How the Governments Take Away Your Internet Freedoms. VPN Blockade and How You Can Fight It
Updated on July 13, 2021: From now on, traffic filtering, malware protection, and suspicious DNS activity blocking are available as a part of the separate DNS Firewall app.
VPN blockades have been a hot topic lately. It’s difficult to browse news websites without stumbling upon yet another article about Russia or China everlasting campaign against VPN providers. But what is the story behind the governments’ assault on VPN’s? How do they know you’re using VPN? How can an individual bypass the blockade? Find out in this piece.
Brief history lesson
One of the first major crackdowns on VPN’s happened in Syria after the 2011 uprising. Its government activated DPI to target the most popular VPN protocols and prevent the Syrians from accessing resources the government considered “extremist” and “destabilizing”.
The next big strike occurred in Iran in 2013. All non-government sanctioned VPN’s have been blocked prior to presidential elections. Obviously, it was officially explained as an attempt to “prosecute users who are violating state laws”.
Next on our list is the UAE. This country has had a long history of internet censorship, but it was in a 2016 amendment to a 2012 cybercrime law that they have targeted VPN’s specifically. Since then, using VPN is only legal for companies or banks to access internal networks. But using such service to enter restricted websites or to access apps and programs not permitted by Regulatory Authority will get you in trouble.
Overall, 2016 was the year when governments got used to a practice of VPN crackdowns. For example, during the November unrest in Turkey certain VPN’s were banned (though VPN’s in general are still legal there).
But of course, the most interesting part of the story begins in 2017. First, China and its government’s attempts to make the so-called Great Firewall even more impenetrable. Within the summer, Chinese regulators ordered ISP’s to start blocking access to VPN’s. Then, Apple has made its infamous move of deleting VPN’s that did not get the regulator’s approval from its Chinese store. Apple’s Tim Cook explained this decision by the need to comply with Chinese officials’ demands.
Just as the internet has been discussing the possibility that Chinese leaders will claim complete control over its citizens online lives, yet another huge announcement from the East came. Now it was from Russia. It turned out that the State Duma adopted a bill that requires ISP’s to block websites of VPN service providers. Their reasoning was to prevent “extremist materials” from spreading. And we have a feeling that this story is still far from conclusion, so we should expect other groundbreaking news from these fields in the future.
And finally, a wrap-up of the latest news from three states at once – Palestine, Vietnam and Indonesia. Last month saw a huge increase of censorship in said countries. It comes in the form of laws against creating and sharing information that is deemed dangerous by the authorities. For example, according to Addameer from the prisoners’ rights group, the new law could mean hundreds of dollars and prison time for someone “watching Game of Thrones using a VPN”. However, the exact scope of the crackdown is yet to be defined and will probably take some months, so we’ll follow the news and will keep you updated.
So what exactly does it take to block a VPN from being used? Well, there are numerous methods for this. Today we will only cover some of the most popular.
The first and the most clumsy way is to block certain internet ports that are commonly used by VPN developers. This is the method usually exploited by companies’ system administrators when they must restrict workers’ access to a VPN or other specific services. It’s highly inefficient for two reasons. First, it blocks ALL the services that might need to operate the chosen port, even legit ones. Second, port block can be easily bypassed by simply transferring the executable operations of a VPN to another internet port.
The second method (and the one that’s most widely used by governments) is called Deep Packet Inspection. By Wikipedia, DPI is “a form of computer network packet filtering that examines the data part (and possibly also the header) of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions, or defined criteria”. So basically, it analyzes your traffic and searches specific markers which mean you are using a VPN. If a DPI software notice such markers, it can either prohibit you from proceeding, inform regulators about your actions, or both.
There are certain types of DPI software, depending on their capabilities and resource requirements. Different types are often utilized by governments to meet different goals. The cheaper ones to operate are the easiest to bypass, thus they usually target masses of less technically advanced VPN users. Whereas, the more expensive DPI’s are used later to fight with users who have circumvented lower-tier blockade.
The cheapest type of DPI software can only inspect domain name of websites accessed by users. If it discovers that the domain is in the list of prohibited websites, the user is unable to access it. So governments that attempt to fight VPN’s first and foremost include the VPN websites in their black lists to stop their netizens from downloading the software in the first place. Both the UAE, China, and Russia utilize this form of DPI. However, in Russia this is so far the only method used, while the other countries use the more advanced ones as well.
The second, more advanced type is a DPI software that can search for certain signatures that correspond to specific VPN protocols. This is exactly how the Chinese Great Firewall throttles VPN’s – by finding packets in your traffic that can only be created by a VPN software.
Finally, the most expensive of the widely used DPI’s is designed to spot specific clues in how the connection looks and what kind of data it transfers. Simply put, traffic encrypted and transferred by a VPN looks different from the one encrypted by an HTTPS protocol or that’s not encrypted at all. So if such a DPI can’t say for sure it is NOT a VPN traffic, it’s then considered suspicious and is blocked. This is exactly the way the UAE handles their internet censorship.
… and keys
So, considering all these enormous obstacles erected by governments, is there no hope for a humble Joe to go where he’s not allowed to? Well, as Jeff Goldblum from Jurassic Park once said, “life always finds a way”. For this reason, we have developed the KeepSolid Wise feature from our VPN Unlimited. It allows to bypass most of the aforementioned blocking tools, like internet port lock and VPN signature analysis.
However, VPN fight has turned into a real arms race. We are aware that good ol’ KeepSolid Wise feature can’t fight with the most expensive DPI’s and other military-grade tools. That’s why KeepSolid Wise 2 is already in development, so stay tuned to see what new means of opposing restrictions it will include.
Have you faced the VPN blockade already? Install VPN Unlimited and get a 7 day free trial, enable the KeepSolid Wise feature, and enjoy the complete internet freedom once more!