One of the simplest ways to censor the Internet is to create a list of acceptable sites that people can visit. If someone types a domain name not on the approved list, they won’t see anything but an error or warning message. The problem with this approach is that it’s impossible to stay ahead of new sites popping up. Adding each new acceptable website to an approved list is impractical. Instead, most Internet filtering programs accomplish their task by blocking certain Uniform Resource Locator (URL) addresses, such as http://www.playboy.com.

When a user types a URL address into a web browser, the filter compares it to a list of blacklisted addresses to which access is blocked. The filter might even alert the authorities to keep an eye on whomever tried to access the forbidden website.

Weak URL filters simply scan the URL address for incriminating words such as Playboy or CNN. Users can get around these filters by using the nslookup command to find the site’s numeric Internet Protocol (IP) address. Typing the IP address rather than the site’s descriptive URL can avoid matching the blacklist. Figure 11-1 shows an example of using the nslookup command through the KLOTH.NET site.

Figure 11-1. The nslookup command can convert a descriptive URL address into a cryptic numeric IP address.

So, instead of typing www.2600.com (the website of the underground hacker magazine 2600) into your browser, you could type in the equivalent IP address http://207.99.30.226. If the URL filter is smart enough to block the IP address of forbidden websites too, you can go one step further and convert each part of an IP address into its equivalent binary number:

String the numbers together and create one massive binary number:

Finally, convert this massive binary number into its decimal equivalent:

So instead of www.2600.com, you can just type http://3479379686 to load the very same web page. Most Internet filters will block the descriptive URL but not any of its numeric equivalents.

Internet censoring software often combines URL filtering with content filtering, which scans the words or phrases stored on a web page to decide whether it should be blocked or not. Content filters often scan for obvious words like sex or breasts, but each filter uses its own algorithm for determining how many times certain words can appear on a web page before it’s considered objectionable.

For example, blocking a web page just because it has the word breast on it may accidentally block a supermarket website that sells chicken “breasts” or a medical website that discusses “breast” cancer. As a result, content filtering alone is prone to errors, either letting questionable websites slip past or blocking legitimate ones altogether. (Beaver College in Pennsylvania actually had to change its name to Arcadia University after too many content filters blocked people from visiting its website.)

Content filtering is so unreliable that it may even block the websites of the very people who support such Internet filtering. In July 1997, a librarian named David Burt launched the now-defunct FilteringFacts.org website that advocated the use of filtering software in public libraries. Ironically, a parental control program named SurfWatch blocked his website, classifying it as an objectionable “Drugs/Alcohol” site, as shown in Figure 11-2. Apparently, in explaining the importance of using filters to block objectionable content, the FilterFacts.org website gave examples of certain trigger words. The content filters worked as designed and blocked FilterFacts when it found those words mentioned on the site.

Figure 11-2. SurfWatch blocked access to a website that supported Internet censoring.

No matter how much they are refined, content filters will never be 100 percent accurate. Here’s yet another example. In July 2002, WebSense, the publisher of an Internet filtering program, boasted that competing products allowed access to several prominent pornographic websites. So, users whose web access passed through those other Internet filtering programs would simply visit the WebSense site to get a list of those pornographic websites that their filters wouldn’t stop. What started out as a marketing ploy to discredit the competition turned into a regularly updated porn list that anyone who wanted to get around the filters could consult.

Perhaps the subtlest method of Internet censorship is DNS (or Domain Name System) poisoning. When you type in a domain name such as www.cnn.com, your computer sends this information to your Internet service provider (ISP), which in turn sends it to a DNS server. The DNS server matches the domain name with its numeric IP address and sends the web page to your browser.

DNS poisoning works like this. The ISP routes the user’s domain name request to a DNS server that returns an entirely different IP address than that of the actual website. If someone types in www.yahoo.com, the DNS server should return the valid Yahoo! IP address as 68.142.226.32. But if the DNS server has been poisoned, it will return whatever IP address the censor has associated with the www.yahoo.com domain name. This might be a message explaining that the requested website is blocked or a bogus website designed to look like the real thing.

By substituting a bogus site for a real one, censors can fool users into thinking they’re accessing forbidden sites when they’re really looking at fake ones. The substituted sites could even contain subtle revisions so users will think they’re reading forbidden news when they’re actually reading cleverly disguised propaganda. So, the next time you’re surfing the Web, keep in mind that someone could be manipulating the information you’re seeing, and you may never know it.

To get around DNS poisoning, configure your Internet connection to use a DNS server other than the one your ISP automatically uses. To get a list of DNS servers, visit ftp://ftp.rs.internic.net/domain/named.root or ftp://ftp.orsn.org/orsn/orsn.hint, or use one of the following noncensoring DNS servers:

To configure your Internet connection on Windows XP to use a different DNS server, follow these steps:

Another way to censor the Internet involves port blocking. As discussed in previous chapters, every computer on the Internet uses certain ports to send and receive information. For example, port 80 is used to receive web pages, the file transfer protocol (FTP) uses port 21, and email is sent using port 25. So to block file transfers and email, governments can just block ports 21 and 25. Users can then do anything they want—except transfer files or send and receive email, which is like saying prisoners have all the freedom they want, so long as they don’t want to walk beyond the prison walls. Figure 11-5 shows how port blocking can prevent a computer from accessing the Web or an IRC chat room.

To get around port blocking, you can use a technique known as tunneling. This essentially lets one port perform the functions of other ports.

Tunneling works by connecting to another computer, known as a proxy server, through whatever open port your computer can access. Figure 11-6 shows a computer tunneling through a firewall. Instead of sending FTP file transfers through port 21 or web page requests through port 80, the computer sends all this information through port 25, the only port allowed through the firewall. This information gets sent to a proxy server on the other side of the firewall, which then accesses the normal ports needed to transfer files via FTP (port 21) or access web pages (port 80). As far as the censoring firewall can tell, the computer is using only port 25.

Figure 11-5. A firewall can block certain ports to prevent access to web browsing or FTP file transfers.

Figure 11-6. Tunneling through a firewall to a proxy server can allow access to forbidden Internet services.

To detect firewall tunneling, some firewalls will not only block ports but also analyze the data going through their open ports, a process known as protocol analysis. Encryption can mask your data, but if a firewall doesn’t recognize any data flowing through its open ports, it may just block them altogether.

A map of countries that censor the Internet to at least some extent would probably cover just about the entire world, but three of the most prominent Internet censors are China, Saudi Arabia, and Cuba. Although few Americans believe that China’s communist government offers its citizens absolute freedom of speech, plenty of them (especially those in the White House) are still ignoring Saudi Arabia’s equally questionable record of censorship, human rights violations, and lack of democratic reforms.

The question isn’t just which countries practice censorship, or even how they do it, but why they do it. Specifically, what are governments afraid their citizens might see?

The Great Firewall of China

With one of the fastest-growing economies combined with an Internet-savvy, educated population, China has a problem. How do you let millions of people use the Internet for business while preventing them from using the same technology to protest the government? China’s answer has been simple: Create a Chinese-only Internet within the larger Internet, where all objectionable websites (such as CNN and the New York Times) are blocked.

To clarify its Internet policies, China’s Ministry of Public Security issued these guidelines, which were reprinted by Human Rights Watch (www.hrw.org):

No unit or individual may use the Internet to create, replicate, retrieve, or transmit the following kinds of information:

1. Inciting to resist or violate the Constitution or laws or the implementation of administrative regulations;

2. Inciting to overthrow the government or the socialist system;

3. Inciting division of the country, harming national unification;

4. Inciting hatred or discrimination among nationalities or harming the unity of the nationalities;

5. Making falsehoods or distorting the truth, spreading rumors, destroying the order of society;

6. Promoting feudal superstitions, sexually suggestive material, gambling, violence, murder;

7. Engaging in terrorism or inciting others to criminal activity; openly insulting other people or distorting the truth to slander people;

8. Injuring the reputation of state organs;

9. Other activities against the Constitution, laws or administrative regulations.

Notice that clauses 1, 2, 3, and 8 all refer to protecting the government (no surprise there), but clauses 5 and 7 would seem to prevent the government from issuing any form of propaganda of its own, which might distort the truth and slander governments of other countries.

Unfortunately, the above guidelines also give the Chinese government the right to loosely define acts of “terrorism” and “criminal activity” any way it chooses (just like every other government in the world), so someone could be considered a criminal for “inciting to overthrow the government or the socialist system” merely by discussing democratic reforms.

Although China’s Internet censorship may seem imposing, Chinese citizens still manage to access forbidden sites regularly. A New York–based site, Human Rights in China (HRIC; www.hrichina.org), claims dozens of hits each week from people inside China. Founded by Chinese scientists and scholars in March 1989, HRIC monitors the implementation of international human rights statutes in China and provides information about human rights for Chinese people both inside China and abroad.

Although the Chinese government can restrict access to particular sites from inside their country, it can’t screen the flood of email that crosses the Chinese borders every day. Exploiting this weakness, Chinese dissidents write and edit a weekly electronic magazine called Tunnel (www.geocities.com/SiliconValley/Bay/5598), sending their articles from inside China to a US email account from which the magazine is then distributed via email to readers in China. Using this method, the magazine hopes to prevent the Chinese government from identifying the writers and blocking the magazine’s distribution.

For more news about China’s censorship practices, visit VIP Reference (www.bignews.org), Epoch Times (www.epochtimes.com), or the Home for Global Internet Freedom (http://internetfreedom.org/gb).

One man, Bill Xia, founded Dynamic Internet Technology (www.dit-inc.us) to provide Internet service to users in hostile climates. Xia claims that his website (https://www.1.beijing999.com) can act as a proxy server, allowing Chinese users to access sites banned by their government through his own. (Until, of course, the Chinese government gets wise and blocks access to Xia’s site.)

Figure 11-7 shows Xia’s website. The middle of the page displays a text box where users can type the URL address of another site, such as www.dajiyuan.com.

Figure 11-8 shows the www.dajiyuan.com site, but notice that the browser is actually accessing this site through Xia’s site, as shown by the address https://www.1.beijing999.com/dmirror/http://www.dajiyuan.com/index.htm.

Figure 11-7. Users can launch Bill Xia’s website as a browser to view other websites.

Figure 11-8. When you visit other websites via Xia’s, you will still see his URL address (https://www.1.beijing999.com) in your browser.

Fortunately, most governments aren’t smart enough to censor the Internet on their own. But that doesn’t get in their way. Rather than try to develop filtering technology themselves, governments all over the world turn to American companies to develop the censoring technology they need to oppress their people.

According to the OpenNet Initiative, Saudi Arabia and Iran use filtering technology (SmartFilter) from Secure Computing, and Cisco Systems reportedly built a special $20,000 router and firewall box to help China Telecom filter the Internet. Nortel has allegedly sold voice and closed-circuit camera recognition software to China’s Public Security Bureau. Users of Microsoft’s China-based Internet portal can’t search for words including democracy, freedom, and human rights, and Microsoft’s Chinese blogging service, MSN Spaces, won’t let anyone use words such as Taiwan independence or demonstration. WebSense’s filtering technology has helped boost China’s censoring abilities. Even Yahoo! and Google have altered their search engines to prevent users in any country from uncovering anything forbidden when searching the Internet.

Yahoo! even helped the Chinese government identify journalist Shi Tao, who was accused of “divulging state secrets abroad.” Shi Tao had distributed the text of an internal Chinese government memo that warned Chinese journalists about the dangers of social destabilization from dissidents on the 15th anniversary of the Tiananmen Square massacre. For the crime of leaking this memo to foreign journalists, the Chinese government sentenced Shi Tao to 10 years in prison. If anyone at Yahoo! feels guilty about it, he hasn’t leaked an internal memo saying so.

The American government complains about human rights violations by other countries (except those oppressive governments currently friendly to the United States) even while American companies profit from the business of censoring and tracking dissident Internet sites and users. So, who is really doing the censoring? Is it the oppressive governments that block access to banned sites? Or is it the American companies that sell the technology that the oppressive governments use?

Blocking pornography is to be expected from a parental control program. What isn’t expected is the widespread blocking of many scientific, political, and innocuous sites due to one or two objectionable keywords. Here are some examples of what parental control programs have blocked in the past:

Parental control software isn’t perfect and has never claimed to be, but the comical mistakes it makes in blocking some websites illustrate the fluid nature of censorship in any form.

Perhaps the most controversial parental control program is CYBERsitter (www.cybersitter.com), which has blocked the websites of both NOW (The National Organization for Women)—www.now.org—and the Human Awareness Institute (www.hai.org), which runs workshops for personal growth focusing on love, intimacy, and sexuality.

Whereas most parental control programs allow sites to appeal a block, CYBERsitter seems to have constructed a wall of self-righteousness. For example, when NOW appealed its ban by CYBERsitter, Brian Milburn, the CEO of Solid Oak Software (CYBERsitter’s publisher) replied, “If NOW doesn’t like it, tough . . . We have not and will not bow to any pressure from any organization that disagrees with our philosophy.”

To demonstrate the arbitrary nature of parental control software, Peacefire ran an experiment to see whether certain content hosted on a personal web page would be treated the same as identical content found on the website of a large, well-funded and well-known organization.

The Peacefire researchers collected anti-gay quotes from websites of the Family Research Council (www.frc.org), Concerned Women for America (www.cwfa.org), Focus on the Family (www.family.org), and radio personality Dr. Laura Schlessinger (www.drlaura.com). Then they posted these anti-gay quotes on free websites and submitted the pages anonymously to the publishers of SurfWatch, Cyber Patrol, Net Nanny, Bess, SmartFilter, and WebSense.

All of the companies agreed to block some or all of the bait pages (because the pages met their criteria for “denigrating people based on sexual orientation”), at which point Peacefire.org revealed the sites that were the actual sources of these quotes. Not surprisingly, none of the publishers agreed to block any of the four originating websites, yet they continued to block the bait pages, even though the homophobic quotes were identical.

If you’re going to use a parental control program, learn what type of websites they block (and why), and decide whether you want to censor your children’s access using someone else’s criteria. If you don’t want a stranger to tell you what you can and cannot let your children see and read, would you want a parental control program to do the same thing?

For more information, visit Families Against Censorship (www.netfamilies.org) and the Censorware Project (http://censorware.net).

Blocking access to specific websites is easy. Scanning email to determine whether someone is sending or receiving banned information is much more time-consuming and labor-intensive. To exploit this flaw in most Internet filters, programmers have developed a way to retrieve web pages by email through something called a webmail server.

To read a website blocked by a filter, just send an email to a webmail server listing the URL address of the web page you want to see (such as http://www.cnn.com). Within a few minutes, hours, or days (depending on the server), you’ll get an email containing the web page as either plain text or HTML code, bypassing the filtering.

For example, you could email the [email protected] server with the following message:

In this example, the SEND field identifies the URL address of the web page you want to see. Basically, only two items are needed:

If you type any additional information, such as a signature at the end of your email message, most webmail servers will ignore them, but it’s best to strip them out just to make sure.

Here are some webmail servers and the syntax to put in the body of your message. Leave the subject line blank in all cases.

To learn more about setting up your own www4mail server to help others access the Internet using email, visit www4mail (www.www4mail.org).

For other services that let you retrieve web pages by email, visit one of the following:

An Internet filter may keep you from accessing a specific website, such as www.playboy.com, but it won’t necessarily block you from accessing a website that appears harmless. Once you’ve accessed this seemingly harmless website, you can use it as a browser to access banned websites, as explained in Port blocking in Port blocking.

To find a proxy server, visit Public Proxy Servers (www.publicproxyservers.com). You’ll then have to configure your browser to access that proxy server as shown in Figure 11-9.

Figure 11-9. The Firefox browser lets you define a proxy server and a port number to use for accessing different services.

Accessing a proxy server can skirt Internet filters, but information you send and receive from a proxy server can still be monitored. To protect your privacy, you can use one of the following to encrypt your information:

An Internet filter can still block the ports needed to communicate with a proxy server, however, so many will use a seldom-used port instead. To find a list of proxy servers that use uncommon ports, visit the Proxylist (www.web.freerk.com/proxylist.htm), which is updated weekly.

Internet censors may be suspicious of known proxy servers, but they are less likely to be suspicious of individual computers. Therefore, one way to help defeat Internet censorship is to turn your computer into a proxy server for others.

For example, the Peekabooty Project (www.peek-a-booty.org) lets anyone run a program to link his individual computer to the Peekabooty network, which consists of individual computers scattered all over the world.

When somebody wants to access a banned website, he can connect to the Peekabooty network, which selects a computer out of its network at random. This computer then grabs the requested web page and sends it back to the user.

Peacefire offers a similar program, dubbed Circumventer. Once you install Circumventer on your computer, you’ll get a URL address that you can give to anyone trapped behind an Internet filter (someone in Saudi Arabia or Burma, or just a kid with a copy of NetNanny or CyberPatrol on his computer). That person can then browse the Internet through your computer.

For greater security, try the Six/Four program (http://sourceforge.net/projects/sixfour) or JAP Anon Proxy (http://anon.inf.tu-dresden.de/index_en.html), which is shown in Figure 11-10. JAP encrypts your information and mixes it through multiple servers so no one, not even the servers, knows which information is being sent to which computer.

Figure 11-10. The JAP Anon Proxy program visually displays your anonymity level on the Internet.

Sometimes access to the Internet isn’t as important as posting information there anonymously. If you want to share information with others online, but want to keep your identity secret, do it at FreeNet (http://freenet.sourceforge.net).

If someone living under an oppressive dictatorship tries to contact people through the Internet, his communication may be monitored and he may be punished. So rather than communicate in plain sight, he can hide a message inside an ordinary graphic file (known as steganography) and post this GIF image on an approved website that anyone can access.

When users access this approved website, all they’ll see is an ordinary GIF image, but if they access this same site using a program called Camera /Shy (http://sourceforge.net/projects/camerashy), Camera /Shy will automatically detect and retrieve the messages buried inside the graphic image.

Of course, access to a banned book doesn’t solve all of the problems. You can still get in trouble if someone catches you reading a banned book on your computer screen.

To disguise what you’re reading, use a program such as AceReader (www.stepware.com), as shown in Figure 11-12, which displays the entire text of an ASCII document across your screen in large letters, one word at a time, at speeds up to 1,000 words per minute, so that it’s virtually impossible for anyone to recognize what you’re reading at a glance. With this program, you can read the ASCII text of a book that your parents, school officials, or government authorities don’t want you to read, right in front of their eyes without their ever knowing it. (Just make sure they don’t find the ASCII text file on your hard disk.)

Sometimes you may want to browse the Internet, but your boss, parent, teacher, or other authority figure feels otherwise. Rather than sneak a peek at a website and risk having your browser window give you away, try running Ghostzilla (www.ghostzilla.com) instead.

Ghostzilla is a browser, based on Firefox, that can appear within the window of another program, such as Outlook Express, as shown in Figure 11-13.

With another program window open, move the mouse pointer to the left side of the screen, then to the right, then back to the left again, and up pops Ghostzilla in the currently active program window. Now you can browse the Internet all you want. The moment someone peeks over your shoulder, click the mouse outside the Ghostzilla display, and your normal program pops back into view. As long as no one’s otherwise monitoring your activities, you can safely view the Internet while appearing to be doing something else.

Figure 11-12. The AceReader program flashes text on the screen so you can read an entire novel one word at a time.

Figure 11-13. Ghostzilla lets you secretly browse the Internet within the window of another program, such as Outlook Express.