All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Critical Blog in a country with internet censorship
Hi,
one of my friends in Turkey asked my advice regarding the setup of a critical blog.
At the current moment they are publishing a very plain and simple magazine anonymously (using nicknames) every 14 days with a circulation of circa 3000 pieces.
Now they want to go a step further with internet publishing. They are no extremists or radicals but well educated students with a strong sense for serious democracy.
Unfortunately Turkey censorships everywhere. Internet, TV, Radio, Newspapers, Books, Arts and Cinema and so on.
The Reporters without Borders put Turkey to the 154th place out of 179 regarding the press freedom. More than 60 known journalist are imprisoned at the moment or killed (like Hrant Dink).
Last month they put up new laws for the internet censhorship, my friend told me. Now they are able to filter every webpage without court order. Now they have the right to log and spy on nearly everything, internet users are not safe.
The questions:
1) Which country is best for press freedom and would refuse to give names because of serious journalistic work? VPS should be located there, if possible not to far away from Turkey or with good routing.
2) How does Turkey technically filter? Is there a possible way to keep the blog alive and unblocked for turkish readers? Political magazines, filehoster like 2shared, porn, vimeo and much more are blocked. Even youtube was blocked for a certain time.
Thank you for your help!
Comments
Is CloudFlare blocked in Turkey? If it isn't, it would be better to put the website behind CloudFlare, as blocking it's IPs would also cause the blocking of many other sites and wouldn't be done very lightly.
Name based blocking would still work. But it all depends how they filter.
Name based blocking is too easy to bypass, they probably do per IP blocking. But someone from Turkey with knowledge might be able to shed more light.
Sure, but so is DNS blocking and its still done
I don't know if CloudFlare is blocked. I hope to get some information from people living in Turkey and knowing the technology behind the firewall.
My friend from turkey is not very familiar with IT, that's the reason why he asked me. Unfortunately I am in Europe.
Just try to open any given website using it.
I live in Europe, CloudFlare is not blocked here. I think we have to wait for turkish members.
Why not ask your friend?
I am the only one he knows he could ask.
But I phoned him to check it out quickly. Cloudflare is not blocked. Installed Remote Desktop, will check a few other things out.
I'm from Turkey.
Government denies it's use but in Turkey URL based blocks made with DPI. http://en.wikipedia.org/wiki/Deep_packet_inspection
I think you just shouldn't get one from Turkey, any other location with CloudFlare would work I think.
buy several domain names,
domain1.com
2domain2.com
blabladomain.com
create a twitter account and encourage your visitors to follow you.
if your domain is blocked, alias a new domain name and put it on twitter so anybody can see it.
Mission accomplished.
Germany location will do fine..
Depending what they do HTTPS might help.
I doubt the Turkish blocking system is as sophisticated as the Chinese GFW. DPI sounds unlikely.
Are all the technical details already known? Didnt they just pass the law?
I doubt the law goes into much technical details. It probably just says that the government (or whoever) has the right to order the blocking of some websites, and the ISPs must comply.
New law includes URL filtering therefore welcome to Great Firewall of Turkey.
I would host it in Iceland.
--snipped--
But how?
Your friend has nothing to fear about. People in Turkey don't use their browser's address bar. They type the name of the website on Google and click on the first result. So he can just buy a bunch of domains and perma redirect to a new domain once the current domain is blocked and Google will index the new domain in a few hours.
Haven't tried it but you could also use something like bittorent sync, here you will find browser for it http://jack.minardi.org/software/syncnet-a-decentralized-web-browser/
now just use twitter like others have said in combination with bittorent.
That won't work for the masses I think.
If they block the site it wont work for masses anyway. This way he could have site hosted on VPS and content directory synced over torrent so when they block site people that have torrent and info will see new content and new people would need to wait for new domain, twitter or what ever.
This is what the Tor Network was designed for - anonymous journalists. Why not use Tor? It might be harder for the (
lazy) end user, but if they care, does it matter?You can use cloudflare.
That's unlikely to work for long. Google's search results are country specific (based on client IP) and they seem to comply with link exclusion requests from foreign governments as long as it's only for the results shown in that specific country. Probably better to have more than one domain and also keep the paper version alive in a very reduced form (1 page?) so it could be used to communicate a domain change whenever needed without resorting to twitter or other obvious channels that could easily be blocked or at least intercepted automatically. Another idea would be to hand out access credentials to an unrelated system/message board etc. to a group of well connected trusted people who then communicate domain changes directly within their contact network. Publicly announced domain changes would only slightly delay but not solve the blocking problem, so "whispering" through different - non technological - channels is far more effective as the authorities will need far more time to catch up with the news...
Regarding anonymity: If it's about personal freedom and safety, I wouldn't trust any government or provider that they really protect their clients' identity, even if they claim that they really care. Providers usually don't want to get into trouble with authorities, so no matter which country, depending on the pressure put on them, they will hand out the requested information. Sometimes it won't even take any political pressure. Any .gov/.gv address or a fax letterhead of a government agency, foreign or deomestic, or copyright pressure group will suffice. It has happened even in democracies like Austria, so better don't rely on such promises. Just assume that it will happen sooner or later and prepare for it so it won't have any effect on you.
If I were in such a situation I would search for two different vps providers in two different countries without data retention laws and generally liberal legislation who accept bitcoin or other difficult to track payment method. Then use one of them exclusively for private VPN without logs and the other for the actual blog/site hosting. All logins to hosting account exclusively through that vpn, no direct contact, no logs on the hosting account as well, if possible. Signup with providers either via trusted but not obviously related friends abroad in safe countries (e.g. lots of Turkish students and mmigrants in Germany and Austria, so that should be easy) or, if necessary, with fake, but plausible contact data (working email, of course, from other country, and not from one of the big freemail services but rather small, unknown ones with few users). Then pay with bitcoin or similar stuff for a year in advance (shouldn't be a problem with cheap services). If you want to be really nice, you could email the provider and say "Hey, I'd like you to know that the contact data I provided is fake because I want to publish a democracy blog which could get me in serious trouble in the country I live. I won't do anything illegal or cause any other trouble, it's just to protect my personal safety.", however, I guess most don't really want to know anyway as long as you pay the bill and don't cause any trouble to them. Just make sure to always have at least two layers of "high quality insulation" between yourself and the hosting system, if you want to have plausible deniability for self protection. Make political/administrative barriers between systems as high as possible, i.e. choose administratively dysfunctional, uncooperative countries that don't have close ties with your own country or are openly adverse to your government, to make sure that they won't cooperate easily if your government asks them to confiscate the servers or provide IP logs. Use a generic/foreign domain that can be switched quickly, ideally registered by a foreigner abroad who is not in danger and not obviously linked to you. Don't share critical technical information (vpn address etc.) with many but only with a very small core group that also publishes. Secrecy is always the best protection! And if you're really serious about safety, don't post/publish from a normal pc but set up a system that installs a clean and empty virtual envionment with portable applications on a ram disk every time it starts up (and only use the ramdisk, not the harddisk!), like a Linux live CD, so you only need half a second to switch it off and destroy any potential evidence, in case someone rats you out and the government decides to raid you. That way, at least there won't be any potential evidence on the harddisk. And of course, use SSL, whenever possible, self-signed is fine and probably even better than a connercial cert, as it's one contact point less that you have to protect and to worry about.
One does not simply make the 55 year old vsitor do this. Everyone who would be able to do this already has a way of their own to access blocked sites.
That is true for some not all 55 year old, but also for some 20 year's old.
You can't make most of 55 population to follow twitter or anything else and constantly remembering new domains either.
Anyway for some students that want to be called activists, should not be to hard to set torrent, tor or vpn.
Dude, will you just stop pushing it? It's getting ridiculous.
@ecircuit apparently you no longer care so I'm deleting my 45 lines long comprehensive comment, I don't feel comfortable giving advice about this with packet inspection up my butt.