Bulletproof privacy in one click
Discover the world's #1 privacy solution
Coming soon
Coming soon
Coming soon
There’s nothing more frustrating than trying to access something that you need, only to be told that you can’t have it for some arbitrary reason. And more often than not, attempting to get around such blockages is frowned upon, or even illegal in some authoritarian countries.
Defeating such censorship isn’t always easy. There are many tools that are used to block websites and apps, so sometimes it’s difficult to know what the culprit really is. It might be a corporate policy, using commercial firewalls and content filtering to keep you away from certain things. It could be a regional policy, drawing on a broad agreement between the government and Internet providers to disallow access to certain topics. Or it could be a prejudicial policy, with governments attempting to restrict information so that only certain classes of people can see it.
Whatever the case, using a proxy to access the restricted information is a dead giveaway. Your traffic will not be encrypted, and the evasion attempt will be out in the open for all to see. So what’s the secret to unlocking a website without a proxy server to help you out? Read on.
If you find yourself in this situation, there are probably some serious consequences for getting caught. Otherwise, there are a ton of methods to try: Using IP addresses against primitive domain blocks, trying country-specific mirror sites, using a cached version of the site or a web archive, using a site that translates a web page and re-serves it to you.
But assuming that there are penalties for accessing the blocked content, we need to make sure that you don’t get caught. So at a minimum, we need to fool those who are watching your actions.
In ideal circumstances, the first step is using some level of encryption. If your business, ISP, and the government can literally read a log of everything that you’ve did in the clear, you’re going to get caught. So using some form of encrypted tunnel is key. We’ll talk about privacy software that can provide such a service later in the article.
But what about places where using encryption is outlawed? There are places in the world, and paranoid companies of course, that ban any encryption that they can’t instantly break. Other places simply ban all encryption by non-government entities. What do you do when the mere presence of encryption is a possible jail sentence?
It’s risky, but there are some methods of misdirection that might work. It depends on how deeply your activity is monitored, and what sets off their alarms.
For example, converting a website to a PDF without ever visiting it might be a workaround, if PDF downloads aren;t monitored. This is only a fix for static information, but it can be effective. Make sure that the site you use is doing all of the conversion on the server side, and then simply offering you a download link. Assuming your PDF usage isn’t being strictly monitored, this might be a good workaround. Make sure you use the site for all sorts of ‘innocent’ websites as well, so you have an excuse for being there. Your restricted information will, hopefully, get lost in the background noise of the other sites you’ve downloaded as PDFs.
One way to leverage encryption and misdirection to unlock a website without a proxy is to use a satellite network. Many centralized monitoring methods will fail if the victim isn’t using a traditional ISP. There are significant fears that services like Starlink will get around restrictions in places like China, Russia, and the like. Note that this can only be used on untouched devices. If a country demands that you install a root certificate on your device, or a company uses any kind of spyware or browser monitoring on corporate devices, you can still be caught. The device needs to be 100% secure from the start in order to leverage alternative networks, and even then there are ‘active’ ways to ferret out things like satellite dishes. Be careful.
Some people think that using a VPN to get to restricted content is the magical solution. But they couldn’t be farther from the truth.
One of the reasons why many VPNs are walking back their privacy claims is that they can do nothing about device and browser fingerprinting. This is a method that uses device context clues and browser properties to identify individuals that are trying to remain anonymous.
A VPN simply encrypts your traffic and sends it down the line. It doesn’t try to hide the details of your browser, your device, or your script interactions. So although your ISP can’t directly look at your activities, anyone on the ‘far end’ can potentially identify you uniquely. To see this in action, check out AmIUnique.
Once your fingerprint is identified, apps and websites can easily track you by sharing information via advertisers, government entities, or directly with other companies. They can narrow down your real identity with a ton of different methods: Social media tracking, language habits, website registration information, you name it. Eventually, if you get fingerprinted, you’ll be caught.
Unlocking a website without a proxy is much easier with the right tools. A true privacy app utilizes private network resources to create an encrypted, Cloud-based proxy that acts as an abstraction layer. This means it isn’t your computer or device doing the browsing. Instead, a remote system does it for you and streams the results back to you.
So browser fingerprinting doesn’t work on a true privacy app. IP addresses are all obscured. The websites and servers on the far end have no idea what OS, browser, screen size, drivers, or hardware you’re really using. All they know is some tiny Linux virtual machine in the Cloud is accessing their site. And the parameters of the VM can be shifted around randomly, so it can’t be tracked, because the end result is interpreted and accurately streamed back to the user no matter how strange the settings seem to be on the Cloud machine.
An example of this in action is the Hoody app. They use something called Phantom Browsing to set up that abstraction layer. Their network is entirely private, spanning several countries so they can have options for a lot of different exit nodes. Best of all, browser requests get fired through multiple nodes at the same time. This allows Hoody to track the fastest response times, and the least censored results. The slower connections and censored sites are ignored for the duration of the session. This can result in speeds up to three times faster than normal, leaving VPNs in the dust.
The only weakness here is if the government or private organization bans the use of all private networks. Then the mere act of accessing an encrypted network (Hoody, a VPN, Tor, or another peer-to-peer encrypted network, etc.) could be considered illegal. In those cases you’ll have to combine the use of a privacy app with a clean device and a satellite network. There’s still risk involved, of course. If they find the satellite dish or detect bidirectional wireless communication that they haven’t authorized, you’re busted. But it’s still the best bet in a dire situation.
The measures that you take are going to depend on the consequences of getting caught, and the levels of censorship and monitoring that have been inflicted upon you. If there are no real consequences, you can try a lot of different things. But if jail time is a possibility, or if the situation is life or death, then you shouldn’t take half measures.
Getting off the normal grid and using a reliable privacy app are both very reasonable measures to take. Unlocking a website without a proxy takes a little bit of extra effort. But if your safety and privacy are on the line, it’s worthwhile.
Will is a former Silicon Valley sysadmin and award-winning non-functional tester. After 20+ years in tech, he decided to share his experience with the world as a writer. His recent work involves documenting government hacking methods while probing the current state of privacy and security on the Internet.
Chapter 14: IoT Hacks
Dive into the unsettling world of government-controlled GPS tracking!
Trash Talk: How your garbage can be exploited by hackers, law enforcement, and government agencies
It’s time to uncover how government surveillance gets personal.
Discover the world's #1 privacy solution
Coming soon
Coming soon
Coming soon