Independent Iranian media have reported that “elements within the government and the Revolutionary Guard provide support to a number of VPN sellers,” according to a 2014 report from Small Media. “Reports hypothesize that this is a mutually profitable arrangement; lining the pockets of officials at the same time as it allows VPN sellers to continue in their work without the threat of state interference.”
BBC Persian journalist Hadi Nili says that not only do Iranian authorities sell VPN accounts, the Iranian government even uses VPNs in order to protect their own connections.
Using the Turk Telekom looking glass we can see that AS9121 (Turk Telekom) has specific /32 routes for these IP addresses. Since this is the most specific route possible for an IPv4 address, this route will always be selected and the result is that traffic for this IP address is sent to this new bogus route.
Sky regularly pull IP addresses listed on our DNS servers and adds them to their block list. This block list is then used by an advanced proxy system that redirects any requests to the blacklisted IP addresses to a webserver that the ISP owns which returns a blocked page message,” YIFY explains.
Therefore, when YIFY began using CloudFlare servers in Australia, Sky pulled these IP addresses and blocked them in the mistaken belief that they were YIFY’s. Since Imgur uses the same IP addresses, Sky’s automated blocking took the site offline, to the huge disappointment of countless customers.
The English High Court (the highest civil court) has blocked the publication of a scientific paper that would have revealed the full details of a zero day vulnerability in Volkswagen’s immobiliser mechanisms – the temporary injunction against publication has been granted to stop the publication of “Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer” – due to be presented at a Usenix security conference.
The pornography filtering system praised by David Cameron is controlled by the controversial Chinese company Huawei, the BBC has learned.
Customers who do not want filtering still have their traffic routed through the system, but matches to Huawei’s database are dismissed rather than acted upon.
China Unicom, one of the biggest telecoms providers in the country, is now killing connections where a VPN is detected, according to one company with a number of users in China.
GFW is not perfect, however. Some Chinese technical professionals can bypass it with a variety of methods and/or tools. An arms race between censorship and circumvention has been going on for years, and GFW has caused collateral damage along the way.
VPN (virtual private network) and SSH (secure shell) are the most powerful and stable tools for bypassing all surveillance technologies, although the basic ideas are the same as with the aforementioned tools: proxies and encrypted channels. The only difference is that VPN and SSH depend on a private host (or virtual host) or an account outside of China, instead of open, free proxies. Only technical professionals are able to set up such hosts or accounts, and most of them are not free. Commercial or public VPN services will be blocked by IP address and/or domain names if they are popular enough. In fact, the domain names *vpn.* are all blocked (such as vpn.com, vpn.net, vpn.org, vpn.info, vpn.me, vpn.us, vpn.co).
In October 2011, ticket #4185 was filed in the Tor bug tracker by a user in China who found that their connections to US-based Tor bridge relays were being regularly cut off after a very short period of time. At the time we performed some basic experimentation and discovered that Chinese IPs (presumably at the behest of the Great Firewall of China, or GFW) would reach out to the US-based bridge and connect to it shortly after the Tor user in China connected, and, if successful, shortly thereafter the connection would be blocked by the GFW. There wasn’t time for a detailed investigation and analysis at the time, but that kernel eventually grew into the investigation detailed below. We were, however, able to determine that limiting connections to the bridge relay to only the single IP expected to be its client would, in fact, block the probes and allow the connection to remain open for an extended period (>48 hours in our testing).
Wilde was able to find that the method the firewall was using to identify which sessions to go after had something to do with the list of SSL ciphers contained in the SSL packet the client sends at the beginning of a session. By changing that list, he was able to evade the blocking of the Chinese firewall. More long-term solutions are in the works, as well, including password protection for bridge relays and the establishment of another layer on top of the session that simply looks like binary data.