With the rise of moral policing and governments which do not want its citizens to get access to information which is against their narrative, have resorted to blocking access to websites which hosts those content.
For blocking websites ISPs use various methods to identify and snoop on their customers traffic
- DNS Blocking – When you type google.com in your browser to get the ip of server which hosts google site, you pc/mobile will forward a request to DNS server. If the site you requested is on block list of ISP, it will be not answered and thus block you from accessing that website.
- URL Blocking – This is a simple and old method of blocking by using a firewall which will block all sites listed on the blacklist. With the popularity and ease of use of HTTPS by sites this method is not very effective now. You can now get free SSL certificate or if you use cloudflare you can use their certificate even if don’t install a certificate on your server, earlier it was costly and difficult to get SSL certificate so only banks, eCommerce sites used SSL.
- IP Blocking – To overcome DNS bypassing and HTTPS sites which doesn’t allow ISPs to monitor user traffic, they completely block the ip of servers where content is hosted. Draw back of this method are all sites which are hosted on that server gets blocked, on shared hosting one server could contain 1000s of sites with complete different content. If a site uses CDN like cloudflare it will hide its server ip and blocking the CDN ip would again block many sites which are not on blacklist. So, this method is used only by some countries like China where they want to completely cut off internet access to outside world.
- DPI – This is the latest technology which uses Deep Packet Inspection to snoop on your traffic. With HTTPS URL of site you visit is encrypted but with DNS request and reading the information in header(SNI) ISPs can find the url of site you want to access and block it. DPI is considered very invasive and is shunned by privacy activists.
How to Unblock Blocked Sites for Free
Install HTTPS everywhere plugin
EFF provides free HTTPS plugin for all browsers and android. This plugin will always load the https version of website, you can also enable option to block all non-https connection but that can break some old sites. So, it is recommended to use this plugin with custom DNS to encrypt all* traffic from your ISP.
Change your DNS server
Google and Cloudflare both offers their own free DNS service, using custom DNS servers would not only help you bypass restrictions set by your ISP but also in some cases these DNS servers will be faster than your local ISP.
Google free DNS – 184.108.40.206 and 220.127.116.11
Cloudflare free DNS – 18.104.22.168 and 22.214.171.124
Currently only cloudflare offers encrypted DNS or DOH (DNS over HTTPS) which I recommend to use.
How to change DNS server in Windows 10
- Click on Internet Access icon on right bottom of your screen.
- Click on Network & Internet Settings.
3. Now click on Change adapter options
4. A new windows will open Select the active ethernet adapter and right click on it to change its properties.
5. Now Select IPV4 and Click on Properties
6. Select the box to use custom DNS. Enter DNS as shown in image below. You can use google DNS or Cloudflare DNS mentioned above, both are free to use.
7. If your ISP support ipv6 you can similarly select ipv6 settings like in Step 5 and use following DNS.
Google IPV6 DNS – 2001:4860:4860::8888 and 2001:4860:4860::8844
Cloudflare IPV6 DNS – 2606:4700:4700::1111 and 2606:4700:4700::1001
8. Click ok to save.
9. To check if your new DNS is working – https://www.dnsleaktest.com/
Troubleshoot Note: If you want to revert DNS settings use the Obtain DNS automatically option and Save.
Try visiting the blocked site, if your ISP do not use transparent DNS proxy you should be able to access the blocked site. If you still cannot access blocked sites you will have to use DOH (Encrypted DNS) which will bypass your ISP DNS proxy. For Firefox you can use the below ESNI tutorial.
How to change DNS server in Android & Apple
- If you are using Android 9 or above, it comes with DNS over TLS built in.
- Go to Settings then Search DNS
3. Now click on Private DNS
4. Select custom DNS option
5. If you want to use google DNS put Hostname dns.google and Save.
6. If you want to use cloudflare DNS put Hostname 1dot1dot1dot1.cloudflare-dns.com and Save.
For phones running older version of Android you can use cloudflare WARP free VPN, it will automatically use cloudflare DNS and also encrypt your connection completely. Download WARP from google playstore or from apple store.
How to Enable Cloudflare ESNI in Mozilla Firefox
ESNI has not been adopted by all browsers yet and currently it only works with Mozilla Firefox browser and sites that have cloudflare enabled.
Steps To enable ESNI in cloudflare
- In browser type about:config . This will open the firefox advance settings page.
2. Next you will see a Warning Page Accept Risk. This warning is for protecting you from accidentally changing settings.
3. Search network.trr.mode Change its value to 2 . Now firefox will use cloudflare 126.96.36.199 dns over HTTPS (DOH), so your ISP cannot see DNS requests you make which by default is unencrypted.
4. Then type in search box esni Set it to value True (Double click on False to change its value).
5. To check if ESNI is enabled or not visit this page and click on check my browser.
Enabling esni will stop leak of SNI information basically even with Deep Packet Inspection your ISP will not be able to identify which sites you visit. Now your DNS requests will be also over DOH encrypted.
This article was published on https://smarthelpguides.com/
Credits Note: All images and screenshots are taken by the author and is copyrighted.