Giganews Newsgroups english - español - deutsch (Übersetzungen willkommen!)

HOWTO: Internetzensur umgehen

Freerk <freerk@gmx.net> (schreib in englisch, deutsch oder spanisch), zuletzt geupdated 2003-08-19
Dies ist eine Einleitung zum Umgehen von Internetzensur in verschiedenen Ländern, Schulen, Universitäten oder Firmen mithilfe von Proxies, Shells u.s.w.
Übersetzt von Freerk <freerk@gmx.net>. Dieser Artikel ist eine Übersetzung aus dem englischen vom Original "HOWTO bypass Internet censorship".
Die englische Version wird ständig erweitert und ist immer aktueller als diese und andere Übersetzungen. Dieser Text ist noch nicht fertig übersetzt, ich arbeite dran!

1. Einführung

2. Mögliche Schwachstellen

3. Verschiedene Arten von Internetzensur

4. Verschiedene Möglichkeiten die Zensur zu umgehen

5. Wie man Informationen veröffentlicht

6. Anhang


nach oben

1. Einleitung

  • 1.1 Über Internetzensur

  • In den letzten 10 Jahren ist das Internet sehr schnell gewachsen. Es ist ein zusammenschluss von tausenden kleinen Netzwerken. Millionen Computer sind verbunden und es wird nicht von einer Regierung kontrolliert oder gar besessen. es gibt keine Gesetze, jeder kann seine Webseiten ins Internet stellen und jeder auf der Welt, der vor einem PC mit einem Internetzugang sitzt kann sich diese Seite ansehen. Ich glaube das dies die Welt ändern kann und wird.

    Allerdings gibt es verschiedene Regierungen, die diesen unlimitierten Zugang zu Informationen für zu gefährlich für ihre Bürger halten. Dies sind z.B. China, Saudi Arabien, Australien, Bahrain, Kuba, Jordanien, Tunesien, Burma, Singapur, Uzbekistan, Jemen, Kuwait, Vietnam, Syrien, Iran, Vereinigte Arabische Emirate und Teile von Afrika und Deutschland. Dies variiert von einer recht einfach zu umgehenden DNS Sperrung von 2 Nazi Seiten in NRW bis zu einer staatlichen Zensurbehörde mit 30.000 Mitarbeitern, derren einzige Aufgabe es ist tausende Internetseiten zu blockieren, in China. Da die Sperrungsmethoden verschieden sind, werden auch verschiedene Möglichkeiten sie zu Umgehen benötigt. Ich werde versuchen, dir in diesem Tutorial zu zeigen wie du wieder auf die Webseiten von Amnesty International, BBC, Google oder andere Seiten, die in deinem Land zensiert werden, kommen.kannst. Ich habe diese Seite in sehr einfachem HTML geschrieben, so dass sie auch mit alten PC's und langsamen Internetverbindungen gut angeschaut werden kann. Bitte verbreite diese Informationen, druck die Seite (ich habe keine Links "versteckt", so das nix verlohren geht wenn dieses Dokument gedruckt wird), setzte Links, kopier sie und unterrichte deine Freunde und Verwanten!

  • 1.2 Warum ich dies schreibe

  • OK, ich lebe in Deutschland, das ja nicht gerade berühmt für seine Internetzensur ist. Allerdings versucht die Bezirksregierung in Düsseldorf/NRW die Internetzensur in Deutschland einzuführen und erlässt sogenannte Sperrverfügungen die sich gegen 2-4 Naziseiten richten. Natürlich bin ich kein Fan von diesen Naziseiten, allerdings bin ich der Meinung das keine Regierung oder sogar ein Systemadministrator das recht hat zu bestimmen welche Informationen ich abrufen kann und welche nicht. Welche Seiten werden als nächstes gesperrt? Wer bestimmt welche Seiten geblockt werden? Ausserdem sperrt meine Schule einige Internetseiten und so began ich mich für das Thema zu interessieren.

  • 1.3 Wie kommt man an diese Datei

  • Da du dies gerade liest hast du die Datei ja wohl irgendwo gefunden. Die aktuellste Fassung gibt es allerdings hier:

    Europäischer Mirror: http://www.zensur.freerk.com/ - (Lambdanet - Erfurt, Deutschland)
    Amerikanischer Mirror: http://nocensor.opennetinitiative.net/ - (Uiversität Toronto, ON, Kanada)
    Asiatischer Mirror: http://tokyo.cool.ne.jp/cship/ (Infoseek - Tokyo, Japan)

    SSL Mirror: https://secure.sslpowered.com/bpass/ (Netfirms, Toronto, ON, Canada)
    Dynamische IP Mirror: http://vielleicht-deiner.dyndns.org/ (schreib mir ne email)

    eMail Autoresponder english: index.htm@zensur.freerk.com (just send an empty email, you will automatically get this text as plain HTML in return.)
    eMail Autoresponder español: index-es.htm@zensur.freerk.com (solo tienes que enviar un e-mail vacío, y automáticamente recibirás la version espanola de este artículo en HTML)
    eMail Autoresponder deutsch: index-de.htm@zensur.freerk.com (einfach eine leere email schreiben, dann gibt es automatisch den deutschen Text als HTML-Datei zurück.)


    back to top

    2. Mögliche Schwachstellen

    Du musst entscheiden ob du die Internetzensur umgehen willst oder nicht. Ich kann dir nur zeigen wie es geht, die Verantwortung kann ich natürlich nicht übernehmen. Einige zensierende Länder würden dich einspeeren, falls sie dich erwischen, und einige Firmen und Schulen würden dich feuern.
    Natürlich blockieren die Zensoren nicht nur den Internettraffic, sondern beobachten ihn auch (Nur bei kleineren Datenmengen möglich, in China z.B. nicht) und versuchen herrauszufinden wer ihre Blockierungen wie umgeht. An einigen Identikatoren in den Log-Dateien der Provider lässt sich relativ leicht ermitteln, wer die Internetzensur wie umgeht::

    Versuche dies zu verhindern!

    Mehr Infos: http://www.peacefire.org/circumventor/list-of-possible-weaknesses.html
    http://peek-a-booty.org/pbhtml/downloads/ResponseToLopwistcic.htm


    nach oben

    3. Verschiedene Arten von Internetzensur

    Es gibt viele verschiedene Arten um den Internetzugang zu zensieren. Manchmal werden sogar 2 oder mehrere Möglichkeiten zusammen eingesetzt. Bitte schreib mir an freerk@gmx.net welche Methoden in deinem Land/Provider benutzt werden und welche Wege sie zu umgehen funktionieren. Ich möchte diese Infos auf dieses Seiten veröffentlichen (selbstverständlich anonym!), damit auch andere Leute von dem Wissen profitieren können.

  • 3.1 Per DNS-Server geblockte URL's

  • Diese Methode benutzen z.B. einige deutsche Provider in NRW. Es ist eine sehr einfache und billige Zensurmethode, und das umgehen ist auch einfach. Erstmal muss ich erklären was das Domain Name System ist: Jeder PC, der mit dem Internet verbunden ist, hat eine eigene IP-Nummer, vergleichbar mit einer Telefonnummer. Dies sind 4 Zahlen von 0-255 durch einen Punkt getrennt. Z.B. ist 62.141.48.209 die IP von www.zensur.freerk.com. Da man sich diese Nummern schlecht merken kann wurde das DNS erfunden. Mit diesem Internetdienst ist es möglich mit Internetadressen wie www.google.de anstatt mit den IP-Nummern zu arbeiten. Wenn du www.google.de in deinen Browser eingibst sendet dein PC eine anfrage an dem DNS-Server deines Providers, der dir bei der Einwahl automatisch zugewiesen wurde. Viele Adressen hat der bereits gespeichert, und dann gibt es die richtige IP Adresse recht schnell zurück. Teilweise muss der DNS-Server allerdings erst bei einem der 13 offiziellen DNS-Root-Server anfragen auf welche IP eine bestimmte Adresse verweisst. Falls der DNS-Server deines Providers zensiert, sendet er dir einfach gar keine IP zurück oder die IP einer "tschuldigung, zensiert" Webseite.

  • 3.2 Zwangsproxy / Transparenter Proxy

  • Bei einem Zwangsproxy muss man einen Proxy in seinen Verbindungseinstellungen im Browser angeben. Manchmal ist dies auch durch einen transparenten Proxy geregelt, d.h. in den Verbindungseinstellungen hat nichts zu stehen, und man kann nicht ohne weiteres herausfinden ob ein Proxy vorhanden ist oder nicht. Jede Anfrage wird über diesen Proxy geleitet und nach dem Check wird die Antwort zu dir weitergeleitet (oder auch nicht).

  • 3.3 Wortfilter

  • Dies bedeutet das der gesammte Interenttraffic durch die Server der Zensoren geht, die die Seiten nach "schlimmen Wörtern" durchsuchen. Diese dynamische Filterung wird von den meisten Schulen, Büchereien und Firmen eingesetzt. Sobald eine Seite mit verbotenen Wörtern entdeckt wird, wird diese geblockt.

    Der Webmaster der geblockten Seite könnte dies verhindern indem er den Inhalt z.B. in Bildern versteckt. Für die Benutzer macht dies kein Unterschied, aber es ist sehr schwierig für ein Computerprogramm diesen Text zu lesen.

    The person who is offering the blocked information could prevent the censoring by "hide" the content inside of images. For the user there is almost no difference, but it is difficult for a computer program to "read" the text inside an image. Also SSL encrypted traffic (a URL starting with https://...) can't be scanned easily. You can test which keywords are blocked on your connection on http://www.zensur.freerk.com/kword/ there you can enter the keyword(s) you want to test an click on "send" when you get the message "You entered blablabla" in return everything is fine, but if you get an error message you know which words are blocked.

  • 3.4 Blocked ports

  • Ports are like doors for a special service to a server or PC. They rank from 0 to 65535. The standard ports are from 0 to 1024, these are the well known ports. The official list you can get unter http://www.iana.org/assignments/port-numbers. If a censor blocks a port, every traffic on this port is dropped, so its useless for you. Most censors blocks the ports 80, 1080, 3128 and 8080, because these are the common proxy ports. Because all of the proxies on common ports are useless for you, you have to find proxies that are listening on an uncommon port. These are very difficult to find.
    You can easily test which ports are blocked on your connection. Just open the DOS-prompt, type telnet login.icq.com 80 and hit enter. The number is the port you want to test. If you get some wired symbols in return everything is ok, if it says "timeout" or something similar, that port is blocked by your ISP. Here are the most important ports for us:

    20+21 - FTP (file transfer)
    22 - SSH (secure remote access)
    23 - telnet (remote access) and also Wingates (special kind of proxies)
    25 - SMTP (send email)
    53 - DNS (resolves an URL to an IP)
    80 - HTTP (normal web browsing) and also a proxy
    110 - POP3 (receive email)
    443 - SSL (secure HTTPS connections)
    1080 - Socks proxy
    3128 - Squid proxy
    8000 - Junkbuster proxy
    8080 - a proxy

  • 3.5 Censorware on the client (child protection e.t.c)

  • Normally the censorship is implemented on servers from the ISP or government, but in some schools, private homes and some companies the blocking software is installed on every PC.

    More info: http://www.peacefire.org/
    http://www.cexx.org/censware.htm
    http://www.epinions.com/cmsw-Kids-Topics-2
    http://www.securiteam.com/securityreviews/Web_blocking_software_can_be_easily_bypassed.html

  • 3.5.1 NetNanny

  • More info: http://www.netnanny.com/index.html
    http://peacefire.org/censorware/Net_Nanny/

  • 3.5.2 CyberSitter

  • More info: http://www.cybersitter.com/
    http://www.spectacle.org/alert/peace.html
    http://www.peacefire.org/censorware/CYBERsitter/

  • 3.5.3 AOL Parental Control

  • More info: http://www.aol.com/info/parentcontrol.html

  • 3.5.4 CyberPatrol

  • More info: http://www.cyberpatrol.com/
    http://www.peacefire.org/censorware/Cyber_Patrol/

  • 3.5.5. SurfControl

  • More info: http://www.surfcontrol.com/
    http://peacefire.org/censorware/SurfWatch/

     

  • 3.6 Censorware on the server (inside of networks)

    This are programs that are mostly installed on servers in schools, libraries, companies or countries with a little Internet population.

  • 3.6.1 Bess/N2H2

    Bess is a proxy filter that is often used in schools/universities and companies. It can easily bypassed with Webproxies.

    More info: http://www.n2h2.com/products/bess_home.php
    http://www.peacefire.org/censorware/BESS/

  • 3.6.2 DansGuardian

    It's a Open Source Webfilter. Free for non-commercial use and thus it is widhly spread in universities, schools and libraries. It works as a Proxy with URL and keyword filtering (and also with the PICS-Standard). It's often used on a IPCop machine, however, the author from DansGuardian doesn't like it.

    More Info: http://dansguardian.org/

  • 3.6.3 WebSense

    More Info: http://www.websense.com/
    http://www.peacefire.org/censorware/WebSENSE/

  • 3.6.4 WebWasher

    More Info: http://www.webwasher.com/

  • 3.6.5 SmartFilter

  • More Info: http://www.securecomputing.com/index.cfm?skey=85
    http://www.peacefire.org/censorware/SmartFilter/

  • 3.6.6 squidGuard

    More Info: http://www.squidguard.org/

  • 3.6.7 new_new

  •  

  • 3.7 Whitelist

  • Most Internet filters works with a blacklist, which means that access to all sites is allowed, except some special sites (well, sometimes there are a lot exceptions...). A whitelist works the other way around: Access to all sites is blocked, except some special ones. For a normal ISP it is almost impossible to offer, because the Internet is nearly worthless. The whitelist scheme is used by free Internet terminals that are sponsored by a company which allows users the free access to their e-commerce site. This filter scheme is the most difficult to circumvent.
    Some time ago, there was a German ISP who had a completely free 0800-dial in number. Once you dialed in, you only could surf to amazon.de and about 10 more e-commerce sites. But you could also connect to the other customers of the ISP. So somebody with a flatrate connected to both his normal ISP and the 0800-free ISP and set up a proxy. So all the users of the free ISP could use that proxy to connect to other sites.

     

  • 3.8 IP blocking on the routers

  •  


    back to top

    4. Different ways to bypass censorship

    Since you can't directly access a server that is blocked you have to send the request to a non blocked server which redirects the traffic to the real site you want to visit. There are different types of these "gatekeepers".

  • 4.1 Using a different ISP

  • Well, it's as easy as it sounds: Just change your Internet Service Provider! For example only in 'Nordrhein-Westfalen' (a state of Germany) there is a censoring firewall, you can just subscribe to an ISP outside that state. But normally the censorship counts for all the country. One possibility is to try out an ISP outside the country. That costs a lot, but that way you do have a normal Internet access and don't have to worry about getting around filters. This could be a normal dialup provider in an neighbor country or better a 2-way Internet access via satellite like http://www.europeonline.com/ http://registrierung.tiscali.de/produkte/1400_satellit.php, http://www.gilat.de/, http://www.hns.com/, http://www.vsatnet.com/, http://www.starband.com/, http://www.wildblue.com/, http://www.skycasters.com/, http://www.directduo.com/, http://www.orbitsat.com/, http://www.ottawaonline.com/ and so on, just search with a search engine for '2-way internet via satellite [your country or neighborcountry]' or something like that.

     

  • 4.2 Using a not censoring DNS-server

  • Normally, you automatically would use the DNS-server of your ISP to resolve domain names like www.freerk.com to 62.141.48.209. Internally, only these IP-addresses are used to send/receive data in the Internet. If your DNS-server is censoring, you simply can use another DNS-server. Under Windows, just right-click in your system panel on the 'network' icon and select properties of the TCP/IP-protocol. In Linux you have to edit the '/etc/resolv.conf' file. Use the server that is (virtual) your nearest. If you want to setup your own DNS-server use Bind (http://www.isc.org/products/BIND/). The list of the 13 official root servers is located here: ftp://ftp.rs.internic.net/domain/named.root for reduancy it would be good to ad the alternative root servers located in Europe from ORSN: ftp://ftp.orsn.org/orsn/orsn.hint.

    Non censoring DNS-Servers:

    dns2.de.net - 194.246.96.49 (Frankfurt, Germany)
    sunic.sunet.se - 192.36.125.2 (Stockholm, Sweden)
    master.ns.dns.be - 193.109.126.140 (Leuven, Belgium)
    merapi.switch.ch - 130.59.211.10 (Zurich, Switzerland)
    prades.cesca.es - 192.94.163.152 (Barcelona, Spain)
    michael.vatican.va - 212.77.0.2 (Vatican City, Italy)
    dns.inria.fr - 193.51.208.13 (Nice, France)
    ns0.ja.net - 128.86.1.20 (London, UK)
    nic.aix.gr - 195.130.89.210 (Athens, Greece)
    ns.ati.tn - 193.95.66.10 (Tunis, Tunisia)
    ns1.relcom.ru - 193.125.152.3 (Moscow, Russia)
    trantor.umd.edu - 128.8.10.14 (College Park, MD, USA)
    ns1.berkeley.edu - 128.32.136.9 (Berkeley, CA, USA)
    merle.cira.ca - 64.26.149.98 (Ottawa, Canada)
    ns2.dns.br - 200.19.119.99 (Sao Paulo, Brasil)
    ns2.gisc.cl - 200.10.237.14 (Santiago, Chile)
    ns.uvg.edu.gt - 168.234.68.2 (Guatemala, Guatemala)
    ns1.retina.ar - 200.10.202.3 (Buenos Aires, Argentina)
    ns.unam.mx - 132.248.253.1 (Mexico City, Mexico)
    ns.wide.ad.jp - 203.178.136.63 (Osaka, Japan)
    ns.twnic.net - 192.83.166.11 (Taipei, Taiwan)
    ns3.dns.net.nz - 203.97.8.250 (Wellington, New Zealand)
    box2.aunic.net - 203.202.150.20 (Melbourne, Australia)

    It's also possible to act as a manual DNS server by yourself. Just use the ping or traceroute service on a non censoring machine to get the IP of your desired server. Then use the IP instead of the URL in your browser. You will always get an IP, but it won't work every time to access the website via the IP, because a lot of webhosters host up to 500 or more websites on one server with one IP. But it will work fine with bigger websites.

    http://195.193.168.164/ - Rotterdam, Netherlands (JAVA VISUALROUTE)

    http://www.vs1.ffs-server.de:8000/ - Darmstadt, Germany (JAVA VISUALROUTE)

    http://202.85.153.198:8080/ - Hong Kong (JAVA VISUALROUTE)

    https://www.velia.net/tools/traceroute.php - Hanau, Germany (HTTPS encrypted)

    http://www.traceroute-gateways.com/ - About 1000 public ping/traceroute gateways sorted by country

    http://www.traceroute.org/ - Another list with public ping/traceroute services sorted by country

     

  • 4.3 Using a non censoring proxy server

  • You can put a proxy server between your Internet connection and the site you want to visit. You send your request for a special website to that proxy server, which request the page from the Internet and deliver it to you. Normally, those servers cache the requested pages, so that on the next request he can deliver the page directly from the cache. That would be faster and cheaper. We use those servers to bypass censorship. For the eyes/computers of our ISP/Government we are only connecting to the proxy, they can't easily see, that we are connecting to a "bad site". But sometimes the standard proxy ports (80, 1080, 3128 and 8080) are blocked. In that case you have to use the proxies that are listening on an uncommon port.

  • 4.3.1 Standard proxy

  • Standard Proxies you can find everywhere on the net. Almost every provider offer a proxy for their customers. Here are a few, its in the widly spread "hostname:port" format. Theese proxies are mostly not anonymous!

    www-proxy.t-online.de:80 (Bonn, Germany)
    cair.res.in:80 (Bangalore, India)
    esjv.com.hk:80 (Hong Kong)
    mail.unisol.com.ar:80 (Argentina)
    souththornlieps.wa.edu.au:3128 (Perth, Australia)
    proxy.olimpo.com.br:8080 (Rio de Janeiro, Brasil)
    203.77.236.3:8080 (Jakarta, Indonesia)

  • 4.3.2 Uncommon port proxy

  • Due to the fact that several censors block the common proxy ports (80, 1080, 3128 and 8080) to prevent circumvention you have to use proxies that are listening on a uncommon port. For example 8000 for the Junkbuster proxy or 6588 for the AnalogX proxy. You get a weekly updated list of Proxies that are listening on a non standard port here: http://www.zensur.freerk.com/list.txt or via eMail autoresponder at list.txt@zensur.freerk.com.

  • 4.3.3 Socks proxy

  • More info: http://www.ufasoft.com/socks/
    http://proxylabs.netwu.com/proxycap/

  • 4.3.4 Set up an own proxy server

  • More info: http://www.gcd.org/sengoku/stone/
    http://www.junkbusters.com/ijb.html
    http://www.boutell.com/rinetd/

  • 4.3.5 Special proxy / tunnel tools

  •  

  • 4.3.5.1 JAP
  • JAP is an free and open source anonymity tool invented by a German university. It sends your traffic encrypted through different mixes, so that absolutely nobody, not even the owner of on of the mixes know who is accessing which site. This is also on of the best tools to circumvent censorship. Just follow the instalation instructions on http://anon.inf.tu-dresden.de/index_en.html on installing the Java client (available for Windows, Unix, Linux, OS/2, Macintosh and others) The infoservice is listening on port 6543, the Dresden-ULD mix on port 26544, the Dresden-Dresden mix on port 6544 and the Dresden-Luebeck mix on port 9544.

  • 4.3.5.2 Httport
  • http://www.htthost.com/

  • 4.3.5.3 Localproxy
  • http://proxytools.sourceforge.net/

  • 4.3.5.4 HttpTunnel
  • http://www.http-tunnel.com/
    http://www.nocrew.org/software/httptunnel.html

  • 4.3.6 Wingates

  • More info: http://www.deerfield.com/products/wingate/


  • 4.4 Using a shell

  • http://www.chiark.greenend.org.uk/~sgtatham/putty/
    http://directory.google.com/Top/Computers/Internet/Access_Providers/Unix_Shell_Providers/
    http://www.panix.com/shell.html
    http://www.shellux.net/

  • 4.5 Using a webproxy

  • Webproxies are CGI-scripts that you call with your browser and open a different URL (Internetadress) with. So your firewall thinks you are only connecting to the server with the CGI-script. The addresses under 4.5.4 are not really meant as proxies. They act as translators, html-checkers or as a webarchive. You can use them as a kind of proxy anyway. These webproxies are a good thing for "quick 'n dirty" bypassing. You don't have to configure your browser or something, but it's kind of slow and won't work with all webpages. Only the proxies that are going over a secure connection can be used for phrase filtering, but the others a perfect for URL/IP filtering. Use them in your school, company or library when you have no privileges to install/change something on the machine. These links points to google.de because the site is very small, usefull, always on and does not contain the ".com" extension of DOS-Files that are filtered by some proxies. If you do have webspace with cgi abillity you can download the CGIProxy from James Marshall and install it on that webspace (there is a easy installer which does everything for you: http://install.xav.com/). To find new working proxies search for "nph-proxy.cgi", "nph-proxy.pl", "Start Using CGIProxy", "Start browsing through this CGI-based proxy" or something like that with Google, Altavista, Yahoo or another search engine.

  • 4.5.1 Standard webproxies (mostly CGIProxies: http://www.jmarshall.com/tools/cgiproxy/)

  • http://anon.free.anonymizer.com/http://www.google.de/
    http://invis.free.anonymizer.com/http://www.google.de/
    http://anonymouse.ws/cgi-bin/anon-www_de.cgi/http://www.google.de/ (Advertisement)
    http://www.sendfakemail.com/anonbrowser/ (Without images)
    http://203.26.19.30/proxy/proxy.pl/000000A/http/www.google.de/ (Whitout images)
    http://www.mdsme.de/cgi-bin/nph-spinnerproxy.cgi/111111A/http/www.google.de/
    http://www.marzie.com/webtools/proxybuster/browse.asp?url=http://www.google.de/ (Advertisment)
    http://203.26.19.30/proxy/nph-proxy.pl/111110A/http/www.google.de/
    http://www.tku.ac.jp/~99e1330/cgi-bin/nph-proxy.cgi/111/http/www.google.de/
    http://www.delorie.com/web/purify.cgi?purity=html40l&url=http%3A%2F%2Fwww.google.de (Advertisment)
    http://proxy.drkangel.com/nph-index.cgi/111110A/http/www.google.de/
    http://www.perseus.tufts.edu/cgi-bin/nph-filter/000010AA/http/www.google.de/
    http://www.anonymization.net/1/1/A/http://www.google.de/
    http://www.wgbh.org:81/cgi-bin/nph-algs.cgi/011111A/http/www.google.de/
    http://www.jetropolis.com/cgi-bin/nph-proxy.cgi/000000A/http/www.google.de/
    http://digitalizedzone.com/cgiproxy/nph-proxy.pl/111110A/http/www.google.de/
    http://unfeomateo.com/cgiproxy/nph-proxy.pl/000100A/http/www.google.de/
    http://www.linuxdistributions.com/cgi-bin/nph-proxy.cgi/000111A/http/www.google.de/
    http://ym2400z.virtualave.net/cgi-bin/cgiproxy131/nph-proxy.cgi/000/http/www.google.de/
    http://glass.ipe.tsukuba.ac.jp/~s011304/cgi/nph-proxy.cgi/000010A/http/www.google.de/
    http://www.anonsurf.de/cgi-bin/nph-asurf.cgi/000100A/http/www.google.de/
    http://www.valkaryn.net/proxy/nph-proxy.cgi/000010A/http/www.google.de/ (Advertisment)
    http://www.rahty.com/nph-proxy.cgi/00010/http/www.google.de/
    http://www.boyscorp.com/prx/nph-proxy.cgi/000/http/www.google.de/
    http://www.thinksquad.com/cgi-bin/nph-proxy.cgi/000110A/http/www.google.de/
    http://www.hostsite.org/proxy/nph-proxy.pl/000000A/http/www.google.de/
    http://free2.surffreedom.com/nph-free.cgi/000000A/http/www.google.de/
    http://birthdays.hisham.cc/nph-proxy.cgi/000010A/http/www.google.de/
    http://www.triumphpc.com/cgi-bin/nph-proxy.cgi/000010A/http/www.google.de/

  • 4.5.2 Webproxies with encrypted URL's

  • http://www.proxyone.com/cgi-bin/nph-prxone.cgi/111111A/687474702f7777772e676f6f676c652e64652f (Without images)
    http://proxy.guardster.com/cgi-bin/nph-proxy.cgi/111101A/687474702f7777772e676f6f676c652e64652f (Advertisment)
    http://proxify.com/nph-proxy.cgi/000010A/687474702f7777772e676f6f676c652e64652f (Advertisment)
    http://www.team777.com/cgi-bin/ey3/nph-proxy.cgi/000010A/687474702f7777772e676f6f676c652e64652f

  • 4.5.3 Webproxies over a secure SSL-connection
    a lot of ssl-webproxies can be found here:
    http://qingxin.mine.nu/ssl.asp

  • https://www.anonsurf.de/cgi-bin/nph-asurf.cgi/000100A/http/www.google.de/
    https://dtw.ods.org/cgi-bin/nph-proxyb.cgi/000000A/http/www.google.de/
    https://nav.ebutechnologies.com/securing/free-anon.cgi/542/http://www.google.de/
    https://ym2400z.virtualave.net/cgi-bin/cgiproxy131/nph-proxy.cgi/100/http/www.google.de/
    https://vip.megaproxy.com/go/_mp_framed?http://www.google.de/ (Advertisment)
    https://proxify.com/nph-proxy.cgi/000010A/687474702f7777772e676f6f676c652e64652f (Advertisment)
    https://www.perseus.tufts.edu/cgi-bin/nph-filter/000010AA/http/www.google.de/ (Without images)
    https://www.eopledaily.com/dmirror/http/www.google.de/
    https://nhuanet.com/cgi-bin/nph-proxyb.cgi/000000A/http/www.google.de/
    https://dtaiwang.ftphost.net/cgi-bin/nph-proxyb.cgi/000000A/http/www.google.de/
    https://www.eopledaily.com/cgi-bin/nph-proxyb.cgi/000000A/http/www.google.de/
    https://www.amduus.com/cgi-bin/nph-proxy.cgi/000010A/http/www.google.de/
    https://ym2400z.virtualave.net/cgi-bin/cgiproxy131/nph-proxy.cgi/000/http/www.google.de/

  • 4.5.4 Translators, warpers, e.t.c that can be used as a proxy

  • http://www.dejavu.org/ (Browser Emulator)
    http://crit.org/http://www.google.de/
    http://paranormal.about.com/gi/dynamic/offsite.htm?site=http%3A%2F%2Fwww.google.de
    http://bobby.cast.org/bobby/bobbyServlet?URL=http://www.google.de (Websitechecker)
    http://www.vischeck.com/vischeck/vischeckURL.php (Websitechecker)
    http://spireproject.com/cgi-bin/footnote.pl?form=2&page=http://www.google.de (Footnote?)
    http://cyber.law.harvard.edu/cite/annotate.cgi?view=http://www.google.de (kind of a footnote)
    http://webwarper.net/ww/~GZ/www.google.de/?* (Warper)
    http://babelfish.altavista.com/ (Translator)
    http://www.freetranslation.com/web.htm (Translator)
    http://translation.langenberg.com/ (Translator)
    http://www.systransoft.com/ (Translator)
    http://www.translate.ru/srvurl.asp?lang=de (Translator)
    http://translator.abacho.de/ (Translator)
    http://www.t-mail.com/cgi-bin/tsail (Translator)
    http://www.google.com/language_tools?hl=de (Translator)
    http://tarjim.ajeeb.com/ajeeb/default.asp?lang=1 (Translator)
    http://www.sdlintl.com/enterprise-systems/enterprise-translation-server/ets-demo/ets-demo-web-translator.htm (Translator)
    http://rinkworks.com/dialect/ (Fun-Translator)
    http://www.brunching.com/drugslanger.html (Fun-Translator)
    http://www.pornolize.com/cgi-bin/pornolize2/pornolize2.cgi?lang=en&url=http%3A%2F%2Fwww.google.de&submit=submit (Fun-Translator)
    http://unimut.fsk.uni-heidelberg.de/schwob.html (Fun-Translator
    http://www.google.com/ .de/ .fr/ (the Google Cache)
    http://web.archive.org/web/*/http://www.google.de (Archive of the Internet since 1996)
    http://www.marzie.com/webtools/proxybuster/ (get files)
    http://alltooflat.com/geeky/elgoog/ (a Google fun mirror mirror)
    http://www.guhgel.de/ (another Google fun mirror)
    http://www.assoziations-blaster.de/www.something.de/
    http://mirror.sytes.org/ (a fun mirror mirror *gg*)
    http://proxy.citizenlab.org/google/ (a Google mirror)
    http://hispeed.rogers.com/search/google.jsp (a Google mirror)
    http://www.gogole.com/ (a Google mirror)
    http://google.icq.com/search/ (a Google mirror)
    http://www.zensur.freerk.com/google/ (a mirror for the Google mirror...)
    http://www.google-watch.org/cgi-bin/proxy.htm (another Google and Alltheweb mirror)
    http://www.aigeek.com/txt2html/txt2html-url.cgi?url=http%3A%2F%2Fwww.google.de (html2text)
    http://gritechnologies.com/tools/diagnostic.go?www.google.de/ (see as a search engine)
    http://www.accu.org/cgi-bin/accu/access/access?Au=http%3A%2F%2Fwww.google.de (a gateway/browser emulator)

  • 4.6 Get webpages via eMail

  • Several years ago when the Internet connections where slow and the "www" just invented, many people just got a to email restricted access to the Internet. That's the origen of the "Agora" and "www4email" software. Some of these email robots are still available and we can use them to bypass Internet censorship. The best thing would be to subscribe to a free email provider which allows SSL-connections (like https://www.fastmail.fm/, https://www.ziplip.com/, https://www.hushmail.com/, https://www.safe-mail.net/, https://www.mail2world.com/, https://webmail.co.za/, https://www.webmails.com/ e.t.c) and use that account with the email addresses below. I put the field where you have to input the URL in brackets. It still works great for text. But sure there are big problems with images or even DHTML, Javascript, Java, Flash e.t.c. Also other services besides www are possible, for a very good tutorial on this see ftp://rtfm.mit.edu/pub/usenet/news.answers/internet-services/access-via-email. There is also a web based service under http://www.web2mail.com/. I again used www.google.de as an example because the URL is all time accessible and the '.com' in the original Google adress is often considered as a .com DOS-file by some computers and censorship systems. The www4mail software (http://www.www4mail.org/) is newer than the Agora software.
    A eMail with just "help" in the subject line will get you a tutorial on howto use the service properly.

    agora@kamakura.mss.co.jp
    [BODY] send http://www.google.de

    agora@dna.affrc.go.jp
    [BODY] send http://www.google.de

    page@grabpage.org
    [SUBJECT] url: http://www.google.de
    info: http://www.grabpage.org/

    frames@pagegetter.com
    [BODY] http://www.google.de
    info: http://www.pagegetter.com/

    web@pagegetter.com
    [BODY] http://www.google.de
    info: http://www.pagegetter.com/

    webgate@vancouver-webpages.com
    [BODY] get http://www.google.de
    info: http://vancouver-webpages.com/webgate/

    webgate@vancouver-webpages.com
    [BODY] mail http://www.google.de
    info: http://vancouver-webpages.com/webgate/

    www4mail@wm.ictp.trieste.it
    [BODY] http://www.google.de
    info: http://www.ictp.trieste.it/~www4mail/

    www4mail@access.bellanet.org
    [BODY] http://www.google.de
    info: http://www.bellanet.org/email.html

    www4mail@kabissa.org
    [BODY] http://www.google.de
    info: http://www.kabissa.org/members/www4mail/

    www4mail@ftp.uni-stuttgart.de
    [BODY] http://www.google.de

    www4mail@collaborium.org
    [BODY] http://www.google.de
    info: http://www.collaborium.org/~www4mail/

    binky@junoaccmail.org
    [BODY] url http://www.google.de
    info: http://boas.anthro.mnsu.edu/

    iliad@prime.jsc.nasa.gov
    [SUBJECT] GET URL
    [BODY] url:http://www.google.de
    info: http://prime.jsc.nasa.gov/iliad/

    Google Search via eMail:
    google@capeclear.com
    [Subject] search keywords
    info: http://www.capeclear.com/google/

    More info: http://www.cix.co.uk/~net-services/mrcool/
    ftp://rtfm.mit.edu/pub/usenet/news.answers/internet-services/access-via-email

     

  • 4.7 Using steganography

  • Hide content inside of images.

    More Info: http://www.wikipedia.org/wiki/Steganography

  • 4.7.1 Camera/Shy

    Camera/Shy is the only steganographic tool that automatically scans for and delivers decrypted content straight from the Web. It is a stand-alone, Internet Explorer-based browser that leaves no trace on the user's system and has enhanced security.

    Camera/Shy is an application that enables stealth communications, such software can be useful in countries where Email communications are regularily monitored and censored, such as happens in China.

    More info: http://hacktivismo.com/news/modules.php?name=Content&pa=showpage&pid=12/
    http://sourceforge.net/projects/camerashy/

     

  • 4.8 Using a special proxy like peer-2-peer program

  • There are different projects of peer-2-peer programs to bypass censorship. They work like Napster, Kazaa and eDonkey, which means that you have to download a little tool that contains a server and a client part.

  • 4.8.1 Peek a Booty

    The goal of the Peekabooty Project is to create a product that can bypass the nationwide censorship of the World Wide Web practiced by many countries.

    Peekabooty uses a complicated communications system to allow users to share information while revealing little about theis identity. When a node receives a request for a web page it randomly decides whether to pass this on or access the page itself. It also only knows the adress of its nearest partner. This makes it difficult to determine who requested what information and is designed to protect users from anyone trying to infiltrate the system from inside.

  • More info: http://www.peek-a-booty.org/

  • 4.8.2 Freenet

  • Freenet is the oldest and most widly spread P2P-program to beat censorship, so a lot of people use it and its actually working since several years quite well. There is no access to the Internet possible through the Freenet client. You can only view/download stuff from the 'free net'. You install the client as a local proxy which is listening on port 8888 and can access links like 'http://localhost:8888/SSK@fjfkHAbxdwMyTMFgtZjcP2ge-AYPAgM/sites/fwhh/index.html' It looks like a kind of normal URL. The 'localhost:8888' addresses the proxy server on port 8888 that is running on your local machine the rest is something like an encrypted filename. It is not possible to determine who put some information into the network or who is downloading it.

    More info: http://freenetproject.org/
    http://www.freenet-china.org/

  • 4.8.3 MojoNation

  • More info: http://www.mojonation.net/

  • 4.8.4 TriangleBoy

    Safeweb, a company that received funding from In-Q-Tel, the CIS's centure fund, released software called "Triangle Boy". The software is a peer-to-peer application that volunteers download onto their PC's. A User that has been denied access to any website by a censor can use the Triangle Boy software to circumvent the censorship. Currently the Triangle Boy software only provides access to the Voice of America, because this service is blocked by the Chinese government.

  • More info: http://www.safeweb.com/tboy_service.html

  • 4.8.5 Six/Four

  • More info: http://www.hacktivismo.com/

  • 4.8.6 Entropy

  • More info: http://entropy.stop1984.com/

  • 4.9 Special Services

  • Other services than the www.

  • 4.9.1 Usenet

  • Giganews Newsgroups

    The normal port for newsservers 119 is usually blocked, so you have to access the usenet via a different port. If you only sometimes want to read some very common newsgroups you can easily visit them via free web-based newsservers like http://groups.google.com/ or http://news.spaceports.com/. A lot of newsserver companies offer their services on a non standard port. Just ask them before signup. If you need access to a newsserver with your newsclient you have to subscribe to one of these newsserver-companies which allow access to their newsservers on an uncommon port:

    http://www.giganews.com/ - (ports 23 and 80 are working)

    http://www.easynews.com/ - (use their web-based newsserver or try the 'proxy.news.easynews.com' with port 21, 22, 23, 25, 53, 80, 110, 443 or 8080)

    http://www.newscene.com/ - (try the 'proxy.newscene.com' with the ports 20, 21, 22, 23, 25, 53, 80, 81, 110, 443 or 8080)

    http://www.supernews.com/ - (you can access their newsservers via any port you like)

    Note: all traffic is unencrypted, so you can access these newsservers, but the censors can easily monitor all your traffic! It would be more secure to use a SSH port forwarding.

    thanks to 'sshproxy' from the nocensorship mailinglist

  • 4.9.2 Games

  •  

  • 4.9.3 FTP

  • http://inebria.com/phpftp/

    http://www.angehrn.com/index.php?cat=28

    http://www2ftp.de/
    http://webftp.host.sk/

  • 4.9.4 Instant Messenger

    Instant Messenger are very popular. You have to register your nickname at one of the companies and download their software. Then when you are in the Internet you can start the software and log onto their servers. Since then you are marked as "online" and all your friends who know your nickname and get the same Instant Messenger can see that you are online and easily chat with you. Every of the 4 big players has its own software client which contains advertisments, spyware and is not compatible with other IM protocols. I recomment you to download Miranda, which is a open source Instant Messenger which is very small, without ads or spyware and working without installation. It works great with every IM protocol, even at the same time. http://miranda-im.org/

  • 4.9.4.1 ICQ

    ICQ is the oldest and most used Instant Messenger. There are many different clients out there. They normally all connect to login.icq.com:5190 via TCP in both directions. But the server accepts connections on all ports. The Java version can be started here: http://go.icq.com/. With this, you will normaly connect to iht-d01.icq.com (205.188.213.0) on the normal http port 80. At "Settings" you can also choose a different port.

  • 4.9.4.2 MSN Messenger

    messenger.hotmail.com:1863 - Since there isn't an official web-based client out there you have to try the services from different companies. You give them your password, so you have to trust them! And ask Microsoft to introduce a web-based client here: http://messenger.msn.com/support/contactus.asp?client=1 http://www.mister-i.com/i-mode/messenger.jsp (i-mode, after 3 days it costs $) or http://kickme.to/msnmessenger2go (he's still working on it) http://www.messengeradictos.com/index.php?accion=messengeronline (spanish with activex) http://odigo.org/features/express.html (the odigo client online, works well) http://messenger.lycos.co.uk/messenger/index.jsp (lycos messenger, works with msn and yahoo)

  • 4.9.4.3 AIM

    login.oscar.aol.com:5190 Accepts connections on all ports. There are 2 official web clients: The old QuickBuddy: http://toc.oscar.aol.com/ and the newer AIM Express: http://toc.oscar.aol.com/aimexpress/index.html

  • 4.9.4.6 Yahoo Messenger

    cs.yahoo.com:5050 or cs.yahoo.co.jp:5050 Can be accessed online via: http://messenger.yahoo.com/

  • 4.9.5 Filesharing Programs

    Gnutella (decentralized) - BearShare, Gnucleus, LimeWire, new Morpheus

    FastTrack (commercial, with Server) - KaZaA, KaZaA Lite, Grokster, old Morpheus

    eDonkey2000 (lots of servers, uses mainly port 4662) - eDonkey2000, Overnet, eMule

    OpenNap (lots of servers) - FileNavigatior, WinMX, Rapigator, TekNap, audioGnome, XNap


  • back to top

    5. Howto publish information

    The one think is to access information that is already censored, but the other challenge is to publish own information that can't easily be censored. Here you can se my ideas on how to avoid censorship:

    More info: http://www.wired.com/news/technology/0,1282,5778,00.html


    back to top

    6. Appendix

  • 6.1 Links

  •  

  • 6.1.1 Other bypass tutorials

  • http://galileo.spaceports.com/~simeon/censorship-evasion.html
    http://www.angelfire.com/my/6waynes/
    http://www.ijs.co.nz/proxies.htm
    http://sethf.com/anticensorware/

  • 6.1.2 Other sites about Internet censorship

  • http://cyber.law.harvard.edu/filtering/
    http://www.opennetinitiative.net/oni/ice/
    http://peacefire.org/circumventor/
    http://www.free-market.net/directorybytopic/censorship/
    http://www.stop1984.info/
    http://www.cmis.csiro.au/projects+sectors/blocking.pdf
    http://www.topology.org/net/censor.html
    Mailinglist: http://lists.efa.org.au/mailman/listinfo/stop-censorship - (Discussions about censorship in Australia, english)
    Mailinglist: http://www.freelists.org/webpage/nocensorship - (How to beat censorship and proxies. Very good!)
    http://www.vicnet.net.au/community/issues/censorship/
    http://ch.dmoz.org/Society/Issues/Human_Rights_and_Liberties/Free_Speech/The_Censorship_Debate/Internet_Censorship/
    http://ch.dmoz.org/Computers/Software/Internet/Servers/Proxy/Filtering/Getting_Around_Filters/
    http://ch.dmoz.org/Computers/Software/Internet/Servers/Proxy/Filtering/Censorware/
    http://ch.dmoz.org/Computers/Software/Internet/Clients/Filtering/
    http://ch.dmoz.org/Reference/Libraries/Library_and_Information_Science/Intellectual_Freedom/Filtering_Software/

  • 6.1.3 Where to get proxies
  • http://tools.rosinstrument.com/proxy/
    http://www.samair.ru/proxy/
    http://www.atomintersoft.com/products/alive-proxy/proxy-list/
    http://www.steganos.com/software/anonproxylist.sia
    http://www.zensur.freerk.com/list.txt
    Via autoresponder from list.txt@zensur.freerk.com
    http://www.proxyblind.org/phpBB2/ (Very good!)
    http://www.samair.ru/f/ (Very good!)
    http://www.freeproxy.ru/download/lists/goodproxy.txt


    back to top

    TO-DO-LIST:

    Voice-over-IP

    Bildung von Untergrund-(Inter)Netzen in Deutschland (GAMEnet etc.) http://www.personaltelco.net/ WLAN
    dIRC (ChaosComputerCongress 1997) und Abwandlungen

    http://www.guardianet.net/

    http://www.w3.org/PICS/

    http://www.peacefire.org/bypass/Proxy/akamai.html

    web-2-phone: http://www.teletrust.info/, http://www.ecommercetimes.com/perl/story/3380.html

    ssh as a redirection server
    rinetd as a redirection server
    junkbuster
    http-gw
    VPNs
    stone as both a redirector and a proxy
    running a Perl proxy

    often used non standard ports: 20, 21, 22, 23, 24, 25, 81, 82, 83, 84, 443, 1128, 2000, 5000, 6000,
    6588, 7070, 8000, 8001, 8002, 8003, 8040, 8081, 8082, 8084, 8090, 8888, 8965, 9080, 9081, 10080, 22788

    http://www.arbornet.org/projects.html
    telnet m-net.arbornet.org

    http://www.cyberspace.org/
    telnet cyberspace.org

    http://www.ductape.net/
    telnet ductape.net

    http://sdf.lonestar.org/
    telnet sdf.lonestar.org

    http://www.nyx.net/
    telnet nyx.nyx.net

    http://www.suburbia.com.au/
    telnet suburbia.com.au (SSH)
    telnet suburbia.com.au 2323 (telnet)

    http://www.saunalahti.fi/~aekman/taboom/free_shell.html
    http://www.freebelt.com/freeshells.html
    http://www.geocities.com/SiliconValley/Way/2183/freeuspl.html
    http://www.leftfoot.com/free-shell.html

    faxabruf

    web.de answering machine0049-1212-552489659

    softhome.net: free email with smtp server mail.softhome.net:2500 and mail.softhome.net:25000

    url hiding with ascii, hex, oktal e.t.c codes.


    This link is for bad machines only, uninteresting for humans: You are not supposed to click here