From: lu Date: Thu, 9 Jan 2014 15:13:37 +0000 (+0100) Subject: upload X-Git-Url: https://nos-oignons.net/gitweb/censorship-poster.git/commitdiff_plain/3db74a81fd31f6a88808953797b295f6926176eb?ds=sidebyside upload --- 3db74a81fd31f6a88808953797b295f6926176eb diff --git a/censure-infographic.svg b/censure-infographic.svg new file mode 100644 index 0000000..242eebf --- /dev/null +++ b/censure-infographic.svg @@ -0,0 +1,25439 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + PTP or BitTorrent for file sharing XMPP for instant messaging www.EXAMPLE.COM ? 192.2.0.10 It can be: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Nodes in the network exchange data through standardised languages called PROTOCOLS + + These type of addresses comes from IPv4. The address size is now too small and no new networks can be added since 2011. IPv4 is slowly being replaced by IPv6 which was designed with enough space for everybody. IPv6 addresses look like 2001:db8:2d0:200::10. + + + + + + + + + + + Graphics: Herdabud CC-BY + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Since IP addresses are hard for humans to memorise, there is a directory protocol: (Domain Name Sysem) allows Internet users to get an IP address from a name like www.example.org. When you type an address in your browser, your computer sends a request to a DNS server... which sends you back the IP address of what you are looking for Your computer will then send data, sliced in packets. Each packet contains the destination address and is simply sent to the nearest This router will then pass the packet to another router, deemed closer to the destination. Data will go through several routers before reaching the server. The server replies will come back in a similar fashion. Each usage of the network often goes with its own protocol. A few examples: + + + + + + + + + + + + + + + + + HTTP to retrieve web pages SMTP, POP3 or IMAP for email H.323, IAX or ICP for VoIP phone calls PTP or BitTorrent for file sharing XMPP for instant messaging + + + + + + + + + + + ect... + WATCH OUT + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Given the structure of the internet, censorship can happen at different levels + At the local network level, there could be a firewall between the network and the InternetUsually a firewall is used to stop malicious software from entering the local network, but it can also be used to filter communications between the local network and the Internet + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + > Parental controls preventing children from accessing age-inappropriate content > A company not wanting its employee to waste time on activities they are not paid for + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + > An Internet café wanting to avoid disapproved uses of the Internet + + From the ISP standpoint, communication can be limited + > for network management reasons (one can choose to give priority to some protocols over others) + > to avoid misuse (sending spam for instance) > in response to requests by authorities of the concerned area + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Your computer is connected to a local network (LAN), via Ethernet or wi-fi... which is connected to the network of your Internet Service Provider (ISP)... which is connected to the network of other ISPs or directly to the internet backbone (the major international and intercontinental lines) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Censorship on the internet and how to get around it + As its name indicates, the Internet is a network made of interconnected networks To understand how it happens, one must have the structure of the internet in mind. of the Internet in mind + For instance, the (Internet Protocol) defines the format of the computers' addresses on the network. An IP address consists of four digits between 0 and 255, separated by points, for example 192.2.0.10 IP DNS + Router 192.2.0.10 www.example.com ? it can be: legal + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + No circumvention or anti-surveillance technology is a 100% safe. Both censorship and circumvention technologies change fast. If your Internet activities can put your life or others lives in danger: > Learn about the specific dangers of your own situation > Thoroughly inform yourself about circumvention means > Be careful about which information you communicate through the internet or other digital means + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + > We need to ensure that we are not connecting to a server which would impersonate our destination. This is done through authenticity “certificates”. Unfortunately the current system allows powerful adversaries (i.e. states) to create fake certificates. Using HTTPS still makes their job more complicated and gives a protection in most situations. > When using a proxy, browse websites using HTTPS as much as you can in order to limit what the proxy's administrator can see. WATCH OUT + + Most of them require paid subscription, but some are for no cost. VPN are used by companies and administrations and thus rarely censored. + + + + + + + + WATCH OUT > communications are only encrypted within the VPN tunnel and can be intercepted at its exit > the VPN administrator can watch over all your unencrypted communications + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + By using another computer: a proxy which will perform requests on your behalf. + Proxies are application specificFor the webTo use a proxy, enter its address in the browser's settings. You can now access the censored website. The filter only sees the connection to the proxy To use a proxy with other services, like chat or email, each address also has to be added to the settings. + + + + + + + WATCH OUT > Communications from the exit node to the visited website are not encrypted by Tor. Ensure that you are using HTTPS when doing anything sensitive.> The list of nodes in the network is public, the nodes can therefore be blocked. To circumvent censorship, traffic has to be disguised using Tor obfuscated bridges. + + + + + + WATCH OUT > The proxy administrator can monitor all your communications or be forced to do so.Only use proxies that you trust and do not use them for unencrypted sensitive information> A proxy will not prevent keyword-based filtering. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + www.facebook.com Back to work! + This was briefly the case in Nepal in 2005, as well as in Syria and Libya in 2011. Censorship can impact various points of the network with the help of + + + + + + + + + + + + + + + + + + + + + + + + Filters + filterYour network administrator can stop you from accessing a list of webpages URL + filterFor some addresses, a DNS servers doesn't send you back the right reply, but claims to face a technical problem. It can also intentionnally direct you to a different IP address DNS + filter A random router, your ISP's, or a main node in a country with a centralised network, ignores packets addressed to some specific IP addresses. IP + + Filter The problem with the three above-mentioned techniques is that the censor has to maintain a list of forbidden websites : a complicated task given the number of websites on the internet. He can then use software installed on routers to open passing packets and stop the ones containing special keywords. by keywords + + In case of exceptional events, people in power can simply decide to turn the internet off + + How to circumvent censorship? + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + In order to circumvent keyword-based filtering or prevent monitoring of your communications, you need to use a connection. HTTPS is an encrypted version of the HTTP protocol used to access web pages. Data are exchanged encrypted and can't be easily monitored. Your ISP or any router on the way knows which site you are connecting to, but not what you are doing with it. Not every website is reachable through HTTPS, but it is usually the case for most webmails, social medias and search engines. + + + + + + + + + + + + + + + + + + + + + + + + secure + + These kind of services do not only work with the web, but also with any other application, like email, chat or file transfers. + Tunnels or (Virtual Private Network) enable encrypted communication between your computer and another one located in a censorship-free zone from which you can reach the rest of the network. VPN + + + + + + + + + + + + + + Tor is a network of proxys within which all the traffic is encrypted. Tor can be used for different kinds of protocoles: web pages, email, chat... The Tor project offers a dedicated web browser (Tor Browser Bundle) that automatically uses Tor, it can be used from a USB flash drive and used in an Internet café for instance. The information flows randomly so that the nodes it goes through only knows the IP address of two other nodes - the one where the information came from and the one where the information goes to in the chain. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Tor and the Tor Browser Bundle are Free Software. No one owns them, their development process is transparent and their source code is available to everyone. They can be used and shared freely. Numerous organisations fight for digital freedom. Find more information about digital self-defense on their websites: + +