Phorm_282

Are BT & Sky Adopting Filters to Reboot Phorm?

Several years ago the UK Internet was tied up in an opt-in / opt-out battle about ISP proxies tracking your movements on-line to monetize advertising.

Now we have a new opt-in/opt-out battle but this time it is about ISP proxies tracking your movements on-line to prevent you seeing things you’re not allowed to see.

Could it be that the reasons the big ISPs rolled over so easily and implemented filters is that it provides them with a treasure trove of information about your browsing habits?

Notice how Phorm sit’s within the ISP network, masquerades as target domains and presents different content.
phorm

ISP filtering does similar things, they either spoof DNS responses to force you to goto their static block page or they manipulate routing within their network to route traffic destined for a remote host to a host within their network.

Technically there is nothing stopping them from doing other things with your traffic at this point. Are we to believe that having already silently tested Phorm on unsuspecting customers are they not capable of using this new found, Government instigated power to make some more money at the cost of your freedom and privacy?

Learning how to avoid Filters using tactics such as SSH Tunnels will render their filtering and monitoring moot.

Fight back.

gandi

The Possibility of a Legislative ban on Internet Filtering!

Oliver Wright at the Independent has just broken the news that Liberal Democrat President Tim Farron is going to propose legislation that enshrines the “digital rights of the citizen” which would include stopping “any requirement for opt-ins, opt-outs, filters, lists or controls on legal material”.

DigitalRightsOfTheCitizen.co.uk has been registered and we’re about to start a campaign to get people to write to their MP to help define the Digital Rights we as citizens deserve.

In the meantime give Mr Farron a shout on Twitter to say thank you!

digital_ocean

Building a SOCKS5 Proxy with a Digital Ocean Server to Bypass UK Internet Filters

This article is for use on a Linux/Mac computer (desktop / laptop etc). A Windows guide will be available at a later date.

If you don’t currently run Linux on your desktop I would strongly suggest it. Try Fedora or Ubuntu. If you don’t want to run Linux permanently but do want to try this method then a Live Boot CD of Fedora or Ubuntu (or any other Linux OS of your choice)  would be an ideal method.

Servers in datacenters are extremely unlikely to experience filtering so by tunnelling your connection through to a server you can browse the Internet without worrying if your connection is being restricted or surveilled.

IMAGE

Signing up with Digital Ocean

Navigate to www.DigitalOcean.com and click the Signup button at the top of the page. Enter an email address and a password. You may want to use an anonymous email provider such as Hushmail.com to protect your privacy and a strong password you’ve not used anywhere else. Important: The email address must be real as your server password will be emailed to you.

signupOnce logged in you’ll have access to the initial control panel;logged_in

Click get started which will take you to the billing page, you can either use a credit card (you may want to use an anonymous Visa / Mastercard, search online for keywords such as prepaid, anonymous etc) or PayPal.

Once your payment is processed and cleared (check billing for tracking your pre-paid balance if using PayPal) or refresh the droplets page to see the below;paid

Click Create Droplet!

Choose a friendly name for the server (aka Droplet), this name is not important feel free to use how-to.survivetheclaireperryinter.net if you want to. Leave the Size option alone (or if a larger size is selected change to to 512Mb/20Gb/1Tb as this is only $5 / £3 a month). For lower latency and a reduced chance of NSA eavesdropping choose an Amsterdam datacenter (not necessary but recommended).details1

Scroll down for more settings. For the purposes of this tutorial choose CentOS and then the latest CentOS version (currently 6.4) then click Create Dropletdetails2

After a few seconds of watching the following screen your server will be created and you should have received an email with your root password.building

Behold your new server, make note of the IP address at the top near the word active. In this case the IP address is 95.85.54.190completeCheck your inbox and you should have an email with the IP address, the user name (root) and your password. It’s very important you don’t write a blog post and publish your username and password because bad things will happen to your serveremail

 

Now we’re ready to create a proxy.

Testing the Proxy / Tunnel

Assuming you are logged into your Linux computer load up a terminal.terminal_1Type the following;

ssh -D 8080 [email protected]

Replace the IP address with your own. You’ll be informed that the authenticity of the host can’t be established which is true because you don’t know what the RSA key fingerprint is. You can choose to accept it and continue or be paranoid and bail. If you chose to continue you will be prompted for you password that was sent by email.terminal_2

Load up another terminal (or a tab) and type the following;

curl --socks5-hostname 127.0.0.1:8080 http://wtfismyip.com/json

You should see the following output indicating that your ISP is Digital Ocean.terminal_3

 

You could immediately configure your browser etc to use these settings but you should try and be a bit more thorough.

Configuring the Proxy / Tunnel for long term use

Exit all of the terminals opened in the previous step which will close all tunnels and SSH sessions and we’ll get started on making this a little more secure.

First things first is to change the root password from the one that was emailed to you. Load up a terminal and ssh in;

ssh [email protected]

Once logged in change the password with the passwd command. Ensure you use a different password to anything else you have.terminal_4The root user is the most powerful user on a Linux server and can delete anything and everything so you really don’t want to be using it for everyday tasks. For creating the tunnel we want to use a non-privileged user. To do this simply type the following (feel free to replace the name tunnel with your name or anything, it’s just a username and isn’t important);

useradd tunnel

Now change the password for this user by passing the username to the passwd command used earlier, make sure you use a strong password and one that isn’t that same as any of your others;

passwd tunnel

terminal_5

Load up a new tab on your local machine and try logging in as your new user;

ssh [email protected]

terminal_6

 

You’re now ready to setup a tunnel/SOCKS proxy you can use with your browser.

Exit all your terminals again and this time issue the command;

ssh -D 8080 [email protected]

In a new terminal check that the proxy is working by issuing the CURL command again;

curl --socks5-hostname 127.0.0.1:8080 http://wtfismyip.com/json

For this example I’m going to use Firefox but feel free to try it out with others. In the address bar type about:config, you’ll be presented with the following screen;

firefox_dragons

 

Assuming you are going to be careful click the button.

In the Search bar at the top type proxy, then look for the strings network.proxy.socks and network.proxy.socks_port, type in the values from the command above (127.0.0.1 and 8080). If your ISP filters DNS then you may want to toggle network.proxy.socks_remote_dns too (don’t forget to change your name servers!).

Finally change network.proxy.type to 1.

firefox_about_configTo test, simply load up a new Firefox tab and attempt to access a blocked page.

So there you have it, an easy way to get past any Web filtering and as an added bonus since your traffic is encrypted between your computer and your server in Amsterdam neither your ISP nor the UK Government can monitor it.

Traffic egressing the server can still be tracked and recorded. With the right combination of warrants and traffic capture at the Digital Ocean datacenter coupled with your home ISP logs illegal activity can still be traced back to you! Only use this to method to bypass filters,

Upcoming articles include creating a dedicated Raspberry PI proxy for use with multiple devices (phones, tablets, Windows PCs etc) and setup guides for other server providers. Make sure you follow @STCPI on Twitter for updates!

dns

Basic DNS Filter Evasion: HOSTS file

Background:

Various ISPs such as Sky and BT use DNS manipulation to spoof responses that forwards requests to their proxy server instead of the correct response.

Taking BT as an example a request for a blocked site has been seen to return an IP from within this netblock instead;

inetnum: 213.120.234.0 - 213.120.235.255
netname: BT-UKIP-IPV4-INFRASTRUCTURE
descr: POP
country: GB
admin-c: BS1474-RIPE
tech-c: BS1474-RIPE
status: ASSIGNED PA
remarks: Please send abuse notification to [email protected]
remarks: New netname
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
source: RIPE # Filtered

Sky commonly reports back with IPs from;

inetnum: 90.207.238.128 - 90.207.238.191
netname: SKY-IRONMAN-VIRTUALISATION-LAN
descr: Sky Network Services
country: GB
admin-c: BBH-RIPE
tech-c: BBH-RIPE
status: ASSIGNED PA
mnt-by: BSKYB-BROADBAND-MNT
source: RIPE # Filtered

Initial research indicates that even attempting to use 3rd Party DNS servers on some ISPs elicits a spoofed response which indicates that these ISPs are intercepting and monitoring ALL DNS queries you make. This presents a variety of concerns such as the accuracy of SPF, DNS-SEC or TXT responses but that’s a topic for another time.

Circumnavigation:

If you discover that you are getting faked responses and are unable to reach the correct webserver follow the steps below.

  • Get the A Record
    • Navigate to a website such as http://www.dnsstuff.com/tools
    • Look for the DNS Lookup tool
      dns_lookup
    • In the text box enter the URL you are trying to reach (e.g. www.google.com)
    • Select A from the record type
    • Submit the request and make a note of the IP address returned.
  • Edit the Hosts file
    • Windows
      • Start notepad.exe as an Administrator
      • Open C:\Widnows\System32\drivers\etc\hosts
      • Add the URL and the IP address in the format shown below;
        173.194.34.67 www.google.com
      • Save the file ensuring that a file suffix isn’t appended
    • Linux / Mac
      • Open /etc/hosts as the superuser with your editor of choice (vim!)
      • Add the URL and the IP address in the format shown below;
        173.194.34.67 www.google.com
      • Save the file ensuring that a file suffix isn’t appended
  • Testing
    • Load up a cmd prompt (Ctrl + R, type cmd, press return)
    • Type nslookup www.google.com
    • Ensure you receive the IP address you entered in the hosts file

 

If the ISP is using BGP filtering methods, Deep Packet Inspection (DPI) or a transparent proxy then this still may not work as they’ll detect traffic going to the blocked IP subnet and act accordingly.

Keep an eye on our How to Evade Blocks page and follow @STCPI on Twitter for more methods to discover and evade Internet censorship.

sky_block_torrent_freak

Publicity Leads to an unblock for TorrentFreak

2 days after TorrentFreak posted about Web filtering in the UK Sky has caved and admitted to yet another over blocking mistake and has recategorized torrentfreak.com so it is now reachable.

In the opening of their article the BBC clearly state that overblocking is affecting lots of other legitimate websites;

filters are intended to allow parents to ensure children cannot view adult content.

But the automatic blocking of all file-sharing sites meant that news site TorrentFreak and other legitimate sites were also blocked.

BBC

Whilst this is a victory for TorrentFreak.com there are still plenty of other site owners that may not know if they have been blocked and are losing revenue or being blocked from providing the help they are trying to provide.

Read the full story here: http://www.bbc.co.uk/news/technology-25638872

Censor Pages Allow Injection Attacks & Arbitrary URLs

Censor Pages Allow Injection Attacks & Arbitrary URLs

BT, Sky Broadband and Talk Talk have implemented opt-out Network level filtering for their customers.

The thing is, as well as overblocking websites that should not be filtered the ISPs have poorly implementated their block pages.

http://makeyourispblock.me/ was registered at 2am on the 22nd of December but due to the badly designed block pages it can be made to be shown as blocked.

Sky Broadband Block Page
BT Broadband Block Page
Talk Talk Broadband Block Page

GoAwayCameron Chrome Plugin Released

GoAwayCameron Chrome Plugin Released

An enterprising Computer Student from Singapore going by the name @nubela on Twitter has released a Chrome plugin that allows people to evade some of the ISP filters.

On his websites goawaycameron.co.uk he has published a mini FAQ and a getting started guide;

Will this work outside of UK?

Yes! This will work anywhere, and with any websites that are blocked by firewall, universities, workplaces, nanny filters, or well, censorship.

What is “Go away Cameron”?

“Go away Cameron”, or GAC, is a chrome extension that automates a private and smart proxy service to route your access around censorship so you can regain your access to your favourite blocked sites in UK.

Is it legal?

GAC is essentially a smart proxy service. And I don’t believe a proxy service is illegal.

Are you harvesting info?

No, no logs are stored.

Can you trace who I am?

No, I can’t even do that. Other from your IP address, which isn’t logged as well. But how can you know for sure? See my answer to the last question.

Is it safe?

It is even safer than you using any unknown Hotspot Shield, or surfing websites through the random web proxy (which you already am and needs no setting up in case you don’t know, thats how they block you from the websites). In fact, it is even FASTER. Because the server uses better international routing than your homeline internet. And most of the blocked websites are international.

Why do you need the permission to “access data on all websites?”

Because blocked sites lie on arbitrary urls! And I don’t have, nor will I ever can have, an exhuastive list of UK banned sites. What I can do is to merely detect whether the website returns you an error message saying UK blocked it. (This is when the extension kicks in). I think I have an at most 10line code that checks for this. I welcome you to check the code for this.

Why do you need the permission to “access tabs and browsing activity?”

Because I apply a private proxy (not public, so even safer) to your browser temporarily for you to be able to view the banned website. But because it is private, it needs to enter the username and password to the proxy. Which I don’t want you to manually enter, so I hijack the process and manually enter it for you. So thats why I need this permission so I can make it seamless for you. I promise I do nothing more than that.

What is your intention for making this?

3 reasons. One, It was a holiday project as I was learning Twitter bootstrap. Two, I enjoy my internet freedom, and urge all of you to never give that up, let alone to any government agencies. Three, I did have some blind hopes for it going viral.

@nubela

Well here’s to hoping it, and the reasons for needing it, go viral!

Install Go Away Cameron for Chrome

Update:

Mainstream news have picked up on the story:
http://www.wired.co.uk/news/archive/2013-12/23/go-away-cameron
http://www.telegraph.co.uk/technology/internet-security/10534618/Go-Away-Cameron-browser-extension-bypasses-UK-porn-filters.html
http://www.techradar.com/news/internet/-go-away-cameron-chrome-extension-nullifies-pm-s-porn-blockade-1210457
http://metro.co.uk/2013/12/20/go-away-cameron-browser-extension-lets-users-bypass-uk-porn-filters-4238809/

newsnight_BBC

BBC Newsnight exposes Filter Overblocking

As the four ISPs who are spearheading the ill-fated UK Internet filters are on the eve of rolling out their solutions the BBCs Newsnight program experimented the filters and unsurprisingly encountered distressing overblocking.

BT blocked sites including Sexual Health Scotland, Doncaster Domestic Abuse Helpline, and Reducing The Risk, a site which tackles domestic abuse.BBC

Let’s not forget that back in June Ms Perry dismissed concerns about overblocking as a “load of cock” and yet here is the BBC telling the world that at the behest of the UK Government our ISPs are preventing people from accessing help after being raped or having suffered from domestic abuse.

After being confronted by the errors the ISPs had the following to say for themselves;

Sadly there is no silver bullet when it comes to internet safety and we have always been clear that no solution can ever be 100%. We continue to develop HomeSafe and welcome feedback to help us continually improve the service.TalkTalk

We know that no one single technology currently provides all the answers. That’s why we have a quick and easy way for misclassified sites to be unblocked. Any Sky home has the ability to fully customise their filters.Sky

Categorisations are constantly updated to keep pace with changing content on the internet and we will investigate any concerns and make changes as necessary. BT Parental Controls can be customised to suit each individual family’s needs.BT

You can read the full article here.

440px-XDSL_Connectivity_Diagram_en.svg

Further Proof Claire Perry Doesn’t Understand What She Has Created

Not content with accusing bloggers of sponsoring the hack of her website Claire Perry has further demonstrated her lack of understanding of how the Internet and indeed her own filters are going to work.

Whether she is confused, isn’t concerned about the details or just hasn’t understood what it is she has done the fact remains that ISPs are interfering with your traffic after it has left your modem and entered into their transit network.

They are mis-routing packets, spoofing DNS and who knows what else all in the name of filtering.

wikipedia-logo-

Jimmy Wales: David Cameron’s porn filter idea is ridiculous and will fail

Wikipedia co-founder Jimmy Wales, one of David Cameron’s most high-profile technology advisers, has rubbished plans to introduce porn filters through the UK’s internet service providers, dismissing the proposals as “ridiculous” and saying money would be better spent on policing internet crime.

He went on further to say

We should be devoting a significant proportion of that to dealing with the real criminal issues online, stealing credit card numbers, hacking into sites … that is going to take an investment in real, solid police work.The Guardian

The ISPs hate the idea, consumers hate the idea and even the Governments own celebrity advisors hate the idea.

But they are going to go ahead, you know, for the children…