Bypassing Indonesia's Internet Censorship
Short post. I've traveled to Indonesia for a few weeks and I've found sites like Reddit is blocked. Although I come prepared with my own WireGuard VPN to bypass it. It's still annoyning. Mostly because the added latency. First I tried some low skill bypasses
- Set the DNS server to 126.96.36.199
- Set the DNS server to an uncommon DNS 188.8.131.52
- Set the DNS server my own private resolver
After messing around. I find that Blznet, the ISP I ended up with does thw following network manipulation:
- All DNS requests going out their network is dropped
- But pings are allowed
- Their DNS resolver returns an IP address that hosts a HTTP site that shows "This site is blocked"
At this point, I don't believe the Indonesian goverment is capable of high skill attacks like DPI. Given the assumption thay are just looking at UDP and see if it's a DNS request. I set my browser to use DoH and.. bam! Reddit is back. This is not full proof though. The goverment can still look at SNI use a RST attack to block the connection. But it seems like they are not doing so. But if you are a high profile target, you probably want to use Tor or something much better than DoH only. This is a hostile network enviroment.
I've seen reports on the web saying encrypted DNS protocols are banned. But it seems not to be the case. DoH still works. Also, I'm unable to test if DNSSec works. All the banned sites I know don't have DNSSec. Also I didn't test if DNSCrypt works as DoH works well enough.
Fortunatelly it's simple DNS block right now. It does not look like they are looking at SNI, or at least not acting actively on it. I hope the situation doesn't get worse. This is still a very manageable level of censorship for us who know the Kung Fu.
I've read somewhere on the Internet that gambling sites are banned. For some reasons, some US brokers are banned. It seems that the old school brokers are banned. But exampted if they also provide banking services.
- Interactive Brokers
Some major brokers I checked are not banned:
- Charles Schwab
Systems software, HPC, GPGPU and AI. I mostly write stupid C++ code. Sometimes does AI research. Chronic VRChat addict
- marty1885 \at protonmail.com
- Matrix: @clehaxze:matrix.clehaxze.tw
- Jami: a72b62ac04a958ca57739247aa1ed4fe0d11d2df