Internet Unblocking

A few days ago, Internet infrastructure company Cloudflare implemented widespread support for Encrypted Client Hello (ECH), a privacy technology that aims to render web traffic surveillance futile. This means that site blocking implemented by ISPs will be rendered useless in most, if not all cases.

ECH is a newly proposed privacy standard that's been in the making for a few years. The goal is to increase privacy for Internet users and it has already gained support from Chrome , Firefox , Edge , and other browsers. Users can enable it in the settings, which may still be experimental in some cases.just

The main barrier to widespread adoption is that this privacy technology is a two-way street. This means that websites have to support it as well. Cloudflare has made a huge leap forward on that front by enabling it by default on all free plans, which currently serve millions of sites. Other subscribers can apply to have it enabled. Cloudflare writes in an announcement:

Cloudflare is a big proponent of privacy for everyone and is excited about the prospects of bringing this technology to life. Encrypted Client Hello (ECH) is a successor to ESNI and masks the Server Name Indication (SNI) that is used to negotiate a TLS handshake. This means that whenever a user visits a website on Cloudflare that has ECH enabled, no one except for the user, Cloudflare, and the website owner will be able to determine which website was visited.

If you're a website, and you care about users visiting your website in a fashion that doesn't allow any intermediary to see what users are doing, enable ECH today on Cloudflare

Tests conducted by TorrentFreak show that ISP blocking measures in the UK, the Netherlands, and Spain were rendered ineffective.

I was reading about a whizzy new internet technology called Encrypted Client Hello (ECH). It has been implemented already in many internet browsers but also needs participation from websites to make it all work. This weeks news is that websites using hosting at a company called Cloudflare will use this new tech.

The  importance of this is that the internet routing from a browser to the website will be pretty much all encrypted, so that Thai ISPs will no longer be able to detect which web sites are being accessed, so can't easily block them.

Anyway I decided to have poke around and see what is currently being implemented, at least by my Thai ISP, True.

I was rather surprised to note that a couple of porn tube sites I tried were unblocked.

However things were not so good for my favourite bookie which was indeed blocked with nothing more than a blank page appearing when I typed the URL.

Another sneaky piece of censorship is that Google Search is locked into 'safe search' regardless of what setting you select. So a search for porn tube returns no actual porn tubes.

Not to worry though, the alternative privacy-based search engine DuckDuckGo.com still works fine.

Actually there are existing elements of Encrypted Client Hello (ECH) that are already available. These already clear a way through the current Thai blocking tech without needing to bother with a VPN. Recent versions of Firefox (from version 118) Chrome and Edge have already added support for ECH.

The first thing to select is in the browser network settings and is called DNS over HTTPS (DoH). This needs to be enabled and then select the Cloudflare DNS provider. Note that computers on a network outside of your control, eg on a company network or a hotel network, can stop you setting this.

This was enough on Chrome to get the internet unblocked, but on Firefox I had to one more step. In the Windows Network & internet WiFi settings for the network I am using I replaced the ISP DNS server with Google's DNS server 8.8.8.8 (Encrypted preferred) for the first of the two IPv4 DNS Server selections.

And as a bonus Google.com no longer forced safe mode searches.

The Addams Family is a 1991 USA comedy fantasy by Barry Sonnenfeld.
Starring Anjelica Huston and Raul Julia and Christopher Lloyd.

There are no censorship issues with this release beyond noting that the film has always been PG rated until now. What was previously considered: 'mild comic violence and horror' has become, according to modern BBFC sensitivities: 'moderate bloody images'.

Summary Notes

The Addams Family steps out of Charles Addams' cartoons. They live with all of the trappings of the macabre (including a detached hand for a servant) and are quite wealthy. Added to this mix is a crooked accountant and his loan shark and a plot to slip the shark's son into the family as their long-lost Uncle Fester. Can the false Fester find his way into the vault before he is discovered?

Versions

uncut run: 99:31s pal: 95:32s

UK: Uncut and BBFC 12A rated for moderate bloody images: 2023 Park Circus cinema release (rated 25/08/2023) UK: Uncut and BBFC PG rated for mild comic violence and horror: 2015 Twentieth Century Fox Home Ent. DVD (rated 15/09/2015) UK: Uncut and BBFC PG rated: 1992 Columbia/Tri-Star Home VHS (rated 01/04/1992) 1991 Columbia Pictures cinema release (rated 14/11/1991)

I used a well known and well regarded Vypr VPN to evade website blocking mandated by the Thai government's internet censor. The VPN worked well to evade these blocks implemented by Thai ISPs.

However the VPN is a total failure in being able to watch BBC's iPlayer from Thailand. Although the VPN allows the website requested to apparently appear from a UK IP address. However the BBC recognised this UK IP address as being owned by a VPN and promptly blocked the request itself.

The answer is to use a VPN that offers private IP addresses that the likes of the BBC don't know are owned or used by VPNs.

The popular NordVPN service is rather coy about the uses of its dedicated IP address though. It explains:

The advantages of the Virtual Private Network often depend on the type of service you choose, so today we rely in particular on NordVPN which is one of the best. Let's see why it is convenient to choose the virtual private network, both in the corporate and non-corporate environments.

In a business environment, having a dedicated IP address allows you to access private servers or remote systems in complete safety. In fact, network administrators can specify a list of authorized IPs and only these have the possibility to access, while all the others remain excluded. In this way, from anywhere in the world you can enter your server without running the risk of intrusion by malicious people and thus protecting the data.

The US company Toki is building 'school-in-a-box' devices to connect up to 1 billion people across Africa and Asia, using technologies that it claims could bypass local censorship. The devices will be Wi-Fi-ready servers that can handle dozens of concurrent users.

One of Toki's country managers describes on LinkedIn that the devices would also run a decentralized search engine, designed to be anonymous, private and censorship-resistant. They will be donated to communities in the developing world by U.S.-based eRise, which was founded in 2019 to, according to its website, focus on digital empowerment initiatives that are capital-efficient, and which improve access to content, community and commerce.

Both Toki and eRise were founded by entrepreneur and free speech advocate Rob Monster. Monster owns domain registration company Epik, which allowed controversial social network Parler to come briefly back online last week after the site was booted from Amazon's cloud service. Parler is just one of several platforms enabled by Epik, and Monster's other domain and web hosting companies, that have been home to right leaning forums that western states and social media companies censor and ban.

Presumably technology that was designed to help developing countries with their censorship problems could now be repurposed to helping western countries with their censorship problems.

Google writes on its blog (the claims about privacy are theirs):

Coming soon: Increase your online security with the VPN by Google One With one tap from the Google One app, you can encrypt your online activity for an extra layer of protection wherever you're connected.

Extend Google's world-class security to encrypt your Android phone's online traffic - no matter what app or browser you're using

• Stream, download and browse on an encrypted, private connection

• Shield against hackers on unsecured networks (like public Wi-Fi)

• Hide your IP address and prevent third parties from using it to track your location

Privacy and security is core to everything we make.

• Google will never use the VPN connection to track, log, or sell your browsing activity

• Our systems have advanced security built in so no one can use the VPN to tie your online activity to your identity

• Don't just take our word for it. Our client libraries are open sourced, and our end to end systems will be independently audited (coming soon in 2021)

Web 3 is about rethinking the way we access data online. One of the important new Web 3 protocols which make this possible is IPFS.

IPFS is a protocol which allows you to store data on the web without having to rely on a single server or specific cloud service. How does it work? Instead of asking the network for a file using it's location, the browser can ask the network for a file using its cryptographic hash (unique to the file). IPFS then takes care of delivering the file to the browser, wherever it is stored. Each network node stores only the content it is interested in, plus some indexing information which helps figure out which node is storing what.

When looking up a file to view or download, one asks the network to find the nodes that are storing the content behind a given file's hash. One doesn't, however, need to remember the hash as every file can be found by human-readable names using a decentralized naming system like Unstoppable Domains or the Ethereum Name System (ENS).

This means that files, as well as websites, can be stored in a decentralized and secure way and accessed without relying on a single server 203 a truly cloudless form of storage similar to BitTorrent. Opera has worked directly with Protocol Labs, the main actor behind the development of the IPFS protocol, to integrate this experience into Opera for Android. 

Charles Hamel, Head of Crypto at Opera, commented:

Browsers have a critical role to play in Web 3 and we believe that integrating these new protocols into our popular browser will accelerate their adoption, said

One of the key learnings from recent events is that there is growing demand for privacy features. The Firefox Private Network is an extension which provides a secure, encrypted path to the web to protect your connection and your personal information anywhere and everywhere you use your Firefox browser.

There are many ways that your personal information and data are exposed: online threats are everywhere, whether it's through phishing emails or data breaches. You may often find yourself taking advantage of the free WiFi at the doctor's office, airport or a cafe. There can be dozens of people using the same network -- casually checking the web and getting social media updates. This leaves your personal information vulnerable to those who may be lurking, waiting to take advantage of this situation to gain access to your personal info. Using the Firefox Private Network helps protect you from hackers lurking in plain sight on public connections. To learn more about Firefox Private Network, its key features and how it works exactly, please take a look at this blog post .

As a Firefox user and account holder in the US, you can start testing the Firefox Private Network today . A Firefox account allows you to be one of the first to test potential new products and services when we make them available in Europe, so sign up today and stay tuned for further news and the Firefox Private Network coming to your location soon!

Golden Frog, a globally renowned virtual private network service, is announcing that their popular VyprVPN product is now an independently audited No Log VPN. Golden Frog enjoys a distinguished history as an advocate for privacy rights and standing up against internet censorship.

Sunday Yokubaitis, CEO of Golden Frog said:

When Golden Frog first launched VyprVPN in 2008, the company practiced logging a minimal amount of VPN service data aimed at improving customer experiences through speed, performance, reliability and troubleshooting. As our service has matured over the last decade, we have become more experienced with running a global VPN network and the necessity for minimal logging has diminished. We have found better ways to improve performance and defeat fraudsters without needing a user's connection information.

Upon implementing the No Log policy, Golden Frog engaged Leviathan Security, a leading security firm, to independently audit the VyprVPN servers. As a company, we have been very critical of VPN providers who advertise an anonymous, No Log VPN service but were later revealed to log customer data, said Yokubaitis. They use 'bait and switch' advertising tactics and have rightfully eroded trust in VPN providers. When we decided to move to a No Log VPN this past summer, we wanted to do something more to create trust than just updating our website and privacy policy with No Log language. We made the decision to hire a respected, independent auditor to validate that when we say 'No Log' users can trust that our technology faithfully represents our privacy policy.

The complete audit by Leviathan Security found:

• VyprVPN produces no identifying logs without the user's consent.

• The project revealed a limited number of issues that VyprVPN subsequently fixed.

• Golden Frog can provide VyprVPN users with the assurance the company is not logging their VPN activity.

Golden Frog assures its customers that the change in its logging policy will not affect the user experience nor the quality of the existing service. VyprVPN can now be used to circumvent censorship blocks put in place by governments to access social media accounts and disseminate information freely, with users confident that absolutely none of their activity is being logged. No Log is publicly available for core VyprVPN apps with the exception of iOS, which will be released shortly.

Google's parent company Alphabet has rolled out a new tool aimed at defending against attacks on free speech around the globe.

Jigsaw announced the release of a new app, Intra , designed to protect Android users against the manipulation of DNS resolutions, a commonly used practice among repressive regimes to prohibit users from accessing information deemed off-limits by the state.

In Iran, for example, certain websites redirect to a government censorship page. The same is true of China's Great Firewall (GFW), which returns false and, often instead, seemingly erratic IP addresses in response to DNS queries to government-blocked domains. Hundreds of websites are likewise blocked in Pakistan.

Intra works, according to its creators, by simply encrypting the user's connection to the DNS server. By default, it points to Google's own DNS servers  but for users who prefer to use another ( Cloudflare or IBM's Quad9 , for example) those settings can be changed within the app.

According to CNET, DNS queries will be encrypted by default in an updated version of Android Pie. Reportedly, however, around 80 percent of Android users aren't using the latest version of the Android operating system. For those, Intra is now available in Google Play

In April, Google and Amazon both dropped domain fronting from their web hosting services. Domain fronting is a technique used to bypass internet censorship, in places such as Iran , Russia, and China. Website requests to a censored site start their journey across the internet as requests to Google or Amazon app servers. The final routing to the blocked site is only revealed once an encrypted connection is established. Of course internet censors can block Google and Amazon but this may displease large numbers of internet users. Russia for example had to ban massive numbers of sites in attempt to block the encrypted messaging app Telegram which was employing domain fronting options.

Now, encrypted messaging platform Wickr is starting to roll out a service to its users that includes domain fronting spread across a variety of infrastructure, meaning that customers and soon free users should be able to use the feature to circumvent censorship. Wickr CEO Joel Wallenstrom told Motherboard:

On top of encryption, there's also the availability part of security. You can't have one without the other.

Brave explains in a blog post:

Today we're releasing our latest desktop browser Brave 0.23 which features Private Tabs with Tor, a technology for defending against network surveillance. This new functionality, currently in beta, integrates Tor into the browser and gives users a new browsing mode that helps protect their privacy not only on device but over the network. Private Tabs with Tor help protect Brave users from ISPs (Internet Service Providers), guest Wi-Fi providers, and visited sites that may be watching their Internet connection or even tracking and collecting IP addresses, a device's Internet identifier.

Private Tabs with Tor are easily accessible from the File menu by clicking New Private Tab with Tor. The integration of Tor into the Brave browser makes enhanced privacy protection conveniently accessible to any Brave user directly within the browser. At any point in time, a user can have one or more regular tabs, session tabs, private tabs, and Private Tabs with Tor open.

The Brave browser already automatically blocks ads, trackers, cryptocurrency mining scripts, and other threats in order to protect users' privacy and security, and Brave's regular private tabs do not save a user's browsing history or cookies. Private Tabs with Tor improve user privacy in several ways. It makes it more difficult for anyone in the path of the user's Internet connection (ISPs, employers, or guest Wi-Fi providers such as coffee shops or hotels) to track which websites a user visits. Also, web destinations can no longer easily identify or track a user arriving via Brave's Private Tabs with Tor by means of their IP address. Users can learn more about how the Tor network works by watching this video.

Private Tabs with Tor default to DuckDuckGo as the search engine, but users have the option to switch to one of Brave's other nineteen search providers. DuckDuckGo does not ever collect or share users' personal information, and welcomes anonymous users without impacting their search experience 204 unlike Google which challenges anonymous users to prove they are human and makes their search less seamless.

In addition, Brave is contributing back to the Tor network by running Tor relays. We are proud to be adding bandwidth to the Tor network, and intend to add more bandwidth in the coming months.

Pornhub, the dominant force amongst the world's porn websites, has sent a challenge to the BBFC's porn censorship regime by offering a free workaround to any porn viewer who would prefer to hide their tracks rather then open themselves up to the dangers of offering up their personal ID to age verifiers.

And rather bizarrely Pornhub are one of the companies offering age verification services to  porn sites who want to comply with UK age verification requirements.

Pornhub describes its VPN service with references to UK censorship:

Browse all websites anonymously and without restrictions.

VPNhub helps you bypass censorship while providing secure and private access to Internet. Access all of your favorite websites without fear of being monitored.

Hide your information and surf the Internet without a trace.

Enjoy the pleasure of protection with VPNhub. With full data encryption and guaranteed anonymity, go with the most trusted VPN to protect your privacy anywhere in the world.

Free and Unlimited

Enjoy totally free and unlimited bandwidth on your device of choice.

China's VPN ban came into effect on March 31, 2018, but virtual private network providers are still claiming their users have access to their services in the country.

NordVPN has reportied a lack of information from Chinese authorities about how and when exactly the ban will be implemented. The company also said businesses have reported that so far there have been no announcements from authorities about the ban. The company commented:

We understand the concern of local and international businesses in China, as well as the needs of scholars, scientists, students, and others who vitally need VPNs to freely access the World Wide Web,

Perhaps the rest of the world would well appreciate Chinese VPN blocking, it must surely make trade a bit tougher for Chinese companies to be cut off from the world.

Today, most web browsers have private-browsing modes, in which they temporarily desist from recording the user's browsing history.

But data accessed during private browsing sessions can still end up tucked away in a computer's memory, where a sufficiently motivated attacker could retrieve it.

This week, at the Network and Distributed Systems Security Symposium, researchers from MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) and Harvard University presented a paper describing a new system, dubbed Veil, that makes private browsing more private.

Veil would provide added protections to people using shared computers in offices, hotel business centers, or university computing centers, and it can be used in conjunction with existing private-browsing systems and with anonymity networks such as Tor, which was designed to protect the identity of web users living under repressive regimes.

"Veil was motivated by all this research that was done previously in the security community that said, 'Private-browsing modes are leaky -- Here are 10 different ways that they leak,'" says Frank Wang, an MIT graduate student in electrical engineering and computer science and first author on the paper. "We asked, 'What is the fundamental problem?' And the fundamental problem is that [the browser] collects this information, and then the browser does its best effort to fix it. But at the end of the day, no matter what the browser's best effort is, it still collects it. We might as well not collect that information in the first place."

Wang is joined on the paper by his two thesis advisors: Nickolai Zeldovich, an associate professor of electrical engineering and computer science at MIT, and James Mickens , an associate professor of computer science at Harvard.

Shell game

With existing private-browsing sessions, Wang explains, a browser will retrieve data much as it always does and load it into memory. When the session is over, it attempts to erase whatever it retrieved.

But in today's computers, memory management is a complex process, with data continuously moving around between different cores (processing units) and caches (local, high-speed memory banks). When memory banks fill up, the operating system might transfer data to the computer's hard drive, where it could remain for days, even after it's no longer being used.

Generally, a browser won't know where the data it downloaded has ended up. Even if it did, it wouldn't necessarily have authorization from the operating system to delete it.

Veil gets around this problem by ensuring that any data the browser loads into memory remains encrypted until it's actually displayed on-screen. Rather than typing a URL into the browser's address bar, the Veil user goes to the Veil website and enters the URL there. A special server -- which the researchers call a blinding server -- transmits a version of the requested page that's been translated into the Veil format.

The Veil page looks like an ordinary webpage: Any browser can load it. But embedded in the page is a bit of code -- much like the embedded code that would, say, run a video or display a list of recent headlines in an ordinary page -- that executes a decryption algorithm. The data associated with the page is unintelligible until it passes through that algorithm.

Decoys

Once the data is decrypted, it will need to be loaded in memory for as long as it's displayed on-screen. That type of temporarily stored data is less likely to be traceable after the browser session is over. But to further confound would-be attackers, Veil includes a few other security features.

One is that the blinding servers randomly add a bunch of meaningless code to every page they serve. That code doesn't affect the way a page looks to the user, but it drastically changes the appearance of the underlying source file. No two transmissions of a page served by a blinding sever look alike, and an adversary who managed to recover a few stray snippets of decrypted code after a Veil session probably wouldn't be able to determine what page the user had visited.

If the combination of run-time decryption and code obfuscation doesn't give the user an adequate sense of security, Veil offers an even harder-to-hack option. With this option, the blinding server opens the requested page itself and takes a picture of it. Only the picture is sent to the Veil user, so no executable code ever ends up in the user's computer. If the user clicks on some part of the image, the browser records the location of the click and sends it to the blinding server, which processes it and returns an image of the updated page.

The back end

Veil does, of course, require web developers to create Veil versions of their sites. But Wang and his colleagues have designed a compiler that performs this conversion automatically. The prototype of the compiler even uploads the converted site to a blinding server. The developer simply feeds the existing content for his or her site to the compiler.

A slightly more demanding requirement is the maintenance of the blinding servers. These could be hosted by either a network of private volunteers or a for-profit company. But site managers may wish to host Veil-enabled versions of their sites themselves. For web services that already emphasize the privacy protections they afford their customers, the added protections provided by Veil could offer a competitive advantage.

"Veil attempts to provide a private browsing mode without relying on browsers," says Taesoo Kim, an assistant professor of computer science at Georgia Tech, who was not involved in the research. "Even if end users didn't explicitly enable the private browsing mode, they still can get benefits from Veil-enabled websites. Veil aims to be practical -- it doesn't require any modification on the browser side -- and to be stronger -- taking care of other corner cases that browsers do not have full control of."

Firefox is working to protect users from censorship and government control of the Internet. Firefox 59 will recognize new peer to peer internet protocols such as Dat Project, IPFS, and Secure Scuttlebutt, allowing companies to develop extensions which will deliver the Internet in a way governments will find difficult to control, monitor and censor.

Mozilla believes such freedom is a key ingredient of a healthy Internet, and has sponsored other projects which would offer peer to peer wireless internet which cuts out Internet Service Providers.

While a peer to peer system would never be as fast and easy as a client-server system as we have at present, it does provide a baseline level of service which government and ISPs could not go below, or risk increasing number of users defecting, which means the mere existence of these systems helps everyone else, even if they never become widespread.

Mozilla writes:

Mozilla has always been a proponent of decentralization , recognizing that it is a key ingredient of a healthy Internet. Starting with Firefox 59, several protocols that support decentralized architectures are approved for use by extensions. The newly approved protocols are:

• Dat Project
• IPFS
• Secure Scuttlebutt

Firefox itself does not implement these protocols, but having them on the approved list means the browser recognizes them as valid protocols and extensions are free to provide implementations.

A group of international broadcasters have come together to support a new website that aims to help internet users around the world access news and information.

The Broadcasting Board of Governors (US), the BBC (UK), Deutsche Welle (Germany) and France M39dias Monde (France) have co-sponsored the Bypass Censorship website: bypasscensorship.org

Bypass Censorship provides internet users information on how to access and download security-conscious tools which will enable them to access news websites and social media blocked by governments.

When governments try to block these circumvention tools, the site is updated with information to help users stay ahead of the censors and maintain access to news sites.

BBG CEO, John F. Lansing said:

The right to seek, and impart, facts and ideas is a universal human right which many repressive governments seek to control. This website presents an incredible opportunity to provide citizens around the world with the resources they need to access a free and open internet for uncensored news and information essential to making informed decisions about their lives and communities.

The broadcasters supporting the Bypass Censorship site are part of the DG7 group of media organisations which are consistent supporters of UN resolutions on media freedom and the safety of journalists.

After several days of radio silence, VPN provider PureVPN has responded to criticism that it provided information which helped the FBI catch a cyberstalker. In a fairly lengthy post, the company reiterates that it never logs user activity. What it does do, however, is log both the real and assigned 'anonymous' IP addresses of users accessing its service.

In a fairly lengthy statement, PureVPN begins by confirming that it definitely doesn't log what websites a user views or what content he or she downloads. However, that's only half the problem. While it doesn't log user activity (what sites people visit or content they download), it does log the IP addresses that customers use to access the PureVPN service. These, given the right circumstances, can be matched to external activities thanks to logs carried by other web companies.

If for instance a user accesses a website of interest to the authorities, then that website, or various ISPs involved in the route can see the IP address doing the accessing. And if they look it up, they will find that it belongs to PureVPN. They would then ask PureVPN to identify the real IP address of the user who was assigned the observed PureVPN IP address at the time it was observed.

Now, if PureVPN carried no logs -- literally no logs -- it would not be able to help with this kind of inquiry. That was the case last year when the FBI approached Private Internet Access for information and the company was unable to assist .

But in this case, PureVPN does keep the records of who was assigned each IP address and when, and so the user can be readily identified (albeit with the help of the user's ISP too).

See the full explanation in the article from torrentfreak.com

TorrentFreak sums up:

It is for this reason that in TorrentFreak's annual summary of no-logging VPN providers , the very first question we ask every single company reads as follows:

Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user/users of your service? If so, what information do you hold and for how long?

Clearly, if a company says yes we log incoming IP addresses and associated timestamps, any claim to total user anonymity is ended right there and then.

While not completely useless (a logging service will still stop the prying eyes of ISPs and similar surveillance, while also defeating throttling and site-blocking), if you're a whistle-blower with a job or even your life to protect, this level of protection is entirely inadequate.

A new tool wants to make it easy to track internet outages and help people learn how to circumvent them.

The Open Observatory of Network Interference (OONI), which monitors networks for censorship and surveillance, is launching Ooniprobe, a mobile app to test network connectivity and let you know when a website is censored in your area.

The app tests over 1,200 websites, including Facebook ( FB , Tech30 ) , Twitter ( TWTR , Tech30 ) and WhatsApp.

Created in 2012 under the Tor Project, OONI monitors networks in more than 90 countries through its desktop and hardware trackers, which are available to anyone. It publishes censorship data on its site . The organization has confirmed censorship cases in a number of countries, including Russia, Saudi Arabia, Turkey, Ethiopia and Sudan.

The website has recently introduced a mobile app so that OONI can reach more people potentially affected by internet outages, especially in emerging markets where smartphones are more common than computers.

The Electronic Frontier Foundation (EFF) has released Privacy Badger 1.0, a browser extension that blocks some of the sneakiest trackers that try to spy on your Web browsing habits.

More than a quarter of a million users have already installed the alpha and beta releases of Privacy Badger. The new Privacy Badger 1.0 includes blocking of certain kinds of super-cookies and browser fingerprinting -- the latest ways that some parts of the online tracking industry try to follow Internet users from site to site.

EFF Staff Technologist Cooper Quintin, lead developer of Privacy Badger said:

It's likely you are being tracked by advertisers and other third parties online. You can see some of it when it's happening, such as ads that follow you around the Web that seem to reflect your past browsing history. Those echoes from your past mean you are being tracked, and the records of your online activity are distributed to other third parties -- all without your knowledge, control, or consent. But Privacy Badger 1.0 will spot many of the trackers following you without your permission, and will block them or screen out the cookies that do their dirty work.

Privacy Badger 1.0 works in tandem with the new Do Not Track (DNT) policy, announced earlier this week by EFF and a coalition of Internet companies. Users can set the DNT flag -- in their browser settings or by installing Privacy Badger -- to signal that they want to opt-out of online tracking. Privacy Badger won't block third-party services that promise to honor all DNT requests.

 EFF Chief Computer Scientist Peter Eckersley, leader of the DNT project said:

With DNT and Privacy Badger 1.0, Internet users have important new tools to make their desires about online tracking known to the websites they visit and to enforce those desires by blocking stealthy online tracking and the exploitation of their reading history. It's time to put users back in control and stop surreptitious, intrusive Internet data collection. Installing Privacy Badger 1.0 helps build a leaner, cleaner, privacy-friendly Web.

Download Firefox/Chrome browser add on from eff.org

In an original initiative designed to circumvent website blocking by governments that violate human rights, Reporters Without Borders is using the technique known as mirroring to duplicate the censored sites and place the copies on the servers of Internet giants such as Amazon, Microsoft and Google. In these 11 countries that are "Enemies of the Internet," blocking the servers of these Internet giants in order to make the mirror sites inaccessible would deprive thousands of companies of essential services. The economic and political cost would be too high. Our nine sites are therefore protected against censorship.

Reporters Without Borders is renting bandwidth for this operation that will gradually be used up as more and more people visit the mirror sites. We are therefore asking Internet users to help pay for additional bandwidth so that the mirror sites will be available for as long as possible.

The nine mirror sites created by Reporters Without Borders

1. Grani.ru , blocked in Russia, is now available at https://gr1.global.ssl.fastly.net/
2. Fergananews.com blocked in Kazakhstan, Uzbekistan and Turkmenistan, is now available at https://fg1.global.ssl.fastly.net/
3. The Tibet Post International , blocked in China, is now available at https://tp1.global.ssl.fastly.net/
4. Dan Lam Bao, blocked in Vietnam, is now available at https://dlb1.global.ssl.fastly.net/
5. Mingjing News , blocked in China, is now available at https://mn1.global.ssl.fastly.net/news/main.html
6. Hablemos Press , blocked in Cuba, is now available at https://hp1.global.ssl.fastly.net/
7. Gooya News , blocked in Iran, is now available at https://gn1.global.ssl.fastly.net/
8. Gulf Centre for Human Rights , blocked in United Arab Emirates, is now available at https://gc1.global.ssl.fastly.net/
9. Bahrain Mirror , blocked in Bahrain and Saudi Arabia, is now available at https://bahrainmirror.global.ssl.fastly.net/

This list is also available at https://github.com/RSF-RWB/collateralfreedom

To help make freely-reported news and information available in these countries, all Internet users are invited to join in this operation by posting this list on social networks with the #CollateralFreedom hashtag.

People browsing the internet in censored spaces such as UK public WiFi will soon be able to access the web using the internet connection of friends in censorship-free zones of the web.

Google has thrown its weight behind an idea that lets people circumvent censorship by using the internet connection of a friend.

A collaboration between the University of Washington in Seattle and non-profit firm Brave New Software, uProxy lets users share their internet connection with friends on social networks through a browser extension.

When both parties have the uProxy extension installed, one can forge an encrypted link through the other person's browser and out onto the internet via their social network connection. As well as giving people access to censored content, it could allow people in the UK to watch the US version of Netflix via a US friend's connection, for example, or those in the US to log in to the BBC iPlayer to catch the latest episode of Sherlock. Or if you want to read Melon Farmers on the train then you can use your home connection.

So far it has only been tested in a closed trial for selected users, but its developers promise to open up the code to curious security researchers. This will also ease fears that any back door may have been left open for authorities such as the US National Security Agency to access and spy on users' browsing habits. Censors can't stop uProxy simply by blocking social networking websites either because, instead of the standard web, it accesses the contact lists via background, hard-to-block online processes.

UProxy was funded by Google's charitable arm, Google Ideas, and the firm is also helping in its development.

Another Brave New Software project, Lantern also relies on your social network to find a trusted computer to connect to the wider internet. Unlike uProxy, it can use friends of friends, widening the pool of potential proxies.