browsers by default use the DNS servers of the local internet service providers, and governments can force these to delete certain records. Users who try to access the site then get an error message.
IP address blocking: Data travels in packets tagged with destination and origin addresses along major routes controlled by the Internet service providers, explains Sergey Lozhkin, a senior security expert at Kaspersky Lab. So governments often force the local Internet service providers not to let through packets that are headed to specific destination IP addresses. This also means that it is fairly easy for governments to know which sites users who don’t take precautions are browsing.
Deep Packet Inspection (DPI): This is the one that currently worries activists the most, since it involves reading the contents of data packets and blocking certain ones in very targeted ways. DPI has many legitimate uses, including in anti-spam tools, but it can also be a powerful tool for censorship and spying: For example, it can be used to prevent access from within a country to just a few selected links on a website or to filter out (though usually not decode) the encrypted protocols of many privacy tools that allow users to circumvent the IP bans. Perhaps the most notorious serial offender is the so-called “Great Firewall of China.”
Yet, Lozhkin explains, there are always ways around such filters: The secure communications with the various privacy networks can be masked as other types of encrypted traffic (e.g., a Skype connection), and ultimately the only way to root them out completely would be to ban all encryption. This, in turn, is unrealistic as it would wreak havoc in banking and many other sectors where encryption is crucial.
“Spinternets”: Ultimately, experts say that few countries beside North Korea could afford the damage to their economies to physically cut themselves off from the global Internet. But public debates about regulating the Internet more tightly at a national level, often presented as a security measure, are raging across the globe, even in leading developed countries such as Germany.
“There are different ways governments seek to fragment the Internet at different levels,” Gigi Alford, Freedom House’s senior program officer for Internet Freedom, explains. “One way is government censorship, by blocking and filtering web addresses and content for users inside their borders. Another way is restrictive Internet legislation, such as forcing cloud computing companies to nationalize their servers, so that user data is stored, monitored, and even taxed based on geographic borders.”
“If governments impose geographic borders on the internet, then we lose the openness and interoperabily that makes the Internet different from television, radio, and other information and communication technologies.”
FIGHTING BACK: WHY OPPRESSIVE TACTICS ARE NOT WORKING
International Public DNS servers: When the local DNS servers are compromised and you need to find the correct IP address numbers for the websites you want to access, you can just direct your browser to a DNS server outside the country. Google’s Public DNS Service (IP addresses 8.8.8.8 and 8.8.4.4) is one of the most popular such options.
Proxy Servers and Virtual Private Networks (VPNs): The simplest way to go around an IP address block is to redirect your browser’s, or even your computer’s entire traffic to a server outside the country and to use its unrestricted connection to the Internet to access the blocked sites. This way, your data packets going out of the country will carry the destination address of the server rather than of the blocked site, and the Internet service provider will not filter them out. In different ways, both proxy servers and VPNs do that, and many encrypt their communications with users so that the local authorities cannot easily read them or find out which sites people are actually browsing.
Tor Project and other peer-to-peer anonymous networks: Data packets wrapped in multiple layers of encryption travel random paths on decentralized computer-to-computer networks that are specifically designed to conceal the identity of the sender. The science of it is quite complicated, but in many parts of the world Tor, a project originally sponsored by the U.S. Department of State, has become an irreplaceable tool for journalists and activists, as well as for many others. In addition, it is widely considered the gateway to the Darknet (though other kinds of exotic parallel under-nets exist, such as I2P and Hyperborea).
Encrypted emails and chat messages: They add a layer of privacy and help verify the authenticity of messages since not only the communication routes are protected by encryption, but also the messages themselves are scrambled and unscrambled with a separate set of keys unique to each user. PGP and OTR are two of the more popular such technologies.
Meshnets: This is a tool, ironically also funded and promoted by the State Department, which can break through even the most extreme physical barriers governments can impose to cut off the Internet. It take decentralization to a new level: We could think of meshnets as Internet spawns starting to grow here and there and to merge in random ways that are almost impossible to control.
Most meshnets start as small local networks of users who are close enough so that their wireless routers can connect directly to each other. These networks can then start connecting to each other, and to the global Internet, through many different individual users and routes. In an extreme scenario, just one person with a satellite connection could provide many others with the ability to send plain-text emails.
The basic technologies used in meshnets are fairly primitive and the speeds are often slow–sort of like in the good old days when it could be said that “on the Internet, nobody knows you’re a dog.”
