Hm, so there is basically easy way to use filters to block any website (at least temporary) for the Russian segment of the Internet? I don't see how it might go wrong.
This feels much better than the Russian government's approach to censorship and modern tech. The problem is that there are people in Russian government who actually have a clue about how this stuff works.
If the blocking is done client-side, there's plenty of ways to bypass it, like just not updating your browser, duh. Or patching it, or installing extensions that neutralize the blocking mechanism, or fooling it into thinking you're in another country. Even if the blocking done via DNS, it's trivially bypassable by using a DNS provider that offers encryption. Russian approach, though, is to use deep packet inspection equipment (that doesn't implement the TCP spec, lol) to actively mess with people's connections to "forbidden" resources.
it's not feasible. But it's not the point for Russian authorities, otherwise they would have to ban a lot of different sites:
a) any Internet store - like Amazon, Ebay, AliExpress you name it, as they all hold some 'private data' including name, address, cc info etc.
b) any booking site - same as Internet stores
c) any website which deals with Russian citizens - e.g. foreign embassies :)
so the point is to try to block a big Internet entity and check if there is any backslash, any reaction or any anything :)
This seems a bit useless to me. Its trivial for Russian networks to block out foreign requests before it reaches the sites. So effectively those sites would not be accessible from outside of Russia but inside , business as usual.
No one on Earth could stop the Internet working inside Russia. The only thing that could be done, in principle, by ICANN and EU/US service providers is to block out all content coming in or out of Russia. This will have exactly the effect of blocking out all content which carries (EU/US) truth and replace it with (Russian) propaganda.
And in russia blocks are not effective(everyone bypass them), but they also affect really peaceful websites. And it is only beginning, waiting for Great Russian Firewall.
Russia mostly prefers to block websites instead of prosecuting their creators. E.g. btc-e.com (but not btc-e.nz) was blocked in Russia but they didn't care about its owners.
Disclaimer: I work for an ISP and every ISP in Russia is legally required to do the censorship (and mirror all traffic to FSB black boxes, but that's another story). I'm not partucilarly happy with the situation, but can't do anything about that.
Nginx is totally relevant as many ISPs including our use GNU/Linux boxes running Nginx as a highly performant transparent proxy (there are TPROXY patches for Nginx) to dive into HTTP traffic and do URL filtering (obviously, after initial crude IP-based filtering). Costs less than those fancy Cisco solutions, and it's not like we're willing to spend additional money on something that downgrades the service.
Also, there are cases where actual sites are legally forced to remove resources. Well, not really forced, but it's just a sort request too many sites can't really decline. You either comply and remove a single page (blocking for Russian visitors only seems sufficient), or get blocked on ISP level and since many ISPs (including several giant ones) just blacklist a whole IP address, that means your site becomes completely unavailable.
So Russia's censor meets your stated requirements, I think. There is an official publicly visible blocklist that includes a justification for each blocked site: http://blocklist.rkn.gov.ru/
There is a procedure for challenging a decision to block. All the content on that list is blocked in accordance with some law, it's just that the laws themselves are questionable...
I am consistently annoyed that about 3 out of 30 links on every HN page are blocked in Russia. They are not intentionally blocked - it's collateral damage because they happen to share same ip address with censored websites. A single blocked Cloudflare ip can make a thousand websites unavailable.
FWIW the Russian internet censorship is pretty weak because their propaganda machine relies on more traditional techniques for keeping things in check (domestic terror, lies about external danger, distortion of significant founding myths such as the victory over Nazism, exploiting native nationalism, and even just the basic need to feel sane via denial of reality). They missed the opportunity window to build a great firewall, but it seems it isn't needed after all.
If Russians get used to using VPNs, they might have more opportunity to check independent news sources and see how the war is going, and what people in other countries think.
Ironically, blocking Russian IP addresses could be seen as a form of non-violent protest against Russian web censorship.
That's a smart, strategic idea. Mainstream sites -- outside of Russia but that Russians still use often -- that are willing to stand in solidarity and risk being blocked would be dramatically important. Without outside support, the overwhelming majority of a Russian public will continue to become even more acculturated to censorship and a state's chilling effects. This is already the case. However, it will only get worse unless complacency reaches a tipping point of jolting awareness.
Needless to say, several organizations would be willing to maintain updated blocked (accepted) lists. The important part is not allowing a proxy to be abstracted from the main site; otherwise, isolated javascript would be the blocking target, which would defeat the effects ever being noticed.
Do you have many users in Russia? You could block the whole country ;-)
Russia has no GDPR or something. So you could put (special key in) a cookie? They probably do not process it so subsequent requests without a cookie are to be discarded?
reply