my country has banned a bunch of adult websites and tiktok but everything can accessed with cloudflare “WARP” feature. At office, I had always used cloudflare as my default DNS and so was completely unaffected. since i am not using a Vee.Pee.N, my ISP can clearly see i am visiting tiktok or the banned adult websites, can’t they? why aren’t they blocking my connection? ISP’s were even warned to follow the mandate properly otherwise they would be punished severely so they are clearly following the government ban.
related question: cloudflare unblocks everything at work network but need WARP enabled in my home network when using on and android. why is that?
In: Technology
No, your ISP cannot clearly see you are visiting tiktok.com. The HTTPS protocol you use to access tiktok.com allows to host unlimited number of unrelated websites at the same IP address and it also hides the content of your connection. For example in the western US when I visit tiktok.com my browser is directed to contact 23.66.3.141 IP address (a2047.api10.akamai.net) to get the website content. But akamai.net is the major content distribution network that hosts millions of websites. If my ISP would block all connections to 23.66.3.141 IP address it would block many other websites. It cannot easily inspect what website my browser is requesting from 23.66.3.141 IP because all content packets are encrypted.
There is no easy and reliable way to block a website.
When we say they have banned the website, basically at some point down the line there is some refusal or denial in the connection. Now theirs different ways of achieving this result and getting around these things, and depending on the mannerism of your country the end result can be anything from “they don’t care” to “black bag time”.
In general the two main ways though are:
– DNS blocking.
– Dropping connections.
Now the general principle of the internet is “my package must get from x to y” and you have to imagine theirs a million couriers. You are reliant on one of these couriers being reliable for you to succeed. Now to accurately traverse from these locations you need to know the address of where you are going.
When you block the DNS, what you are essentially doing is dropping the request that allows you to identify the internet address of the website you are searching for a website based on its domain name. As a user is unlikely to remember the address you are more likely to get away with this system. This is very low level security. If you know the address of where you’re searching you already defeated this.
Now at the next levels, you basically get firewalls security. At a firewall you are literally just going to say “accept this connection, deny this connection” and very simply put if your on the ban list it’s going to drop the connection on that channel. If you aren’t on the list, or you are on the ban list – connection doesn’t go through. Usually an organisation will decide what is banned, but governments may also have preinstalled lists.
Now presuming you use a shield like cloudflare, you are essentially anonymising the request you made – as such they don’t pick up on the idea that you’re banned from the website. Now they may update it to only allow valid connections but equally the government can also just track down any bad actors.
But now your thinking “so how are people getting around it so easily:”
If you keep your information and request details private under some level of encryption etc they slip right through. It’s all one big game really though, security standards increase and decrease over these matters.
In short, a ban basically just means they are throwing your package you sent to another person in the bin because they hate the other person so much that you’re not allowed in.
Latest Answers