You are currently browsing the archives for the content filtering category

China’s Big Internet Mistake

February 15, 2013 content filtering
No comments

A few years ago I was employed installing and configuring content filters in a hospital in the United Kingdom. It was being installed after a report showed that loads of the staff spent a large part of the working day messing around on the internet and accessing rather unsuitable material. They decided to be rather aggressive in the configuration blocking many categories of sites and setting the filters to a very high level.

It didn’t last long.

The problem is that although content filters can be quite effective at blocking sites, they are actually pretty rubbish in deciding what should be blocked. The helpdesk of this hospital was soon swamped with calls asking why they were being blocked from different sites. Some of the issues -

Medical sites being blocked because the pages had too many flesh coloured pixels (filter thought they were pornography) – see here for details.

Access to a page on a surgeons site blocked, because the word ‘tramp’ was used. It actually was the discussion of an autopsy of a tramp who had died.

There were many, many more – lots of completely harmless sites blocked because of some word, link or picture being deemed unsuitable due to the content filter. Needless to say they simply didn’t have the resources to deal with these issues and the filter was turned down significantly.

It highlights a problem that is beginning to affect China, in the modern world many people need the internet to do their job. If you restrict access then you put yourselves at a significant disadvantage.

A perfect example is from this article in the Wall Street Journal, where a Swedish businessman was having problems trying to copy back some files to his headquarters servers.  Every time he tried his internet connection went down for an hour or so. The mystery was solved when it was discovered that the files were named after the town of Falun where the client worked. Unfortunately it is also the name of a meditation group – Falung Gong which is banned by the Chinese Government and thus blocked by the Chinese firewall. When the files were renamed they could be transferred without any problems.

The Swedish businessman in the story got so fed up with the constant internet difficulties that he moved his business to Thailand were he could operate without restrictions (although it should be said that Thailand also censors the internet to some extent).

This is the crux of the problem China faces – it wants to control and restrict access to the internet, yet it needs and demands a high level of economic growth. They are to some extent mutually exclusive, businesses need the internet to operate globally – a highly restrictive internet policy is a huge disadvantage to companies operating there. The reality is that they will simply move elsewhere, the digital world means where you locate a business is not as important. Businesses need fast, reliable internet access – in China the Great Firewall ensure they have neither.

Iran Launches YouTube Alternative

December 10, 2012 content filtering / technology
No comments

I bet the young people of Iran can hardly contain their excitement.  The Islamic Republic of Iran Broadcasting have just announced the launch of an Iran-only version of the popular video uploading site YouTube.  It’s called Mehr and it’s the second video channel accessible only in Iran.  Access to YouTube was blocked in 2009 after lots of people posted allegations of vote fraud and election fixing by President Mahmoud Ahmadinejad.    Of course there was only circumstantial evidence that the President’s landslide victory was anything but fair, his incredible unpopularity in certain areas didn’t seem to materialize in the ballot box.

Mehr is Farsi for ‘affection’ although I wouldn’t test that principle out by posting anything remotely critical of Ahmadinejad or his regime on the site.  The problem that Iran has, and in fact any despotic regime – is that it’s extremely difficult to censor or filter specific parts of the internet.  They couldn’t for example just block access to the various videos they don’t like on YouTube or Facebook as it would be impossible to keep track of the content.  Blocking the whole of YouTube stops lots of people gaining access within Iran but not all, increasingly people are using circumvention tools to bypass these filters.

Using proxies or VPNs you can  bypass these specific filters and the ‘video not available in your country‘ messages and many thousands of Iranians do just that.   Unfortunately there is one way to control all access to the internet and that’s to block it completely.  It’s the sort of model that you see in North Korea, where the internet is merely a basic intranet consisting of Government created websites with all access to the outside world blocked.  It is suspected widely that Iran is heading in this direction with the creation of these internal versions of popular sites.

The Iranian government are frequently complaining about the way they are portrayed by bloggers, the media and journalists in general – so it is invitable that the current regime will pull the plug at some point if they stay in power.   Anyway there’s no point posting the link to the Mehr website but relishing the irony I will post a link to the Mission for Establishment of Human Rights in Iran also known as MEHR.

Proxy Avoidance – An Introduction

May 17, 2012 content filtering / technology
No comments

So what does this mean to you? Proxy avoidance? Aren’t proxies used to help you keep your privacy – why would you want to avoid them.   Unfortunately there are some proxies you really should be looking to avoid.  Just using a proxy means absolutely nothing, it’s a bit like saying you are environmentally aware because your car happens to be colored green.  Proxies can enhance security but equally they can also be used to steal all your details and finance a Russian cyber crime gang’s Christmas party.

Bloody Spoilsports !!

 

So should you use or bypass a proxy server – well it really depends on a couple of factors – who’s running it and how it’s set up.

For instance I recommend a couple of proxies/vpns on this site – both of them don’t keep logs, they don’t monitor traffic and delete pretty much everything.   However this is not the case for the vast majority of proxies – some are actually designed to monitor you and control what you can or can’t do online.

The one thing you should remember is – that if you use a proxy server, then all your data is being channeled through that server.  Which is why most businesses make sure their employees surf the internet through a proxy.   They control and configure the proxy so that they have full control of what you do online on their time.

So let’s just be clear, if you are being blocked from accessing your favorite site at work, school or through your ISP, it’s probably because you are being forced to surf through their proxy server.

In this case you will also be requiring one of these if you need to avoid this particular proxy -

Luck – or rather some incompetence. If your client, browser or proxy security is set up badly, it can be fairly easy to avoid a proxy server.

Technical Knowledge – always helps but if you want to bypass the sneaky IT department, the more you know the better.

Security Software – programs like Identity Cloaker have special functions to piggy back existing proxy servers or bypass firewalls. Nothing guarantees that you by can avoid a proxy specifically designed to control your internet access but it’s usually possible.You can always test theories out – for instance the free – trial version of Identity Cloaker allows access to a selection of websites including Facebook.    This site is often blocked by content filters or proxies (usually because people are liable to spend hours on it!) – so test out to see if it works in your environments – the free demo version can be downloaded here

Remember a proxy server set up in your work or college – is acting as an intermediary for each client on the network.    As such it knows and records every single site you visit – so if you’ve got something to keep private – don’t do it at work !! Unfortunately there are lots of different ways that proxy servers can be set up, transparent, caching or anonymising for example.  When proxies where first used they were primarily used for speed. They would be set to cache requested pages – so when another client on the network requested the page it could be delivered locally.  This would mean that you would only need to download a page once and then served when required.

They are now used for a whole lot more – a proxy is a vital tool for controlling and configuring access to the internet for any client.  You can use a proxy to block, filter or simply monitor any request passing through it.  Have a look at your broswer settings at work, if set up properly you should be blocked from manually changing the settings.   This is a simple first step in making sure that any employees cannot avoid using the proxy server – secure your proxy settings in the browser.  If you’re using Windows then this is normally used by using Windows Group Policy Objects which can tie down all security settings on your client.   Generally not only will this stop people fiddling with their settings, but it will be backed up by firewall rules.   The most common rule set would be that outgoing web traffic is only allowed via the IP address of the official proxy server.  Which is why most people get stuck when trying to be a proxy ninja on their school or company network.

In addition to the installation of a proxy server, most organisations now are rightly paranoid about ‘nasty stuff’ on the net, and so they utilise some sort of additional content filters.  The most common one I’ve come across is from Websense but there are quite a few different ones.   These will monitor online all the traffic and URLs, and block or log according to specific rules and algorithms.  These filters are generally installed on the ‘wire’ and will have access to all traffic on the network.   There’s only one real way to beat a decent filter and that’s to stop it analysing what you’re doing – that means you must use encryption.

It can be via SSL, a VPN or like Identity Cloaker which uses Rjindael-AES 256 bit Encryption over a SSH connection.  It’s difficult to summarise what situation you might find in any specific environment.  In any vaguely secure environment you’ll probably find most stuff I’ve mentioned being implemented.

Of course us Ninja surfers can get round all these issues.  Normally it’s not that hard to do usually becuase of the way a security measure has been implemented. For example you’ll commonly find Internet Explorer locked down very tightly stopping you doing anything.   But then the rest of the client will be neglected and a user can often install a different browser like Firefox which has no such restrictions!!

If an organisation hasn’t stopped you installing a new browser on your PC then it’s unlikely they’ve created any security templates either.   It’s not uncommon to see surprisingly – a super locked down version of IE alongside a completely unmonitored copy of Firefox.  Of course before you start messing around with the Internet at work or college, you should consider your position.   Check out your Internet Use Policy and see what you’re allowed to do – is there something that says you can’t use another browser for example !

It’s a big subject and I’ll cover some more specific scenarios in future posts.  I’ll mostly use Identity Cloaker as it normally has the functionality to bypass most corporate blocks and filters but there are others.   Don’t bother messing around with stupid online web proxies though – they won’t work unless your network admins are particularly stupid.

Blocking Anonymity – China and TOR

February 9, 2012 content filtering / technology
1 comment

There’s loads of places where it’s pretty simple to bypass the blocks and restrictions that Governments put up. In reality a lot of countries have no access to the skills, equipment and in some cases the will to ensure that they really do control access to the internet. For instance in Turkey, there are a lot of sites which are officially blocked like Gay and Lesbian groups ( serious sites not porn) but thousands of people access every day with no problem.

Subscribing to a anonymity service is quite common in many countries, not particularly due to the privacy issues but more because they want to access TV and media sites in other countries. The Geographical blocks that stations like the BBC and Hulu put above are easily circumvented by using a security program like Identity Cloaker.   In fact if you speak to these companies you’ll find that 95% of the traffic is related to watching video and not to secure or private browsing.   In Identity Cloaker for example you can turn off the encryption to increase speed which is what many users do. Then people select the proxy server that they need – anything from an Australian proxy or a French, German or British one.

However the simple Geo blocks of the media companies are much worse for many people – for instance in China.  Whilst many countries are as mentioned pretty hopeless at controlling internet access – the techies behind the Great Firewall of China are very switched on indeed.

TOR Access Block

TOR is free software which links to an open network run by it’s users, it’s designed to provide anonymity online and let users bypass blocks and firewalls.   It does have it’s problems mainly based on the open format of it’s network – you relay traffic through other users computers.  As such there are security problems and it can be painfully slow to use.  But it is very difficult to block as you are not reliant on specific servers and there’s no specific IP addresses you can restrict access to.   But the Chinese have reportedly been block TOR users for several months.

The security team at Team Cymru have recently investigated how the Chinese Government was blocking access made to the TOR network.  It’s pretty interesting reading and demonstrates that the Chinese are actively combating the use of Tor through the Great Firewall of China.   Every time a user connected to a one of the Tor Bridges (which relays the connection through the Open network) then probes would be sent out from a Chinese IP address.  The probe was only sent if a connection was made to port 443 (HTTPS) in which an SSL negotiation was performed, any non secure connection did not cause the probe.

The probe was extremely sophisticated and designed specifically to connect with Tor, even able to communicate using the Tor Protocol.  As soon as one  of the probes was received the connection of the original Tor User was blocked by the Chinese Firewall and the connection dropped.

The team Cymru researcher was able to identify how the Tor connection was been identified.  The Tor handshake was located by inspecting inside the packet and locating the specific SSL ciphers used by Tor to establish the handshake.

Pretty heavy stuff,  to utlize this level of Deep Packet Inspection requires very sophisticated technology and obviously teams of people actively researching  how to block anonymity systems like Tor!

You can read the full details of this research conducted by Tim Wilde of Team Cymru here – Great Firewall of China Tor Probing.

 

 

 

 

 

 

Facebook is Blocked at Work – How Can I Access ?

July 26, 2011 content filtering / ninja
No comments

Yes I know it is addictive, yes I know you love to spend hours on there – which is probably the reason Facebook is blocked at your work. I did some work on a content filter last year at a medical company – we didn’t actually block anyone but just monitored the sites the employees were visiting. The amount of time some individuals spent on Facebook, MySpace and Ebay was simply incredible – one female was spending 30 hours a week regularly on these sites !!!

The idea of monitoring these sites initially was to make a solid case for blocking them. You see the company had quite a relaxed Internet Usage Policy and they were quite happy to allow people personal access during lunch hours, breaks and after work. But obviously if you’re spending that amount of time surfing the web you aren’t doing much work!

So we Blocked Facebook …..

Now for ordinary people who just want to keep in touch, or check in with friends occasionally this can be a bit annoying. So I want to tell you a bit about how these sites are blocked and how you can access them. First of all though you should check your employment and internet policies – if there’s stuff in there about not using the internet for personal use etc, etc and phrases like subject to disciplinary action appear – then you’re probably best waiting until you get home. Accessing sites that your employer has blocked on purpose is likely to get you into trouble – but hey that’s your choice.

Facebook Blocked By Firewall – Using A Web Proxy

The very simplest way to block access to a web site is just by using a proxy or firewall. Here you just create a simple black list of web sites which will not be allowed through. So for instance in this case we might have the URL – www.facebook.com or perhaps the IP address of the Facebook servers or perhaps both. All internet traffic will go through the firewall or proxy so when you request any sites in this list you just get redirected to another page (usually a warning page).

This is the way everyone used to do this, however it’s pretty easy to get round now. If you look on the internet about ways to access Facebook at work or school you’ll normally find the suggestion to use an external proxy (they’ll have names like ninjaproxy or shadow proxy or something stupid like that! What happens here is you go to a proxy web site where you type in your URL (e.g. Facebook) into the proxy, which then fetches the page and displays it in a little frame for you. From your site you are communicating with the proxy server (not Facebook) and so the Firewall does not block your request.

In most places this doesn’t work anymore for a variety of reasons, but the two main ones are:

  1. The proxy sites themselves are blocked by the firewall
  2. Most companies now use more sophisticated content filters which look inside the packet for the blocked site. Meaning using just a proxy won’t work.

If your company doesn’t bother with these, then you’ll be able to use the web proxies online to access most content you like. In fact if your place is that lax on security you may be able to find a free proxy online and surf directly through it. Just search for some free proxies, find their IP address and input it into your browser under this screen which you can find under internet options/connections/LAN settings or something like that.

Facebook Blocked - Using A Proxy

Here you relay all your request directly through an external proxy which is usually quicker and you don’t have advertisements and little frames added to your browsing session. If you find a fast proxy then you will not even notice the difference from normal surfing.

Remember this only works in extremely lax environments so check it out before hand. Most places you shouldn’t even be able to modify those settings in Internet Explorer (there’s ways around this as well but that’s for another post).

Facebook Blocked By Content Filter

This is the most difficult scenario to bypass because most of the content filters actually look at the data in each packet. So you may be surfing through a proxy or using a web proxy site but the content filter will still see the URLs you are accessing. So not only do you need the protection of a proxy server, but you also need some way to stop the content filter reading the URLs you are trying to access.

The solution is encryption, if you encrypt your connection nobody can see anything but the IP address of the server you are accessing. To do this you need either to set up a VPN between you and a trusted server or use something like Identity Cloaker which encrypts everything by default anyway. Of course Identity Cloaker is a paid service but if you just want to get round a facebook block then you’re in luck as the demo version is available for free which allows access to Facebook!

Accessing Facebook through Identity Cloaker

Click on the graphic to go to the download page, use the demo account supplied and you can run a secure encrypted tunnel to any of Identity Cloaker’s servers. Through this you can surf through all of the most sophisticated content filters and security set ups. Of course this version will only work with the listed sites but at the time of writing – Facebook and Twitter are both on the allowed list.

So if Facebook is blocked and you want a solution – there you have it. But as mentioned earlier if your manager walk by and sees Facebook on your monitor – then they’re going to know you’ve bypassed their filter !!! So be aware of you company policy. This will also work in all those countries who have blocked and filtered Facebook as well. There are other sites allowed in the demo modes which have also been blocked by many countries – such as Blogger, Twitter, Squidoo and Wikimedia for instance. If you want to use it for accessing other sites like BBC Iplayer, Hulu, Pandora etc, etc normally blocked by location – upgrade your subscription and help the Identity Cloaker guys out – it’s a great deal, I like watching some of the Australian and Canadian TV channels from the UK.

Anyway hope this helps people and don’t get in to any trouble !!