Accessing sites blocked by your ISP
Just recently, MPAA/RIAA sock puppets Brein managed to convince some clueless judge to order two of the largest ISPs in the Netherlands, XS4ALL and Ziggo to block (in)famous torrent website The Pirate Bay. TPB have put up a message that is shown to anyone visiting from a Dutch IP address, as shown below. XSALL and Ziggo have both announced they will appeal to a higher court, which is a good thing. I don't even use TPB myself and wouldn't really miss it, but I do care deeply about worthless assholes doing anything limiting my internet access. So, how would this work and what can I (or anyone) do to give these lying thieves the finger and circumvent these blocks if they are upheld by the higher courts?
How can ISPs block access?
There are two main things providers can do to keep you from accessing a website. They can do either, or both:
- configure their DNS servers to no longer give the proper address when a request for the site in question comes in
- configure their routers and proxy to drop or redirect any traffic between the user and the blocked site
Both can be circumvented and I will be showing you how to do just that.
Whenever you enter an address, or click a link, in your web browser, the browser extracts a hostname from that, in case of my site, this is "www.shdon.com" and then sends a request to your configured DNS servers to convert this into an IP address. In the example of my site, that would be 126.96.36.199 (or if you have IPv6 enabled: 2a01:238:42f9:4900:80e1:ffe2:7670:692f). Finally, the browser connects to this IP address to fetch the page you actually requested. If the DNS server doesn't give this response, the browser can't access the site and will show you an error message.
A website can simply register another domain name or create a subdomain in another and thus circumvent the DNS blackout. You can also do something about it only for yourself. If the DNS blackouts are limited to your provider, or local to your country, you can instead use a different DNS server by changing your TCP IP settings. Good candidates are Google Public DNS or OpenDNS. Another option is to edit the hosts file.
Changing DNS servers on Windows Vista and 7
Open the Control Panel, select "Network and Internet", followed by "Netword and Sharing Center", then "Change adapter settings" (on Windows 7) or "Manage network connections" (on Windows Vista), then right-click the appropriate network connection, such as "Local Area Connection" or "Wireless Network Connection" and open "Properties". In the list popping up, choose "Internet Protocol Version 4 (TCP/IPv4)" and click the "Properties" button again. Rather than "Obtain DNS server address automatically", set it to "Use the following DNS server addresses" and enter either 188.8.131.52 and 184.108.40.206 (Google Public DNS) or 220.127.116.11 and 18.104.22.168 (OpenDNS). Then click OK. All further DNS requests should then go there, rather than to your provider's DNS service, thus circumventing whatever blocks they were ordered to put in place.
Changing the hosts file
If, for some reason, you can't or don't want to switch DNS providers, or if the block extends beyond your own ISP. You could bypass the DNS system entirely for the site. First you need to know the IP address for the site you want to visit. You can look this up, which tells you that the IP address for The Pirate Bay is 22.214.171.124 (look in the Answer Section).
Edit the hosts file using Notepad. It is called C:\Windows\System32\drivers\etc\hosts. On Windows Vista and 7, you'll need to run Notepad as Administrator. Add a single line to the file:
126.96.36.199 www.thepiratebay.org thepiratebay.org
This tells Windows not to check the DNS servers for www.thepiratebay.org or thepiratebay.org, but uses the address 188.8.131.52 directly.
ISPs act as gateways to the internet, all of your traffic passing through their routers onto the internet. The provider can simply make their equipment drop all traffic to- and from the IP addresses that are to be blocked. This goes quite a bit beyond simple DNS blackouts and the methods outlined above will do nothing to help the situation. What's even worse is that there may be other sites at a given IP address and those would be blocked too.
If a website registers another domain name and simply points it towards its existing IP addresses, the traffic block will still be effective and the only way around this would be for them to change IP addresses (Cloud service providers make this quite easy and blocking those would make large chunks of the internet inaccessible, but the cloud services could still be forced to delete the accounts). You can also hide your own traffic, thus circumventing the block. To your provider, it will seem like you're just accessing any random internet service other than the blocked site and it will go through unhindered. Whatever service you're using to hide your traffic will then route it to the appropriate destination, no longer subject to your provider's configuration and blockage. Common ways to do this are Tor, anonymising proxies and VPN services.
The Tor Project
The Tor Project is a way to encrypt your traffic and route it through a P2P network of volunteers. This way, your provider won't know where the traffic is going and unless the provider of the "exit node" from which your traffic goes from the Tor network onto the big bad internet has also put IP blocks in place, you can access the site.
When you visit the Tor Project homepage and follow the download link, you can download the Tor Browser Bundle. Once downloaded, run the executable and extract it where you want. Navigate to the extraction folder and double-click the "Start Tor Browser" executable. After some activity, this starts a preconfigured portable version of the Firefox browser, from the Aurora build channel. Using that browser is all you need for accessing the blocked site. Note that this browser doesn't come with addons such as Flash, QuickTime etc, as those can undermine your privacy on the internet. This may or may not be a problem. You also, definitely, should not route any BitTorrent traffic through Tor. It is probably not needed to circumvent the block, and as the Tor people explain, it puts too much of a load on the Tor network and like the plugins, does not hide your IP address. Still, it should allow you to visit The Pirate Bay and similar sites just fine. You should use your regular browser for normal unencumbered traffic. There's some good tips on the download page as well.
Anonymising proxies, such as GoProxing allow you to browse the web in a similar fashion, but work through your regular web browser. They do rewrite the page to ensure it works, often injecting ads and not everything works properly. For TPB, while it is still possible to download torrent files, Magnet links do not currently seem to work. That'd be a bummer when TPB switches over to Magnet links entirely in the near future.
There are many different VPN services around, some of them free, some of them paid. A simple web search will show up some that might be to your liking. For full instructions, just look at the web page for the service. The advantage of a VPN service is that, like Tor, it anonymises your traffic and allows you to circumvent the blocks by routing the traffic through another network that your provider knows nothing about and it additionally also handles the actual torrent traffic, if that's what you're interested in (and such ports may also have been blocked or throttled by your provider if there are no laws in your country to govern net neutrality).