Circumvention & Anonymity tools list
Circumvention tools, Tor, VPN, Tails
Problem
- Internet traffic can be monitored by the government on different points of the path.
- The client is suffering from online censorship.
Solution
We need to understand the exact needs of the client, even if they have already mentioned a specific tool.
There are different ways of circumventing Internet censorship, some of which provide additional layers of security. The tool that is most appropriate for the client depends on their threat model and their specific need.
Initial evaluation
We need to assess and understand the threats the client is facing, and evaluate how we can respond.
Questions for the client
- What is the client’s primary need? Are they interested only in circumvention, or are privacy and anonymity also important?
- What data is being censored that the client wants to view? What is the censorship context of his/her country?
- What appropriate tools are available and work in their country?
- In certain repressive regimes, the usage of VPNs or other tools might be illegal. If you are unsure, you can involve the policy team for guidance, and consult with Helpline management.
- If the client is asking how to hide their identity:
- We need to know what they want to hide: just IP location, internet navigation, or more?
- Why do they need to hide their identity?
Best Practices
These are best practices we should explain to the client:
At first, we need to advise the client to use HTTPS - the secure version of the HTTP protocol used to access websites.
This HTTPS Everywhere plug-in may be an easy install.
In addition to the obvious benefits of HTTPS, there is a chance that the encrypted version of the site is not blocked.
Check if the mobile and laptop website versions are both blocked.
For example, instead of visiting https://twitter.com, the client could try to visit https://m.twitter.com, the mobile version of the site. Censors that block websites or web pages usually work from a blacklist of banned websites, so anything that is not on that blacklist will get through.
What follows is a list of some circumvention tools listed from a higher risk threat model to lower:
Circumvention & anonymity
Warning for every Tor-based tool
Before starting to use Tor, the client should check that their connections are really anonymised: https://check.torproject.org/
What the client should know in a nutshell:
- Don’t open documents downloaded through Tor while online. These documents can contain Internet resources that will be downloaded outside of Tor by the application that opens them.
- Web browsing is much slower than through a normal browser or a VPN because your traffic is encrypted and relayed through the Tor network, but it shouldn’t be so bad that the application is unusable. If you find it’s too slow, you can try to change the circuit in Tor Browser with Ctrl+Shift+L - https://tor.stackexchange.com/questions/8673/tor-browser-bundle-tbb-new-circuit-versus-new-identity
- Flash and many other features of websites won’t work, for example you may not be able to watch videos - this is a drawback, but enabling these features may compromise your anonymity. Some websites, including Youtube, support HTML5 players when Flash is not supported by the browser and sometimes you can watch the video by switching to the HTML5 version.
- You shouldn’t log into accounts that can identify you through Tor, and you should switch off geolocation if you’re using a device that supports it.
- Don’t deactivate default plugins and don’t install other plugins in Tor Browser or in Orfox/Orweb - use the default settings.
-
Don’t resize the Tor Browser window from its default size, as doing so can help an adversary identify you based on your device fingerprint.
- Tor FAQ - In particular: - Why is Tor so slow?
- How can I tell that Tor is working, and that my connections are really anonymized?
- Does Tor remove personal information from the data my application sends?
- Understanding and Using Tor - An Introduction for the Lay(wo)man
Tails
Tails is a live operating system that you can boot on almost any computer from a DVD, USB stick, or SD card.
It aims at preserving your privacy and anonymity, and helps you to:
- Use the Internet anonymously
- Circumvent censorship
- Leave no trace on the computer you are using unless you ask explicitly
- Use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging
Warnings
- If you use Tails, all traffic is routed through Tor and default applications have been enhanced to protect your anonymity
Whonix
Whonix is a complete operating system designed to be used in a virtual machine.
Designed for advanced security and privacy, Whonix mitigates the threat of common attack vectors while maintaining usability. Its fail-safe, automatic, and desktop-wide use of the Tor network allows for censorship circumvention and anonymity. A heavily reconfigured Debian base is run inside multiple virtual machines, providing a substantial layer of protection from malware and IP address leaks. Commonly used applications are pre-installed and safely pre-configured for immediate use.
Warnings
- If you use Whonix, all traffic is routed through Tor and default applications have been enhanced to protect your anonymity.
Tor Browser
Tor Browser is software that protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world. In certain locations, where connections are slow, it might be difficult to establish the circuit through the Tor network.
- The Tor Browser lets you use Tor on Windows, Mac OS X, or Linux without needing to install any additional software. It can run off of a USB flash drive
- Official website
- Security in a Box has an updated guide on Tor Browser:
Please keep in mind that if you’re using Tor Browser, only your activity within the Tor Browser is encrypted and anonymised - any other internet traffic is not. Other applications, like Skype or the regular browsers, will not be routed through the Tor network, even if the Tor Browser is running.
Tor Browser for Android
Tor Browser is available on Android.
Onion Browser
Onion Browser is a free web browser for iPhone and iPad that encrypts and tunnels web traffic through the Tor network, with extra features to help you browse the internet privately.
Available only for iOS.
Warnings:
- Only connections through the Onion Browser are anonymised. Other applications will not be routed through the Tor network, even if the Onion Browser is running.
- Multimedia content often bypasses Tor and compromises your privacy; video files and video streams are blocked by default and are not supported by the Onion Browser.
- Use of the Onion Browser is at your own risk; remember that sensitive data does not always belong on a mobile device.
- Note that Onion Browser is maintained by members of the Tor community. It is not maintained directly by Tor Project.
Circumvention
FreeBrowser
FreeBrowser FreeBrowser is a free Android app that provides access to an uncensored internet. Currently targeting Chinese users.
Freenet
Freenet is a peer-to-peer platform for censorship-resistant communication and publishing. You can browse websites, post on forums, and publish files within Freenet with strong privacy protections.
VPNs
A VPN encrypts and sends all Internet data between your computer and another computer. A VPN protects your traffic from being intercepted locally, but your VPN provider can keep logs of your traffic (websites you access, and when you access them). These logs could trace back to you, and if your adversary is powerful enough, they could pressure VPN providers to disclose this information.
It is very important to trust the VPN provider you use. We have contacts with some providers who can offer free accounts to civil society members. Some options are listed below:
Mullvad
Mullvad is a VPN which incorporates some obfuscation tech. Its client can be installed on Mac, Windows, and Linux.
TunnelBear
Freemium multiplatform VPN that offers tunneling to many different jurisdictions and doesn’t keep logs. It includes a feature to make the encrypted connection less detectable by governments, businesses, and ISPs.
AirVPN
AirVPN is a VPN based on OpenVPN and operated by activists and hacktivists in defence of net neutrality, privacy and against censorship.
RiseupVPN
- RiseupVPN is an app based on the Bitmask code that is available for macOS, Windows, Linux and Android and does not require registering an account.
- Information on how to install it and use it can be found in the official page.
- Limitations to using a VPN
Bitmask
Bitmask is A VPN client that uses Riseup, Calyx, and other VPN servers. Depending on their technical capacities, users could install this option on their own server.
- Available only for Android, Linux, and macOS. A Windows version should be available soon.
- Website
Warnings
- Bitmask is experimental software: It should not be used for situations where a compromise of the user’s data could put them in danger.
- Limitations of Bitmask
Private Internet Access
In general, we should not recommend Private Internet Access to our clients.
Nevertheless, this VPN has shown to work better than others in the CSI region, so we can use it with the clients trying to circumvent censorship in that area.
Circumvention Tools Based on Encrypted Proxies
These are proxy tools that utilize encryption. Although the connection is encrypted, it might be traced back to you: these tools do not provide anonymity. They are, however, more secure than a plain web-based proxy. Examples of these tools include Lantern and Psiphon.
Psiphon
Psiphon is a circumvention system that uses a combination of secure communication and obfuscation technologies.
- Available for: Android 2.2 and up, iOS 8 and up, Windows XP, Windows Vista, Windows 7, Windows 8 (desktop), and Windows 10.
- Website
- User guide
Lantern
Lantern is an Internet proxy tool. Its goal is to provide access to the open internet. Lantern is unique because it uses peer connections as a source of internet connectivity when servers are unavailable.
- Available for Mac, Windows, Android, and Linux Debian-based distributions.
- Website
Web-based Proxies
This is a good way of circumventing censorship. Basically you route your HTTP requests through a different computer (the proxy). The user must be careful, since there are malicious proxy servers, capable of rerouting and modifying users’ requests for malicious purposes.
Never use or trust a proxy server no one has ever heard of. And even if you receive the proxy from a trusted partner, play it safe and do not pass on any private information that isn’t encrypted.
Comments
-
EFF Surveillance Self-Defense guide on How to Circumvent Online Censorship
-
Security in a box: Remain anonymous and bypass censorship on the Internet
-
Yael Grauer, The Best VPN Service - an article that explains how to choose a VPN