Categories
Privacy Security Tutorial

Works In 2020 – Free Methods to Unblock sites blocked by your ISP

With the rise of moral policing and governments which do not want its citizens to get access to information which is against their narrative, have resorted to blocking access to websites which hosts those content.

For blocking websites ISPs use various methods to identify and snoop on their customers traffic

how dns server works

  1. DNS Blocking – When you type google.com in your browser to get the ip of server which hosts google site, you pc/mobile will forward a request to DNS server. If the site you requested is on block list of ISP, it will be not answered and thus block you from accessing that website.
  2. URL Blocking – This is a simple and old method of blocking by using a firewall which will block all sites listed on the blacklist. With the popularity and ease of use of HTTPS by sites this method is not very effective now. You can now get free SSL certificate or if you use cloudflare you can use their certificate even if don’t install a certificate on your server, earlier it was costly and difficult to get SSL certificate so only banks, eCommerce sites used SSL.
  3. IP Blocking – To overcome DNS bypassing and HTTPS sites which doesn’t allow ISPs to monitor user traffic, they completely block the ip of servers where content is hosted. Draw back of this method are all sites which are hosted on that server gets blocked, on shared hosting one server could contain 1000s of sites with complete different content. If a site uses CDN like cloudflare it will hide its server ip and blocking the CDN ip would again block many sites which are not on blacklist. So, this method is used only by some countries like China where they want to completely cut off internet access to outside world.
  4. DPI – This is the latest technology which uses Deep Packet Inspection to snoop on your traffic. With HTTPS URL of site you visit is encrypted but with DNS request and reading the information in header(SNI) ISPs can find the url of site you want to access and block it. DPI is considered very invasive and is shunned by privacy activists.

How to Unblock Blocked Sites for Free

Install HTTPS everywhere plugin

https everywhere eff plugin

EFF provides free HTTPS plugin for all browsers and android. This plugin will always load the https version of website, you can also enable option to block all non-https connection but that can break some old sites. So, it is recommended to use this plugin with custom DNS to encrypt all* traffic from your ISP.

Change your DNS server

Google and Cloudflare both offers their own free DNS service, using custom DNS servers would not only help you bypass restrictions set by your ISP but also in some cases these DNS servers will be faster than your local ISP.

Google free DNS – 8.8.8.8 and 8.8.4.4

Cloudflare free DNS – 1.1.1.1 and 1.0.0.1

Currently only cloudflare offers encrypted DNS or DOH (DNS over HTTPS) which I recommend to use.

How to change DNS server in Windows 10

  1. Click on Internet Access icon on right bottom of your screen.
  2. Click on Network & Internet Settings.

internet and network settings windows 10

3. Now click on Change adapter options

4. A new windows will open Select the active ethernet adapter and right click on it to change its properties.

windows 10 change network adpater optionsethernet adapter properties win 10

5. Now Select IPV4 and Click on Properties

windows 10 ethernet adapter ipv4 dns change properties

6. Select the box to use custom DNS. Enter DNS as shown in image below. You can use google DNS or Cloudflare DNS mentioned above, both are free to use.

change dns setting in windows 10

7. If your ISP support ipv6 you can similarly select ipv6 settings like in   Step 5 and use following DNS.

Google IPV6 DNS – 2001:4860:4860::8888 and 2001:4860:4860::8844

Cloudflare IPV6 DNS – 2606:4700:4700::1111 and 2606:4700:4700::1001

8. Click ok to save.

9. To check if your new DNS is working – https://www.dnsleaktest.com/

Troubleshoot Note: If you want to revert DNS settings use the Obtain DNS automatically option and Save.

Try visiting the blocked site, if your ISP do not use transparent DNS proxy you should be able to access the blocked site. If you still cannot access blocked sites you will have to use DOH (Encrypted DNS) which will bypass your ISP DNS proxy. For Firefox you can use the below ESNI tutorial.

How to change DNS server in Android & Apple

  1. If you are using Android 9 or above, it comes with DNS over TLS built in.
  2. Go to Settings then Search DNS

android private dns settings search

3. Now click on Private DNS

4. Select custom DNS option

android dns settings hostname

5. If you want to use google DNS put Hostname dns.google and Save.

6. If you want to use cloudflare DNS put Hostname 1dot1dot1dot1.cloudflare-dns.com and Save.

warp from playstore

For phones running older version of Android you can use cloudflare WARP free VPN, it will automatically use cloudflare DNS and also encrypt your connection completely. Download WARP from google playstore or from apple store.


How to Enable Cloudflare ESNI in Mozilla Firefox

 

cloudflare esni explanation
Image Source

ESNI has not been adopted by all browsers yet and currently it only works with Mozilla Firefox browser and sites that have cloudflare enabled.

Steps To enable ESNI in cloudflare

  1. In browser type about:config . This will open the firefox advance settings page.

firefox about config

2. Next you will see a Warning Page Accept Risk. This warning is for protecting you from accidentally changing settings.

firefox setting risk warning

3. Search network.trr.mode Change its value to 2 . Now firefox will use cloudflare 1.1.1.1 dns over HTTPS (DOH), so your ISP cannot see DNS requests you make which by default is unencrypted.

network trr mode 2 firefox settings

4. Then type in search box esni Set it to value True (Double click on False to change its value).

esni enabled true firefox settings

5. To check if ESNI is enabled or not visit this page and click on check my browser. 

cloudflare_esni_check_all green ticks

Enabling esni will stop leak of SNI information basically even with Deep Packet Inspection your ISP will not be able to identify which sites you visit. Now your DNS requests will be also over DOH encrypted.

You can use this with both Firefox for Android and Firefox for Windows

This article was published on https://smarthelpguides.com/

Credits Note: All images and screenshots are taken by the author and is copyrighted.

Leave a Reply

Your email address will not be published. Required fields are marked *