South Korea Expands Site Blocking Efforts with SNI Eavesdropping

South Korea Expands Site Blocking Efforts with SNI Eavesdropping

February 14, 2019

South Korea will expand its site blocking measures with SNI eavesdropping, so HTTPS sites can be blocked as well. The new measure, which will also affect pirate sites, has generated widespread opposition. While it's more effective than standard DNS blocking, it's certainly not impossible to circumvent.

torrentfreak.com/south-korea-expands-site-blocking-efforts-with-sni-eavesdropping-190214/

Other urls found in this thread:

en.wikipedia.org/wiki/Internet_in_North_Korea
en.wikipedia.org/wiki/Kwangmyong_(network)
forbes.com/sites/davidvolodzko/2019/02/25/is-south-korea-sliding-toward-digital-dictatorship/
bleepingcomputer.com/news/security/south-korea-is-censoring-the-internet-by-snooping-on-sni-traffic/
medium.com/@scyrus89/censorship-sni-and-privacy-violations-4918464c9cc2
voanews.com/a/trump-kim-summit-ends-with-no-agreement-/4807344.html

Both North Korea and South Korea are very bad countries.

>he posted it again, this time with a reliable English-language source that's not a major news site
For newfags, SNI stands for Server Name Indication.
>laughs in paid VPN

I am South Korean and can add to this discussion.
People from all sides, whether they are conservative or progressive are freaking out about this SNI based HTTPS block.
In the South Korean Google Play store, Puffin Browser and Google's DNS censorship evasion app 'Intra' are both ranked on top of the download rankings. Already, there are instructions on how to evade the block, from using an opensource program called 'GoodbyeDPI' that the Russians developed to evade their own internet censors, changing the MTU of devices to lower values so that the packets containing the website address gets separated and thus not blocked, and a modified Chromium based browser called 'Moon Breaker' that can also evade the block.
Not many Koreans seem to be paying for paid VPN services, as most foreign VPNs do not have proper Korean instructions. I personally use a paid VPN to evade the block. VPN provider websites are not blocked for now. OpenVPN connections are stable.

The ultimate problem is that it is illegal to distribute porn to 'unspecified masses', by Korean law.
Yes, I know our country is pretty fucked up in that regard. However, as the old generation dies off there are signs of change popping up around Internet communities within Korea arguing to legalize porn. Still, our politicians aren't really interested in whether the citizens they represent can freely jack off or not, so I don't think the status quo is changing soon.

botnet

not completely unjewgled, so botnet still

Yet to be forked to Linux/BSD (its suggested alternative, zapret has no English documentation though)

So, the Korean government has been blocking 'inappropriate content' which is basically a mix of websites that are mostly porn and gambling, with some drug websites mixed in.
Since, 1996 the Korean government has been blocking websites accessed over plain HTTP connections. The block evolved last year when they poisoned the DNS servers of domestic telecom companies to redirect all DNS queries to the government block notification website. Recently they started to block several torrenting and piracy-related websites using the SNI based HTTPS block method, and that was expanded on February 11th to include all websites that were originally targeted for blocking using the old HTTP blocking method.

Oh and Firefox is now taking off in Korea as it is the only browser that has support for Encrypted SNI. The bad this is that it only works for websites behind the Cloudflare botnet.

Does South Korea block server IPs as well? I recently heard from some of our own Korean users that one of our sites is blocked there, I was wondering how best to assist them.

ESNI seems a bit immature - supposedly Chrome will support it sometime this year but nginx is yet to add support for it. If there aren't any web servers which support it at all this only helps Cloudflare consolidate more sites onto their godawful botnet hub.

0. make peace
1. kick the USA from your country
2. offer women a vast benefit of bread and circuses in exchange for their right to vote. Call this offering a pro-women act of feminism.
3. enshrine women not ever getting franchise in your constitution. Start educating people on why this is a bad fucking idea.
4. slowly return to sanity

this is insane (and filterable).
much better, but still filterable.
how's tor doing?

i thought that you can turn off all those botnet ssl things in about:config

No, as far as I am aware, the Korean government and Koreans ISPs do not carry out IP address blocks. If this was true Firefox's ESNI and GoodbyeDPI would not work.
If your website contains content related to porn, pro-North Korean content, sells drugs including abortion pills, or gambling, then it might be blocked by the government filter.
As for your server, don't bother enabling ESNI on nginx for now, it is troublesome and most mainstream browsers like Chrome do not support it. Firefox supports it but it needs to be manually enabled in about:config

Yes, packets split by MTU should technically be filterable but the government's transparent HTTP proxy and HTTPS SNI header inspection equipment does not reassemble the host header, as of now. I am aware that MTU modification is at best a temporary solution.
Tor is running fine. My own tor relay I operate on one of the major Korean ISPs have not observed any traffic dips or consensus weight changes. As for the Tor Browser and other clients, they seem to be working just fine on default settings. torproject.org remains accessible.

You wish. In NK they can just download anything they want from ftp's, no ip laws.

You might be able to perform some diagnostics youself by configuring Tor Browser to only use Tor Exit nodes in Korea OR go to vpngate.net and download the OpenVPN configuration file for one of the countless public Korean VPN servers listed there.

So North Korea was Best Korea after all?

why wasnt this data encrypted from the beginning?

Attached: glowint.jpg (480x466, 32.88K)

This is a pretty good opportunity to spread the word of Tor and I2P over South Korea. Embrace the darknet before they come for your illegally acquired porn.

I have a dream that every Korean person installed Tor and I2P on his or her computer!

...

Because of butthurt over persecution of "Uyghurs" (WE WUZ UYGHURZ AND SHIET since the 1930's: some Turkic Muslim "nationalist" to all Turkic Muslims living in China)

In Islamic countries, fucking anal holes of men can result in the death penalty.

ftfy

Tor is well known among Koreans as a potential tool to avoid government censorship, but most don't use it because it's too slow and unfit for streaming porn.
I2P is not well known, only the most autistic Koreans know about it.

It would be if it actually had a functioning internet with more than 1024 IP addresses.
en.wikipedia.org/wiki/Internet_in_North_Korea

t. KCIA

Attached: best_korea.jpeg (500x282, 32.8K)

Jongun Kim is quite jolly! I like to fuck North Korean whores. Many North Korean girls and women work as prostitutes in China after fleeing their homeland.

What? Firefox can use any DNS-over-HTTPS, it's Mozilla that provides Google and Cloudflare as two possibilities.

Aren't there over DoH providers besides (((those)))?

DO NOT LEGALIZE PORNOGRAPHY. It's a weapon to destroy you.

Cut your dick, maggot!

Your suggestion leads to the prohibition of all (((problematic))) content, do you realize that?

Because tech protocols are built like a Jenga game, and they likely wanted SSL to initially work with plain name-based virtual servers.

That's because only the most autistic people are capable of using it, that's what happens when you push everyone away for not being an epic hacker enough and deny all forms of casual friendliness in software design. We'd be using P2P internet by now if that wasn't the case.

We had that, and still do. It's called point-to-point protocol. It was used on dialup. Some BBS's supported it also.

You're not wrong.

Attached: cck.jpg (752x564 2.84 MB, 74.73K)

Autists are not human beings. Human beings can conjecture other people's thought but they cannot do it! So they are just animals.

"How My Work as a Cam Girl Changed My Son's Life"

"How Sex Work Makes Me a Better Mother"

I wanna rape my own mom!

People who do not know how to use a computer shouldn't be doing it in the first place.
Tech was better back in the operator days. Filthy normalfags should never touch a precious machine, let alone be on the Internet.

Attached: comp.jpg (600x484, 254.65K)

I thought Koreans leaned English at school.

The internet and computer users will always be 99.999% total idiots and facebook-tier normalfags from now on, deal with it retard.

In South Korea, 3rd grade elementary schoolers start English classes in schools. But many of Korean students start private English classes when they are 4-year-old or 6-year-old in their kindergartens.

Many South Korean schools teach their students almost only grammar and reading so students' English proficiency is not good. Most of them can't speak and write and listen English well.

goodbye (((blackpiller kike))).
Your lies have zero effect. We are Free.

Any human being can imagine what the other is thinking. The respective imaginations of people with little to no empathy are mental instead of heart based, and they do not have the instinct to empathize (in other words it is not their first reaction). They can do it, but the result could be completely different from an heart based empathization ("maybe he could be angry, or sad, or perhaps happy. What does his facial expression mean?). And there's the spiritual empathy that is gained through higher awareness and knowledge.
Hans Asperger said, after the Vienna school in which he worked was filled with Nazis, that asperger people had the ability to be good codebreakers for the Reich.

How would you keep such content secret?

It would be good if somebody posted the "south korea situation" screencap on this thread.

You are all faggots. You should be using dnscrypt-proxy and an obfs4 server with tor by default. I don't care if you are in china, north america, europe, or korea, you should encrypt your packets. If you use dnscrypt-proxy don't forget to copy a manual adress of a server incase the ip's for the distribution of server adressess gets blocked. Don't forget to use obfs4 tor bridges with tor incase tor gets blocked. And don't forget to download and set up GNUnet and i2p in case all https traffic gets blocked from leaving the country or at a nationwide level as you can use tor + obfs4 servers to communicate gnunet and i2p stuff in country/locally p2p.

VPN's can be blocked at ip level nationwide so use tor with obfs4. Firefox SNI can be blocked at a ip level so use dnscrypt-proxy with ipv6 enabled servers which can't be blocked yet?. If you don't have a fucking clue what any of this is then start researching before it gets blocked. Make a guide for other idiots too.

If you need a browser that isn't botnet then download palemoon 27 series and install addons to change user agent, accept headers, javascript OSCPU, version agent, platform agent, disabling canvas, and disable javascript. If you are especially secure/paranoid then install gentoo with hardened kernel setup on a non x86 OS with muslc and non GNU utilities and disable images as you browse. Even with all this you can still be hacked, but it makes you less of a target since jo blow using windows 10 and none of the above can have his dns poisined automagically with the thousands of other users to hack the edge browser they are using.

Now if everyone had the above setup in south korea...... Then you might want to declare war on (((fake isreal))) because they will soon declare war on you for not being able to be spied on easily.

China's censorship is harsher than South Korean's. Using a bridge to connect Tor works in China, so it will have been worked in South Korea till it doesn't work in China.

And in China, obfs4, fte, obfs3 don't work as a bridge. Only meek-azure works in China, at least, in my knowledge.

Tell us how you'll expell all normalfags from the internet, go on.

The only way to surpass this level of goobermint crap is to become a hacker. Look at china.

Yes, because of the recent censorship fiasco dnscrypt/DNS-over-TLS/DNS-over-HTTPS clients have just begun to be widely distributed to the Korean public. Tor isn't widely used because it is too slow for streaming and downloading torrents. If the internet censorship gets off the hook like China I'll be renting a VPS and setting up obfs4/Shadowsocks/whatever Chinese use to evade their internet censorship.

Stock up burner SIMs and credits.
root.zone local copy, dnscrypt + socks5 proxies from China.
As plan B, make batman meshnets for organized comms.
Ultrasurf, freegate, psiphon or similar. You may also use VPN on top of it or just vanilla but if VPN ports are blocked by kike ISP you can assign a different rport and try portscanning these (UDP/TCP). If UDP is blocked in the NAT or some IPv4 NAT problem, use common udp ports for apps like google or games or find an ipv6 provider.
Build a 10KM directional wifi beam @pic and if you manage to still have internet during a shutdown, try to share it as much as possible, can also be used for comms with a wifi messaging app GnuPG signed to your liking.
5G is your friend but use outdoor antennas!
Contact the UNHR (sadly not the best choice but whatever), go to wikileaks and other non-MSM news sites.

Attached: FF.jpg (560x289, 91.22K)

Meek is not enough. All it does is fake the SNI header and dns. But this can be bypassed because meek takes time to do that and that time can be measured and used to block clients. Or the real dns request could be poisined before you make the fake dns request to say azure.

The real solution is to disable SNI altogther and encrypt your dns requests. Or just have a offline dns cache.

So how do you disable your SNI in TLS? Comment it out of the code? I couldn't find a single standard TLS library that allow you to disable it whether by commandline arguement or configure build time options. It seems SNI was added in SSL 2.0 as a backdoor of sorts. As you could just collect the SNI of packets and use that to correlate where traffic was going and coming from based on the time it was collected. It is essentially a backdoor in the protocol for spying purposes.

North Korea has more strict rule for the Internet than China. In North Korea, only permitted people can connect to the Internet. Others only can use Kwangmyong, or a national intranet service.

how's the Kwangmyong? are there penpal services? internet chess? Secret NK-only StarCraft2 service?

Supposedly TLS 1.3 was about to deprecate SNI among other things but that made middleboxes that was designed to monitor your internet traffic crap out and they had to put them back. Maybe that's why.

Kwangmyong is a just simple network like Internet but it is an intranet censored by the North Korean government.

en.wikipedia.org/wiki/Kwangmyong_(network)

United States must protect Jong-un Kim of North Korea.

Donald Trump will rape Jong-un Kim in several hours in Hanoi, Vietnam.

It's not Jong-un Kim. Trump will rape and kill and eat Yojong Kim who is Jong-un's little sister.

But can you buy a wifi pendrive?
I think this can be a nice mind game.
How can one break free from the firewall?
My method would be ask anyone who has internet to sneak in a flash drive
to obtain a copy of aircrack-ng or do it myself in a university or a library
but first assess if there is tracking software within.

After that, there should be wifi usbs on shops so I buy them
and if not I can use atheros cards and remove the wifi antenna within the laptop screen.

Using either the usb or card I can make a yagi antenna from memory with junk scraps
and extend my reach into south korea china or japan.
Once I receive wifi connection, I can now proceed to crack the wifi for days
and since it is not connected to north korea's network I wouldn't have to worry
except for jammers.
That way I can now proceed to install gentoo or kali and finally execute the malware that will undermine the clutches of its evil tyrants.
Don't forget the mask.

Is South Korea Sliding Toward Digital Dictatorship?
Feb 25, 2019
forbes.com/sites/davidvolodzko/2019/02/25/is-south-korea-sliding-toward-digital-dictatorship/

South Korea is Censoring the Internet by Snooping on SNI Traffic
February 13, 2019
bleepingcomputer.com/news/security/south-korea-is-censoring-the-internet-by-snooping-on-sni-traffic/

Censorship, SNI and Privacy Violations
Feb 17, 2019
medium.com/@scyrus89/censorship-sni-and-privacy-violations-4918464c9cc2

Do >>1035845 while you can.

Do and
while you can.

Trump, Kim Summit Ends With No Agreement
February 28, 2019 5:18 AM

voanews.com/a/trump-kim-summit-ends-with-no-agreement-/4807344.html

Yeah~ we will start the nuclear war, or World War III!