Internet filtering is a set of techniques that censors use to try to prevent Internet users from accessing particular content or services. Network operators can filter at any point in a network, using a wide variety of technologies, with varying levels of accuracy and customizability. Typically, filtering involves using software to look at what users are attempting to do and to selectively interfere with activities that the operator considers forbidden by policy. A filter could be created and applied by a national government or by a national or local Internet access provider.
There are four common sorts of filtering you should be aware of.
URL Filtering
One way for countries and other entities to block access to information on the Web is to prevent access based on the URL -- either the entire URL or some part of it. Internet censors often want to block specific Web domains in their entirety, because they object to the content of those domains. They can block domains either by name or IP number. Sometimes, authorities are more selective, blocking only certain subdomains in a particular domain, while leaving the rest of the domain accessible. For example, they might filter only the subdomain news.bbc.co.uk, while leaving bbc.co.uk and www.bbc.co.uk unfiltered. Similarly, they might want to filter out specific types of content, even if they allow access to the rest of the domain hosting those pages. One way is to look for a directory name, such as "worldservice" to block out BBC foreign language news at bbc.co.uk/worldservice, without affecting the English language Web site. They can even block specific pages based on page names, or search terms in queries, that suggest offensive or undesired content.
DNS Filtering
When people use the Internet to communicate, they generally use domain names such as "somewebsite.com" rather than numeric IP addresses, particularly for Web browsing. However, when computers communicate over the Internet, they require numeric addresses for navigating. When you enter a domain name in a Web browser, the first thing the Web browser does is to ask a DNS (Domain Name System) server, at a known numeric address, to look up the domain name and supply the corresponding IP address.
If the DNS server is configured to block access, it consults a blacklist of banned domain names. When a browser requests the IP address for one of these domain names, the DNS server gives a wrong answer or no answer at all.
Without the IP address, the requesting computer cannot continue, and displays an error message. Since the browser does not get the Web site's IP address, it is not able to contact the site to request a page. The result is to block all pages under a domain name.
Alternatives for circumventing DNS filtering are:
- Access the desired content from another site with a different domain name.
- Asking a different DNS server for the address. This can be done for a single domain or permanently by using a free DNS server or running your own DNS server.
- Finding the numeric address published somewhere.
- Send the query through a different site that is not blocked. E.g, a web proxy or the cache of a search engine.
IP Filtering
When data is sent over the Internet, it is divided into segments and put into packets. A packet contains both the data being sent, and information about how to send it, such as the IP addresses of the computer it came from and the one it should go to. Routers are computers that packets pass through on their way from a sender to a receiver, in order to determine where to go next. If censors wants to prevent users from accessing specific servers, they can configure routers that they control to "drop" (not transmit) data destined for IP addresses on a blacklist or to return an error message for them. Filtering based solely on IP addresses blocks all services provided by a particular server, such as both Web sites and e-mail servers. Since only the IP address is inspected, multiple domain names that share the same IP address are also blocked, even if only one is prohibited.
To circumvent IP filtering, it may be possible to access the desired content elsewhere, or to route requests through sites not subject to blocking.
Port blocking
Ports are like numbered doors in a building, each leading to a different room or suite. On a computer, ports are also numbered: the well-known standard port numbers are from 0 to 1024, but others can go up to 65535. Each numbered port normally offers a specific service (for example, web access or e-mail) on a server or PC. When one computer requests access to a particular type of service on another computer, it specifies a port number for the request. The computer providing the service "listens" for requests that use a particular port number.
Blacklisting individual port numbers restricts access to individual services on a server, such as Web or e-mail. Common services on the Internet have characteristic port numbers. The relationships between services and port numbers are assigned by IANA, but are not mandatory. These assignments allow routers to make a guess as to the service being accessed. Thus, to block just the web traffic to a site, a censor might block only port 80, because that is the port typically used for web access.
The most direct method for circumventing port blocking is to use non-standard ports to provide standard services. Users must have some system knowledge to take advantage of this, in order to configure Web browsers or e-mail clients to use the non-standard ports. Other methods of accessing the content include accessing the same or similar services on other cooperating servers, or accessing the blocked servers through a non-blocked location.
Why This Matters
These censorship techniques depend on the working of different parts of the Internet structure described above. You should have some understanding of whichever of them applies in your situation. If you wish to create an unblocked server outside the location doing the blocking, you will need more detailed information.
