South Korea Expands Site Blocking Efforts with SNI Eavesdropping

Jose James
Jose James

South Korea Expands Site Blocking Efforts with SNI Eavesdropping

February 14, 2019

South Korea will expand its site blocking measures with SNI eavesdropping, so HTTPS sites can be blocked as well. The new measure, which will also affect pirate sites, has generated widespread opposition. While it's more effective than standard DNS blocking, it's certainly not impossible to circumvent.

torrentfreak.com/south-korea-expands-site-blocking-efforts-with-sni-eavesdropping-190214/

Other urls found in this thread:

en.wikipedia.org/wiki/Internet_in_North_Korea
forbes.com/sites/davidvolodzko/2019/02/25/is-south-korea-sliding-toward-digital-dictatorship/
bleepingcomputer.com/news/security/south-korea-is-censoring-the-internet-by-snooping-on-sni-traffic/
medium.com/@scyrus89/censorship-sni-and-privacy-violations-4918464c9cc2
voanews.com/a/trump-kim-summit-ends-with-no-agreement-/4807344.html

Lincoln Fisher
Lincoln Fisher

Both North Korea and South Korea are very bad countries.

Asher Sullivan
Asher Sullivan

he posted it again, this time with a reliable English-language source that's not a major news site
For newfags, SNI stands for Server Name Indication.
laughs in paid VPN

Benjamin Davis
Benjamin Davis

I am South Korean and can add to this discussion.
People from all sides, whether they are conservative or progressive are freaking out about this SNI based HTTPS block.
In the South Korean Google Play store, Puffin Browser and Google's DNS censorship evasion app 'Intra' are both ranked on top of the download rankings. Already, there are instructions on how to evade the block, from using an opensource program called 'GoodbyeDPI' that the Russians developed to evade their own internet censors, changing the MTU of devices to lower values so that the packets containing the website address gets separated and thus not blocked, and a modified Chromium based browser called 'Moon Breaker' that can also evade the block.
Not many Koreans seem to be paying for paid VPN services, as most foreign VPNs do not have proper Korean instructions. I personally use a paid VPN to evade the block. VPN provider websites are not blocked for now. OpenVPN connections are stable.

Levi Cox
Levi Cox

The ultimate problem is that it is illegal to distribute porn to 'unspecified masses', by Korean law.
Yes, I know our country is pretty fucked up in that regard. However, as the old generation dies off there are signs of change popping up around Internet communities within Korea arguing to legalize porn. Still, our politicians aren't really interested in whether the citizens they represent can freely jack off or not, so I don't think the status quo is changing soon.

Samuel Barnes
Samuel Barnes

Puffin Browser
botnet

Moon Breaker
not completely unjewgled, so botnet still

GoodbyeDPI
Yet to be forked to Linux/BSD (its suggested alternative, zapret has no English documentation though)

Xavier Gutierrez
Xavier Gutierrez

So, the Korean government has been blocking 'inappropriate content' which is basically a mix of websites that are mostly porn and gambling, with some drug websites mixed in.
Since, 1996 the Korean government has been blocking websites accessed over plain HTTP connections. The block evolved last year when they poisoned the DNS servers of domestic telecom companies to redirect all DNS queries to the government block notification website. Recently they started to block several torrenting and piracy-related websites using the SNI based HTTPS block method, and that was expanded on February 11th to include all websites that were originally targeted for blocking using the old HTTP blocking method.

Ayden Hill
Ayden Hill

Oh and Firefox is now taking off in Korea as it is the only browser that has support for Encrypted SNI. The bad this is that it only works for websites behind the Cloudflare botnet.

Joshua Long
Joshua Long

Does South Korea block server IPs as well? I recently heard from some of our own Korean users that one of our sites is blocked there, I was wondering how best to assist them.

ESNI seems a bit immature - supposedly Chrome will support it sometime this year but nginx is yet to add support for it. If there aren't any web servers which support it at all this only helps Cloudflare consolidate more sites onto their godawful botnet hub.

Henry Green
Henry Green

porn and gambling
0. make peace
1. kick the USA from your country
2. offer women a vast benefit of bread and circuses in exchange for their right to vote. Call this offering a pro-women act of feminism.
3. enshrine women not ever getting franchise in your constitution. Start educating people on why this is a bad fucking idea.
4. slowly return to sanity
changing the MTU of devices
this is insane (and filterable).
modified Chromium based browser called 'Moon Breaker'
much better, but still filterable.
how's tor doing?

Hunter Bennett
Hunter Bennett

i thought that you can turn off all those botnet ssl things in about:config

Angel Murphy
Angel Murphy

No, as far as I am aware, the Korean government and Koreans ISPs do not carry out IP address blocks. If this was true Firefox's ESNI and GoodbyeDPI would not work.
If your website contains content related to porn, pro-North Korean content, sells drugs including abortion pills, or gambling, then it might be blocked by the government filter.
As for your server, don't bother enabling ESNI on nginx for now, it is troublesome and most mainstream browsers like Chrome do not support it. Firefox supports it but it needs to be manually enabled in about:config

Dominic Allen
Dominic Allen

Yes, packets split by MTU should technically be filterable but the government's transparent HTTP proxy and HTTPS SNI header inspection equipment does not reassemble the host header, as of now. I am aware that MTU modification is at best a temporary solution.
Tor is running fine. My own tor relay I operate on one of the major Korean ISPs have not observed any traffic dips or consensus weight changes. As for the Tor Browser and other clients, they seem to be working just fine on default settings. torproject.org remains accessible.

Isaac Ward
Isaac Ward

You wish. In NK they can just download anything they want from ftp's, no ip laws.

Logan Sanchez
Logan Sanchez

You might be able to perform some diagnostics youself by configuring Tor Browser to only use Tor Exit nodes in Korea OR go to vpngate.net and download the OpenVPN configuration file for one of the countless public Korean VPN servers listed there.

Kayden Ramirez
Kayden Ramirez

So North Korea was Best Korea after all?

Charles Diaz
Charles Diaz

why wasnt this data encrypted from the beginning?

Attached: glowint.jpg (32.88 KB, 480x466)

Evan Sanders
Evan Sanders

This is a pretty good opportunity to spread the word of Tor and I2P over South Korea. Embrace the darknet before they come for your illegally acquired porn.

Andrew Price
Andrew Price

I have a dream that every Korean person installed Tor and I2P on his or her computer!

Jaxon Bennett
Jaxon Bennett

<Many Islamic states ban foreign websites like China.

Ryan Jenkins
Ryan Jenkins

Because of butthurt over persecution of "Uyghurs" (WE WUZ UYGHURZ AND SHIET since the 1930's: some Turkic Muslim "nationalist" to all Turkic Muslims living in China)

Aaron Brown
Aaron Brown

In Islamic countries, fucking anal holes of men can result in the death penalty.

Tyler Sanchez
Tyler Sanchez

In Saudi Arabia, Yemen, Iran, Afghanistan, Mauritania, Sudan, and northern Nigeria, fucking anal holes of men can result in the death penalty.
ftfy

Noah Wood
Noah Wood

Tor is well known among Koreans as a potential tool to avoid government censorship, but most don't use it because it's too slow and unfit for streaming porn.
I2P is not well known, only the most autistic Koreans know about it.

Jason Wilson
Jason Wilson

It would be if it actually had a functioning internet with more than 1024 IP addresses.
en.wikipedia.org/wiki/Internet_in_North_Korea

Isaiah Lewis
Isaiah Lewis

t. KCIA

Attached: best-korea.jpeg (32.8 KB, 500x282)

Luis Hughes
Luis Hughes

Jongun Kim is quite jolly! I like to fuck North Korean whores. Many North Korean girls and women work as prostitutes in China after fleeing their homeland.

Ian James
Ian James

What? Firefox can use any DNS-over-HTTPS, it's Mozilla that provides Google and Cloudflare as two possibilities.

Gavin Young
Gavin Young

Aren't there over DoH providers besides (((those)))?

Carson Taylor
Carson Taylor

DO NOT LEGALIZE PORNOGRAPHY. It's a weapon to destroy you.

Cooper White
Cooper White

Cut your dick, maggot!

Nathaniel Brooks
Nathaniel Brooks

no goy, don't let people spread information freely
Your suggestion leads to the prohibition of all (((problematic))) content, do you realize that?

Jacob Williams
Jacob Williams

Because tech protocols are built like a Jenga game, and they likely wanted SSL to initially work with plain name-based virtual servers.

Nathan Robinson
Nathan Robinson

I2P is not well known, only the most autistic Koreans know about it.
That's because only the most autistic people are capable of using it, that's what happens when you push everyone away for not being an epic hacker enough and deny all forms of casual friendliness in software design. We'd be using P2P internet by now if that wasn't the case.

Colton Perez
Colton Perez

We'd be using P2P internet
We had that, and still do. It's called point-to-point protocol. It was used on dialup. Some BBS's supported it also.

Tyler Cox
Tyler Cox

You're not wrong.

Attached: prn.jpg (74.73 KB, 752x564)
Attached: snapchat.png (2.84 MB, 1170x2176)
Attached: cck.jpg (798.21 KB, 2294x2235)

Ethan Rodriguez
Ethan Rodriguez

Autists are not human beings. Human beings can conjecture other people's thought but they cannot do it! So they are just animals.

Easton Thompson
Easton Thompson

"How My Work as a Cam Girl Changed My Son's Life"

"How Sex Work Makes Me a Better Mother"

I wanna rape my own mom!

Xavier King
Xavier King

People who do not know how to use a computer shouldn't be doing it in the first place.
Tech was better back in the operator days. Filthy normalfags should never touch a precious machine, let alone be on the Internet.

Attached: comp.jpg (254.65 KB, 600x484)

Josiah White
Josiah White

Not many Koreans seem to be paying for paid VPN services, as most foreign VPNs do not have proper Korean instructions
I thought Koreans leaned English at school.

James Barnes
James Barnes

The internet and computer users will always be 99.999% total idiots and facebook-tier normalfags from now on, deal with it retard.

Dylan Parker
Dylan Parker

In South Korea, 3rd grade elementary schoolers start English classes in schools. But many of Korean students start private English classes when they are 4-year-old or 6-year-old in their kindergartens.

Camden Green
Camden Green

Many South Korean schools teach their students almost only grammar and reading so students' English proficiency is not good. Most of them can't speak and write and listen English well.

James Brown
James Brown

goodbye (((blackpiller kike))).
Your lies have zero effect. We are Free.

Ryan Lewis
Ryan Lewis

Any human being can imagine what the other is thinking. The respective imaginations of people with little to no empathy are mental instead of heart based, and they do not have the instinct to empathize (in other words it is not their first reaction). They can do it, but the result could be completely different from an heart based empathization ("maybe he could be angry, or sad, or perhaps happy. What does his facial expression mean?). And there's the spiritual empathy that is gained through higher awareness and knowledge.
Hans Asperger said, after the Vienna school in which he worked was filled with Nazis, that asperger people had the ability to be good codebreakers for the Reich.

Christian Diaz
Christian Diaz

How would you keep such content secret?

Kevin King
Kevin King

It would be good if somebody posted the "south korea situation" screencap on this thread.

Anthony Hughes
Anthony Hughes

You are all faggots. You should be using dnscrypt-proxy and an obfs4 server with tor by default. I don't care if you are in china, north america, europe, or korea, you should encrypt your packets. If you use dnscrypt-proxy don't forget to copy a manual adress of a server incase the ip's for the distribution of server adressess gets blocked. Don't forget to use obfs4 tor bridges with tor incase tor gets blocked. And don't forget to download and set up GNUnet and i2p in case all https traffic gets blocked from leaving the country or at a nationwide level as you can use tor + obfs4 servers to communicate gnunet and i2p stuff in country/locally p2p.

VPN's can be blocked at ip level nationwide so use tor with obfs4. Firefox SNI can be blocked at a ip level so use dnscrypt-proxy with ipv6 enabled servers which can't be blocked yet?. If you don't have a fucking clue what any of this is then start researching before it gets blocked. Make a guide for other idiots too.

Julian Walker
Julian Walker

If you need a browser that isn't botnet then download palemoon 27 series and install addons to change user agent, accept headers, javascript OSCPU, version agent, platform agent, disabling canvas, and disable javascript. If you are especially secure/paranoid then install gentoo with hardened kernel setup on a non x86 OS with muslc and non GNU utilities and disable images as you browse. Even with all this you can still be hacked, but it makes you less of a target since jo blow using windows 10 and none of the above can have his dns poisined automagically with the thousands of other users to hack the edge browser they are using.

Now if everyone had the above setup in south korea...... Then you might want to declare war on (((fake isreal))) because they will soon declare war on you for not being able to be spied on easily.

Bentley Lee
Bentley Lee

China's censorship is harsher than South Korean's. Using a bridge to connect Tor works in China, so it will have been worked in South Korea till it doesn't work in China.

And in China, obfs4, fte, obfs3 don't work as a bridge. Only meek-azure works in China, at least, in my knowledge.

Michael Gray
Michael Gray

facts are blackpill
Tell us how you'll expell all normalfags from the internet, go on.

Gabriel Wood
Gabriel Wood

The only way to surpass this level of goobermint crap is to become a hacker. Look at china.

Samuel Williams
Samuel Williams

Yes, because of the recent censorship fiasco dnscrypt/DNS-over-TLS/DNS-over-HTTPS clients have just begun to be widely distributed to the Korean public. Tor isn't widely used because it is too slow for streaming and downloading torrents. If the internet censorship gets off the hook like China I'll be renting a VPS and setting up obfs4/Shadowsocks/whatever Chinese use to evade their internet censorship.

Andrew Baker
Andrew Baker

Stock up burner SIMs and credits.
root.zone local copy, dnscrypt + socks5 proxies from China.
As plan B, make batman meshnets for organized comms.
Ultrasurf, freegate, psiphon or similar. You may also use VPN on top of it or just vanilla but if VPN ports are blocked by kike ISP you can assign a different rport and try portscanning these (UDP/TCP). If UDP is blocked in the NAT or some IPv4 NAT problem, use common udp ports for apps like google or games or find an ipv6 provider.
Build a 10KM directional wifi beam @pic and if you manage to still have internet during a shutdown, try to share it as much as possible, can also be used for comms with a wifi messaging app GnuPG signed to your liking.
5G is your friend but use outdoor antennas!
Contact the UNHR (sadly not the best choice but whatever), go to wikileaks and other non-MSM news sites.

Attached: FF.jpg (91.22 KB, 560x289)

Jonathan King
Jonathan King

Meek is not enough. All it does is fake the SNI header and dns. But this can be bypassed because meek takes time to do that and that time can be measured and used to block clients. Or the real dns request could be poisined before you make the fake dns request to say azure.

The real solution is to disable SNI altogther and encrypt your dns requests. Or just have a offline dns cache.

Asher Campbell
Asher Campbell

So how do you disable your SNI in TLS? Comment it out of the code? I couldn't find a single standard TLS library that allow you to disable it whether by commandline arguement or configure build time options. It seems SNI was added in SSL 2.0 as a backdoor of sorts. As you could just collect the SNI of packets and use that to correlate where traffic was going and coming from based on the time it was collected. It is essentially a backdoor in the protocol for spying purposes.

Jack Foster
Jack Foster

North Korea has more strict rule for the Internet than China. In North Korea, only permitted people can connect to the Internet. Others only can use Kwangmyong, or a national intranet service.

Christopher Sanders
Christopher Sanders

how's the Kwangmyong? are there penpal services? internet chess? Secret NK-only StarCraft2 service?

Jaxon Stewart
Jaxon Stewart

Supposedly TLS 1.3 was about to deprecate SNI among other things but that made middleboxes that was designed to monitor your internet traffic crap out and they had to put them back. Maybe that's why.

Carson Scott
Carson Scott

Kwangmyong is a just simple network like Internet but it is an intranet censored by the North Korean government.

https://en.wikipedia.org/wiki/Kwangmyong_(network)

Leo Turner
Leo Turner

United States must protect Jong-un Kim of North Korea.

Juan Foster
Juan Foster

Donald Trump will rape Jong-un Kim in several hours in Hanoi, Vietnam.

Ethan Lopez
Ethan Lopez

It's not Jong-un Kim. Trump will rape and kill and eat Yojong Kim who is Jong-un's little sister.

Jaxson Wood
Jaxson Wood

But can you buy a wifi pendrive?
I think this can be a nice mind game.
How can one break free from the firewall?
My method would be ask anyone who has internet to sneak in a flash drive
to obtain a copy of aircrack-ng or do it myself in a university or a library
but first assess if there is tracking software within.

After that, there should be wifi usbs on shops so I buy them
and if not I can use atheros cards and remove the wifi antenna within the laptop screen.

Using either the usb or card I can make a yagi antenna from memory with junk scraps
and extend my reach into south korea china or japan.
Once I receive wifi connection, I can now proceed to crack the wifi for days
and since it is not connected to north korea's network I wouldn't have to worry
except for jammers.
That way I can now proceed to install gentoo or kali and finally execute the malware that will undermine the clutches of its evil tyrants.
Don't forget the mask.

Christopher Martinez
Christopher Martinez

Is South Korea Sliding Toward Digital Dictatorship?
Feb 25, 2019
forbes.com/sites/davidvolodzko/2019/02/25/is-south-korea-sliding-toward-digital-dictatorship/

South Korea is Censoring the Internet by Snooping on SNI Traffic
February 13, 2019
bleepingcomputer.com/news/security/south-korea-is-censoring-the-internet-by-snooping-on-sni-traffic/

Censorship, SNI and Privacy Violations
Feb 17, 2019
medium.com/@scyrus89/censorship-sni-and-privacy-violations-4918464c9cc2

Nolan Scott
Nolan Scott

Do >>1035845 while you can.

Connor Reyes
Connor Reyes

Do and
while you can.

Jordan Jones
Jordan Jones

Trump, Kim Summit Ends With No Agreement
February 28, 2019 5:18 AM

voanews.com/a/trump-kim-summit-ends-with-no-agreement-/4807344.html

Yeah~ we will start the nuclear war, or World War III!