λ Tony's Blog λ
Circumventing Australia's Internet FilteringPosted on February 11, 2016
On 31 December 2007 the Telecommunications Minister for the Australian government announced that Australia would be introducing mandatory internet filtering. The only implementation of this idea, until now, has been the ridiculed blocking of 250,000 websites by the Australian Securities and Investments Commission (ASIC) in April 2013 under section 313 of Australia’s Telecommunications Act. The block was intended for only two websites engaged in fraudulent activity. In a subsequent inquiry, ASIC commented that “99.6 per cent of those sites contained no substantive content.” facepalm
The reason this occurred is because the block performed filtering of an internet address called an IP address, however, multiple unrelated websites can share an IP address. In implementing this type of filtering, ASIC blocked an unrelated 249,998 websites. Clearly, a blocking mechanism cannot be implemented this way and a repeat has not occurred since. Nevertheless, such profound eyeroll-inducing incompetence has become a recent trend of the (federal) Australian government.
A repeat of some such stupidity is imminent. Not the brightest bricks in the box.
Australian politicians have been banging on about internet filtering for quite some time now. Unfortunately, those same politicians seek their “expert advice” from such (dopey) organisations as the Australian Federal Police. Australia does indeed fund a significant technology research organisation of actual PhD-holding experts in this field, however, the advice that might be provided by such experts (unanimously) would not be conducive to the agenda, and so it is completely ignored.
In June 2015, a bill called s.115a of the Copyright Amendment (Online Infringement) Bill 2015 was passed in Senate. This bill gives holders of copyright (e.g. television, movies, music) an ability to apply to our Federal Court to have piracy-related websites blocked from being used in Australia. At the forefront of of the agenda of this bill is an effort to block The Pirate Bay website. Even though this website does not host material that infringes copyright, it contains links to some material, which is copyrighted. Despite the fact that Facebook directly hosts infringing copyrighted material, it is websites like The Pirate Bay that have become the centre of attention.
Since we know that IP-address filtering does not work, and the all parties involved in the implementation of this fascination with website blocking are incompetent, we can easily predict their next move. It is predicted that a technique called DNS poisoning will be implemented and of course, this will also not work, because nothing will. Today, it was announced that the first application for implementing this blocking (under the aforementioned bill) has been made to our Federal Court by Village Roadshow. As you can see in the ABC article, it is speculated that DNS poisoning will be the method of implementation for this block.
In this article, I will show you how to circumvent this block. There are a few different ways of achieving this. It is not illegal for me to tell you how to do this, and it is not illegal for you to implement this block. I achieve no monetary gain by writing this article. My single motivation is freedom for myself, and for others. We can all do good things, despite the numpties numptying about in federal government. Aside, if such a block were implemented 10 years ago, it would not have affected me, as my home network already incidentally avoids DNS poisoning. I will show you how to do it too.
First let’s understand a little bit about “DNS.” Suppose you have a broadband connection, such as ADSL or Cable. You might have this service with a provider such as Telstra or Optus. In your home somewhere, you will have a “ADSL modem” or a “cable modem.” Sometimes it is called a modem/router. When you go to a website with a name such as
facebook.com, your computer asks your modem/router to provide an internet address for that name. Your modem/router will have a setting for what to do when this happens. That setting will probably then ask for the internet address for the website name from your service provider (such as Telstra or Optus). When your service provider responds to your modem/router with the address for your desired website, that address is then sent to your computer, so now your computer knows which website address to go to. This happens every time you type a website name into your web browser. DNS is all about a Naming System for all this to occur. That’s all you need to know to now understand DNS poisoning.
The method of DNS poisoning is simply this. When your service provider (Telstra, Optus, whatever) sends back the website address for your website name, there is a tiny dunce from our government standing on their legislative pedestal proclaiming the following:
Right that’s it Telstra! Stop telling your customer’s modem/router the correct address for that website name! And you too Optus, and all of you STOP IT RIGHT NOW or else."
Unfortunately, under our new legislation, your service provider, and all Australian service providers, must comply with this demand. Instead of normal operation, your modem/router will be told the incorrect answer for a website name that you type into your web browser, such as
thepiratebay.se and now you are blocked from using that website.
However, not all service providers must comply with this request. Specifically, not those located outside of Australia. Other DNS answers for website names will still be providing the correct address. For example, Google has a DNS service that provides the correct answer. Many others exist too.
You are blocked because your modem/router has a setting that says, “when looking up the address for a website name, use my Australian service provider to figure it out.” You can circumvent this by:
Download and install the Tor Browser
Changing the setting on your modem/router to use a different (non-Australian) DNS service than the automatic one provided by your service provider.
Add a setting on your computer so that a specific website name answers with a specific address. This will only work on that one computer and for that website name. However, you can set many different website names on different computers. It just becomes a bit more tedious.
There are other mechanisms for circumvention, but they are a bit more complicated, so I will leave those out.
Download and install the Tor Browser
After you have downloaded and installed the Tor Browser, use this as a web browser to your favourite websites. The Tor Browser will send your internet requests (encrypted) through a networked chain of computers around the world, before ultimately ending up at your preferred website. Importantly, whichever computer is at the end of the chain is the one that will do your DNS resolution. This means it is not your computer, modem/router or internet service provider that is doing your internet requests, but rather, another computer on your behalf. This computer is likely to not be in Australia, and so has circumvented Australia’s internet filtering. This computer that is acting on your behalf is called the exit node, with some other computers in between as intermediate nodes. If the exit node is in say, Germany and there is no DNS poisoning in Germany, then it will receive correct website address answers for website names.
All of this is handled automatically for you by the Tor Browser. You just need to install it and start using it. Unfortunately, if your exit node is still in Australia, then you will still have the DNS poisoning problem. The location of the exit node changes over time, so it is only a temporary problem.
The Tor project is committed to the preservation of your freedom. Be a part of it.
Changing the setting on your modem/router
You will need to go to the administration interface for your router. I understand this might not be easy for some. However, it is often as simple as typing
192.168.1.1 into your web browser. If you are unsure how to do this step, perhaps ask a friend for some help. It is actually quite easy, so give it a try, but if you get stuck, seek out help!
Once you are there, you need to change a setting to “use the given DNS servers”, then enter in the address of a server that does not fall under Australia’s legislation, such as Google. Sometimes the setting will have a “primary” and a “secondary” DNS server setting. The address for Google’s servers are
188.8.131.52. Here is how it looks on a Netgear modem/router that I had lying around:
Save the settings and once your modem/router is no longer using a DNS service from within Australia, that’s it, you have circumvented Australia’s internet filter. You are no longer DNS-poisoned and all the computers at your house will now receive the correct answer for a website name.
Here is an example of a similarly oppressed society in Turkey. Regular people spray painted buildings with the Google settings for a DNS service to circumvent their government’s foolish internet filtering service.
You might not wish to use Google’s DNS service. There are other services outside of Australia; for example, OpenDNS. The addresses for OpenDNS are:
184.108.40.206. You might consider looking into this some more and finding a DNS service (outside of Australia) that you are comfortable with.
Wait is it that easy? Yes, it is. So why aren’t more people making this simple change to their home internet settings? Yes, exactly. Now hurry up. Freedom is ours and you are a part of that.
Changing the setting on your specific computer for a specific website
The website address for the name
thepiratebay.se at this moment is
220.127.116.11. If you typed
thepiratebay.se into your web browser, your computer would ask your modem/router for the website address for the name
thepiratebay.se and then your modem/router will ask your internet service provider (e.g. Telstra) for the address and it will respond with
18.104.22.168 and now your web browser will go to that address. If our government has our way, Telstra will give you an incorrect website address instead and your web browser will not go to that website.
However, you can tell your computer not to use your modem/router to find the website address for
thepiratebay.se but instead, to make the address always be
22.214.171.124. You do this by editing your hosts file.
Open up your hosts file on your computer with a text editor, such as Notepad on Windows, or TextEdit on Mac OSX. Your hosts file is located at:
On Mac OSX: /private/etc/hosts
With your text editor, select open a file and then type in the file location as above. You may have problems with editing or opening this file because of your computer’s security. If that is the case, please ask a friend (or me) to help you. It’s usually a matter of using the administrator account of the computer to successfully edit the file.
With the file open, add the following line at the end of the file:
Save the file and close the text editor.
That’s it, you are done. Your computer will now have the correct answer for the website name
thepiratebay.se. You might consider doing this for other website names that you are concerned might fall under Australia’s incompetent internet filtering regime, such as
facebook.com. Just kidding, that will never happen. Ever asked yourself why? I digress.
Hopefully this is a reasonable start to your proactive pursuit of freedom. There is a lot more if it is interesting to you. Seek it out. Experts in the field enjoy helping you to protect yourself and in doing so, protect their own freedom too.
I hope to leave a better world to my children than the one into which I was born. Join me.