Edit me

Circumvention & Anonymity tools list

Circumvention tools, Tor, VPN, Tails

Problem

• Internet traffic can be monitored by the government on different points of the path.
• The client is suffering from online censorship.

---

Solution

We need to understand the exact needs of the client, even if they have already mentioned a specific tool.

There are different ways of circumventing Internet censorship, some of which provide additional layers of security. The tool that is most appropriate for the client depends on their threat model and their specific need.

Initial evaluation

We need to assess and understand the threats the client is facing, and evaluate how we can respond.

Questions for the client

• What is the client’s primary need? Are they interested only in circumvention, or are privacy and anonymity also important?
• What data is being censored that the client wants to view? What is the censorship context of his/her country?
• What appropriate tools are available and work in their country?
• In certain repressive regimes, the usage of VPNs or other tools might be illegal. If you are unsure, you can involve the policy team for guidance, and consult with Helpline management.
• If the client is asking how to hide their identity:
  • We need to know what they want to hide: just IP location, internet navigation, or more?
  • Why do they need to hide their identity?

Best Practices

These are best practices we should explain to the client:

At first, we need to advise the client to use HTTPS - the secure version of the HTTP protocol used to access websites.

This HTTPS Everywhere plug-in may be an easy install.

In addition to the obvious benefits of HTTPS, there is a chance that the encrypted version of the site is not blocked.

Check if the mobile and laptop website versions are both blocked.

For example, instead of visiting https://twitter.com, the client could try to visit https://m.twitter.com, the mobile version of the site. Censors that block websites or web pages usually work from a blacklist of banned websites, so anything that is not on that blacklist will get through.

What follows is a list of some circumvention tools listed from a higher risk threat model to lower:

Circumvention & anonymity

Warning for every Tor-based tool

Before starting to use Tor, the client should check that their connections are really anonymised: https://check.torproject.org/

More warnings

What the client should know in a nutshell:

• Don’t open documents downloaded through Tor while online. These documents can contain Internet resources that will be downloaded outside of Tor by the application that opens them.
• Web browsing is much slower than through a normal browser or a VPN because your traffic is encrypted and relayed through the Tor network, but it shouldn’t be so bad that the application is unusable. If you find it’s too slow, you can try to change the circuit in Tor Browser with Ctrl+Shift+L - https://tor.stackexchange.com/questions/8673/tor-browser-bundle-tbb-new-circuit-versus-new-identity
• Flash and many other features of websites won’t work, for example you may not be able to watch videos - this is a drawback, but enabling these features may compromise your anonymity. Some websites, including Youtube, support HTML5 players when Flash is not supported by the browser and sometimes you can watch the video by switching to the HTML5 version.
• You shouldn’t log into accounts that can identify you through Tor, and you should switch off geolocation if you’re using a device that supports it.
• Don’t deactivate default plugins and don’t install other plugins in Tor Browser or in Orfox/Orweb - use the default settings.

• Don’t resize the Tor Browser window from its default size, as doing so can help an adversary identify you based on your device fingerprint.

• Tor FAQ - In particular: - Why is Tor so slow?
• How can I tell that Tor is working, and that my connections are really anonymized?
• Does Tor remove personal information from the data my application sends?

• Why can’t I view videos on some Flash-based sites?

• Understanding and Using Tor - An Introduction for the Lay(wo)man

---

Tails

Tails is a live operating system that you can boot on almost any computer from a DVD, USB stick, or SD card.

It aims at preserving your privacy and anonymity, and helps you to:

• Use the Internet anonymously
• Circumvent censorship
• Leave no trace on the computer you are using unless you ask explicitly
• Use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging

1. Website
2. Interactive Guide

Warnings

• If you use Tails, all traffic is routed through Tor and default applications have been enhanced to protect your anonymity
  • Warnings for Tails

Whonix

Whonix is a complete operating system designed to be used in a virtual machine.

Designed for advanced security and privacy, Whonix mitigates the threat of common attack vectors while maintaining usability. Its fail-safe, automatic, and desktop-wide use of the Tor network allows for censorship circumvention and anonymity. A heavily reconfigured Debian base is run inside multiple virtual machines, providing a substantial layer of protection from malware and IP address leaks. Commonly used applications are pre-installed and safely pre-configured for immediate use.

• Website

Warnings

• If you use Whonix, all traffic is routed through Tor and default applications have been enhanced to protect your anonymity.
  • Warnings for Whonix

Tor Browser

Tor Browser is software that protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world. In certain locations, where connections are slow, it might be difficult to establish the circuit through the Tor network.

1. The Tor Browser lets you use Tor on Windows, Mac OS X, or Linux without needing to install any additional software. It can run off of a USB flash drive
2. Official website
3. Security in a Box has an updated guide on Tor Browser:
   • Windows
   • Linux
   • Mac

     Warnings

Please keep in mind that if you’re using Tor Browser, only your activity within the Tor Browser is encrypted and anonymised - any other internet traffic is not. Other applications, like Skype or the regular browsers, will not be routed through the Tor network, even if the Tor Browser is running.

Tor Browser for Android

Tor Browser is available on Android.

• Google Play

Onion Browser

Onion Browser is a free web browser for iPhone and iPad that encrypts and tunnels web traffic through the Tor network, with extra features to help you browse the internet privately.

Available only for iOS.

• Websites: 1 - 2

Warnings:

• Only connections through the Onion Browser are anonymised. Other applications will not be routed through the Tor network, even if the Onion Browser is running.
• Multimedia content often bypasses Tor and compromises your privacy; video files and video streams are blocked by default and are not supported by the Onion Browser.
• Use of the Onion Browser is at your own risk; remember that sensitive data does not always belong on a mobile device.
• Note that Onion Browser is maintained by members of the Tor community. It is not maintained directly by Tor Project.

Circumvention

FreeBrowser

FreeBrowser FreeBrowser is a free Android app that provides access to an uncensored internet. Currently targeting Chinese users.

• Website

Freenet

Freenet is a peer-to-peer platform for censorship-resistant communication and publishing. You can browse websites, post on forums, and publish files within Freenet with strong privacy protections.

• Website

VPNs

A VPN encrypts and sends all Internet data between your computer and another computer. A VPN protects your traffic from being intercepted locally, but your VPN provider can keep logs of your traffic (websites you access, and when you access them). These logs could trace back to you, and if your adversary is powerful enough, they could pressure VPN providers to disclose this information.

It is very important to trust the VPN provider you use. We have contacts with some providers who can offer free accounts to civil society members. Some options are listed below:

Mullvad

Mullvad is a VPN which incorporates some obfuscation tech. Its client can be installed on Mac, Windows, and Linux.

• Website
• Features

TunnelBear

Freemium multiplatform VPN that offers tunneling to many different jurisdictions and doesn’t keep logs. It includes a feature to make the encrypted connection less detectable by governments, businesses, and ISPs.

• Website
• Features

AirVPN

AirVPN is a VPN based on OpenVPN and operated by activists and hacktivists in defence of net neutrality, privacy and against censorship.

• Website
• Technical specs

RiseupVPN

• RiseupVPN is an app based on the Bitmask code that is available for macOS, Windows, Linux and Android and does not require registering an account.
  • Information on how to install it and use it can be found in the official page.
  • Limitations to using a VPN

Bitmask

Bitmask is A VPN client that uses Riseup, Calyx, and other VPN servers. Depending on their technical capacities, users could install this option on their own server.

• Available only for Android, Linux, and macOS. A Windows version should be available soon.
• Website

Warnings

• Bitmask is experimental software: It should not be used for situations where a compromise of the user’s data could put them in danger.
• Limitations of Bitmask

Private Internet Access

In general, we should not recommend Private Internet Access to our clients.

Nevertheless, this VPN has shown to work better than others in the CSI region, so we can use it with the clients trying to circumvent censorship in that area.

• Website
• Why we don’t recomment Private Internet Access

Circumvention Tools Based on Encrypted Proxies

These are proxy tools that utilize encryption. Although the connection is encrypted, it might be traced back to you: these tools do not provide anonymity. They are, however, more secure than a plain web-based proxy. Examples of these tools include Lantern and Psiphon.

Psiphon

Psiphon is a circumvention system that uses a combination of secure communication and obfuscation technologies.

1. Available for: Android 2.2 and up, iOS 8 and up, Windows XP, Windows Vista, Windows 7, Windows 8 (desktop), and Windows 10.
2. Website
3. User guide

Lantern

Lantern is an Internet proxy tool. Its goal is to provide access to the open internet. Lantern is unique because it uses peer connections as a source of internet connectivity when servers are unavailable.

1. Available for Mac, Windows, Android, and Linux Debian-based distributions.
2. Website

Web-based Proxies

This is a good way of circumventing censorship. Basically you route your HTTP requests through a different computer (the proxy). The user must be careful, since there are malicious proxy servers, capable of rerouting and modifying users’ requests for malicious purposes.

Never use or trust a proxy server no one has ever heard of. And even if you receive the proxy from a trusted partner, play it safe and do not pass on any private information that isn’t encrypted.

• A guide to use a web-based proxy

---

Comments

• EFF Surveillance Self-Defense guide on How to Circumvent Online Censorship

• Security in a box: Remain anonymous and bypass censorship on the Internet

• Yael Grauer, The Best VPN Service - an article that explains how to choose a VPN

• Helpful comparison website for VPN

---

Related Articles

• Article #192: Set a client with Riseup’s VPN using Bitmask