The ongoing absurdity between Brazil and X (Twitter) made me wonder, can’t Brazil just block X domains? Why is it dependent on X doing it from their end?
In: Engineering
“The Net interprets censorship as damage and routes around it.” –John Gilmore
Censoring the Internet becomes more difficult the more you need to scale it. To figure out why, let’s look at the ways you could block something:
– You could block DNS lookups to a given domain. That’s only doable on DNS servers that you control, and it’s trivial for most devices, even locked-down ones, to have custom DNS servers specified. In some environments, the *only* DNS server you can use is one provided by that environment, so mandating use of a government-run DNS server breaks those setups.
– You could inspect traffic and look for requests for a given domain. That’s becoming harder and harder, if not impossible, as the Internet has moved to TLS (encryption) by default. ~~When properly configured, a web server with TLS doesn’t reveal the site being asked for during connection setup.~~
– You could block traffic to IP addresses and ranges that are associated with the website. With most places using cloud providers, especially any place that’s large enough for a government to care about blocking, those IPs and ranges could change constantly, even multiple times an hour. If an IP or range you’ve blocked is later used by someone else, that someone else is now collateral damage until you remove them from the blocklist.
– Even if you do all of this, VPNs and services like Tor make it very easy to start connections from outside your country and therefore outside of your control. It would be necessary to block all of these as well, and they have lots of different methods for hiding themselves and bypassing different kinds of blocks.
– In the case of an app, you could pressure app stores into not serving the app in your country. This is actually pretty easy, because all you have to do is threaten their finances in your country. The problem is, this usually doesn’t affect people who already have the app installed, it doesn’t do anything about people sideloading the app or using alternate app stores, and it doesn’t do anything about people using the website in their browser.
When you are looking to block a small amount of websites, this is very difficult to do with a high amount of effectiveness. Countires like China want to block a *lot* of content, so they position themselves to inspect and filter basically *all* Internet traffic. Once you’ve set up that kind of framework, then adding a new site to the list is easy.
Latest Answers