<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@vertical+block@e97d39bc6069403c9ef3a1d085af6ed6" data-request-token="ee3a1820a05211eb8ba00242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_CT_EN+001+type@html+block@15e402a2478146baa8e7096e5fe28889">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@html+block@15e402a2478146baa8e7096e5fe28889" data-request-token="ee3a1820a05211eb8ba00242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p style="text-align: center;"><img src="/assets/courseware/v1/99ba88a484a407adbb7480127fc0185b/asset-v1:Totem+TP_CT_EN+001+type@asset+block/How-cts-work.png" alt="How-cts-work" type="saveimage" target="[object Object]" width="40%" /></p>
<p><strong>Congratulations, you have made it through the first section of the course!</strong></p>
<p>You should have a better understanding of what you can use a (secure) circumvention tool for, and where you might want to use one.</p>
<p>Now let’s get into the details. How do circumvention tools actually work? How do they enable you to bypass internet filtering systems? By the end of this section, you’ll not only be able to answer these questions, but you’ll also have a much clearer understanding of key circumvention concepts like tunneling, encryption and VPNs.</p>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@vertical+block@27a7cc53764f498db80afe59151295f8" data-request-token="ee3a1820a05211eb8ba00242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_CT_EN+001+type@html+block@ec4935ccfa87452287618e07b32a48e1">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@html+block@ec4935ccfa87452287618e07b32a48e1" data-request-token="ee3a1820a05211eb8ba00242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p>To understand what a circumvention tool does, <strong>consider this (simplified) analogy.</strong></p>
<section style="border: 2px; border-style: solid; border-color: #66cc99; padding: 1em;">
<p>Imagine you have a loved one who is trapped on the other side of a castle wall. There is a door in the wall, but it is guarded by a agent who won’t let you pass through. Every time you reach the door, you have to show your ID card - but as soon as the agent identifies you, you are turned away.</p>
<p>So does this mean you will never reach your love? Not necessarily.</p>
<p>What if you know a group of people, and you know they've been working on a way to get around this agent (also called "on-path attacker"). You call them, and they invite you to see what they've been doing: digging a tunnel under the wall! You can now take advantage of the hidden tunnel, and get to the other side of the wall without being identified by the agent. The next thing you know, you are connected with your loved one on the other side.</p>
</section>
<p></p>
<p></p>
<p style="text-align: center;"><img src="/assets/courseware/v1/9f05e28b334c62fe2ba0d8dc8b05c1d9/asset-v1:Totem+TP_CT_EN+001+type@asset+block/circumvention-tunnel-analogy.gif" alt="Circumvention tunnel" type="saveimage" target="[object Object]" width="70%" /></p>
<p>Of course, the “tunnel” in this story is the <strong>circumvention tool</strong>, which can help you to bypass an <strong>internet filtering system</strong> - the “wall” - without getting caught or identified. <br /><br />Your “loved one” is the server of a website, app, webmail service, etc. The “agent” is anyone who <strong>interferes with the communication</strong> between you and this server, for example a hacker, the government, or a private company. The next unit looks at this in more detail.</p>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@vertical+block@1d06df8b4cd14ce7892e3daf50175dfa" data-request-token="ee3a1820a05211eb8ba00242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_CT_EN+001+type@html+block@eaf36b2aa5e04f7ca988ecc4b4f1e1ab">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@html+block@eaf36b2aa5e04f7ca988ecc4b4f1e1ab" data-request-token="ee3a1820a05211eb8ba00242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p>Say you are in Iran, and you want to read an article on BBC Persian. You type the URL (www.bbcpersian.com) into your browser, and press ENTER. This sends a request to your Internet Service Provider (ISP). Normally, the ISP would simply send your request to that website, and the website would send you the contents of what you want to see (in this case, its homepage).</p>
<p>When your ISP has a filtering system in place, however, they will first <strong>check if the website you want is on the block list</strong>. If it is, they will redirect you to somewhere else: “This website is out of reach”, like the Iranian page peyvandha.ir saying “Access denied”. Peyvandha.ir is not the destination you requested.</p>
<p>Does the following image look familiar?</p>
<p style="text-align: center;"><img src="/assets/courseware/v1/8d5a88b855d4f82381495137adb9b165/asset-v1:Totem+TP_CT_EN+001+type@asset+block/Blocked-page-mockup.png" alt="Blocked page Mockup" type="saveimage" target="[object Object]" width="50%" /></p>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@vertical+block@6c004d22615c4b0f994a1e5e04d49eea" data-request-token="ee3a1820a05211eb8ba00242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_CT_EN+001+type@html+block@22c9a975b2434d80a7dd33ddb4dcc173">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@html+block@22c9a975b2434d80a7dd33ddb4dcc173" data-request-token="ee3a1820a05211eb8ba00242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p>The following diagram shows that if you send a request to access bbcpersian.com while using a circumvention tool, the ISP will <strong>not be able to see or detect</strong> what you have requested, or what you then receive. In other words, have used a tunnel to reach a blocked website.</p>
<p>When you are <strong>not</strong> using a circumvention tool, however, your ISP can see what websites you are requesting to visit, and even save them in a log.</p>
</div>
</div>
<div class="vert vert-1" data-id="block-v1:Totem+TP_CT_EN+001+type@grapheditorxblock+block@c681d3d9e2e64a86a38f42372345c0f9">
<div class="xblock xblock-public_view xblock-public_view-grapheditorxblock" data-course-id="course-v1:Totem+TP_CT_EN+001" data-block-type="grapheditorxblock" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@grapheditorxblock+block@c681d3d9e2e64a86a38f42372345c0f9" data-request-token="ee3a1820a05211eb8ba00242ac120009" data-graded="True" data-has-score="False">
<div class="page-banner"><div class="alert alert-warning"><span class="icon icon-alert fa fa fa-warning" aria-hidden="true"></span><div class="message-content">This content is only accessible to enrolled learners. Sign in or register, and enroll in this course to view it.</div></div></div>
</div>
</div>
<div class="vert vert-2" data-id="block-v1:Totem+TP_CT_EN+001+type@html+block@b47fa9e8060a43079d437616a317cbfc">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@html+block@b47fa9e8060a43079d437616a317cbfc" data-request-token="ee3a1820a05211eb8ba00242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p>In countries with heavy censorship in place, it is possible that even the servers of the circumvention tools might get blocked from time to time. In this case, you won’t be able to reach your desired website even if you’re using a circumvention tool.</p>
<p>To avoid this, <strong>diversifying your basket of circumvention tools</strong> is a good idea - that way, you’ll have access to 3 - 4 different circumvention tools in case one of them gets blocked. Later in this course we will cover a range of recommended tools.</p>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@vertical+block@9483cd50d01d4c128691ab1134a19e11" data-request-token="ee3a1820a05211eb8ba00242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_CT_EN+001+type@html+block@dd04531938aa467aa72936396663bd73">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@html+block@dd04531938aa467aa72936396663bd73" data-request-token="ee3a1820a05211eb8ba00242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p>Tunneling allows you to bypass blocking, but not all circumvention tools prevent your online traffic (emails, login details, online banking, etc) from being accessed by third parties, or on-path attackers, in general. To protect against this, <strong>you need an encrypted connection</strong>.</p>
<section style="border: 2px; border-style: solid; border-color: #66cc99; padding: 1em;">
<p><strong>What is encryption?</strong></p>
<p>If a message is encrypted, it basically means that the message is scrambled for anyone who does not have the “key” to decrypt it. They can still see a message is being sent, but they can’t understand the contents.</p>
<p>Imagine two Zagaris in Iran speaking in <a href="https://en.wikipedia.org/wiki/Zargari_Romani" target="_blank">Zargari Romani</a>, their traditional language that very few people understand. Anyone walking in from the street who does not speak Zargari cannot understand a word. In this analogy, their prior knowledge of the language is the “key” that allows them to decode the meaning - everyone around them just hears meaningless sounds.</p>
<p>We could also think about encryption in terms of sending a letter to a friend. If you write the letter in a language that the postal workers can understand, then it’s easy for them to open your letter and read it. But if you and your friend have a secret code that you use to communicate, then whoever opens your letter won’t be able to decipher its meaning.</p>
</section>
<p></p>
<p>As you’ll remember from the <a href="https://learn.totem-project.org/courses/course-v1:Totem+TP_IP_001+2018/about" target="_blank">How the Internet Works</a> course, if you send information over an encrypted connection (say you are logging into your webmail account), that information is scrambled between you and the website or service you are connecting to.</p>
<p style="text-align: center;"><img src="/assets/courseware/v1/beb0a8a34f059c2d9d0d31c50cb7c2cf/asset-v1:Totem+TP_CT_EN+001+type@asset+block/Totem_scramble.gif" alt="Encryption TTC Screenshot" type="saveimage" target="[object Object]" width="80%" /></p>
<p>Even if someone does intercept it, they won’t be able to understand it. <strong>This is particularly important when it comes to sensitive information</strong>, like passwords, login details, and email contents.</p>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@vertical+block@b705eb4bbe75406b9953b0217997a959" data-request-token="ee3a1820a05211eb8ba00242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_CT_EN+001+type@html+block@6f9c32764b4b405e94840fcdb588df34">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@html+block@6f9c32764b4b405e94840fcdb588df34" data-request-token="ee3a1820a05211eb8ba00242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p><strong>Not all circumvention tools encrypt your connection</strong>. But many do, and by using those you are able not only to bypass censorship, but also to improve your online safety and security. </p>
<p>Also keep in mind that even if the circumvention tool you are using offers encrypted connections, your information is only encrypted between you and the tool’s servers. Once your information is sent on to its destination (e.g. your banking website), how protected it is depends on other factors - for example, whether the website or service you are visiting itself offers an encrypted connection.</p>
<section style="border: 2px; border-style: solid; border-color: #66cc99; padding: 1em;">If you need a refresher on encrypted connections, go back to the explanation in How the Internet Works. And if you’re curious about other types of encryption, such as end-to-end encryption (which will encrypt the contents of your message all the way through between you and the person you are messaging), do the Totem course on <a href="https://learn.totem-project.org/courses/course-v1:Totem+TP_SM_001+course/about" target="_blank">Secure Messaging Apps</a>.</section>
</div>
</div>
<div class="vert vert-1" data-id="block-v1:Totem+TP_CT_EN+001+type@grapheditorxblock+block@7f4c618efaf54f17844fecb2dcff5263">
<div class="xblock xblock-public_view xblock-public_view-grapheditorxblock" data-course-id="course-v1:Totem+TP_CT_EN+001" data-block-type="grapheditorxblock" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@grapheditorxblock+block@7f4c618efaf54f17844fecb2dcff5263" data-request-token="ee3a1820a05211eb8ba00242ac120009" data-graded="True" data-has-score="False">
<div class="page-banner"><div class="alert alert-warning"><span class="icon icon-alert fa fa fa-warning" aria-hidden="true"></span><div class="message-content">This content is only accessible to enrolled learners. Sign in or register, and enroll in this course to view it.</div></div></div>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@vertical+block@fa98dd6d135f40a68d712daf16368d77" data-request-token="ee3a1820a05211eb8ba00242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_CT_EN+001+type@problem+block@ec184e13cd1f41819deedcc4a51ae9be">
<div class="xblock xblock-public_view xblock-public_view-problem xmodule_display xmodule_ProblemBlock" data-course-id="course-v1:Totem+TP_CT_EN+001" data-block-type="problem" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@problem+block@ec184e13cd1f41819deedcc4a51ae9be" data-request-token="ee3a1820a05211eb8ba00242ac120009" data-graded="True" data-has-score="True">
<div class="page-banner"><div class="alert alert-warning"><span class="icon icon-alert fa fa fa-warning" aria-hidden="true"></span><div class="message-content">Checkboxes quiz is only accessible to enrolled learners. Sign in or register, and enroll in this course to view it.</div></div></div>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@vertical+block@a08b965ee34d4c8aaea40bab9d650ebf" data-request-token="ee3a1820a05211eb8ba00242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_CT_EN+001+type@html+block@2b7bdcca64b6435f9ab6b0d31a740361">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@html+block@2b7bdcca64b6435f9ab6b0d31a740361" data-request-token="ee3a1820a05211eb8ba00242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p>By now you have learned that to bypass internet censorship you need circumvention tools. You might already have come across the terms “VPN” (Virtual Private Network) and “Proxy”. These both allow a user to access a blocked website or app that they didn’t have access to originally.</p>
<section style="border: 2px; border-style: solid; border-color: #66cc99; padding: 1em;">
<p><strong>Proxies</strong> are mostly used for specific apps like Telegram or Twitter. Telegram proxies (<a href="https://core.telegram.org/mtproto" target="_blank">MTProto</a>) are special types of proxies created solely for accessing Telegram servers. They cannot be used to access another app or website, and they use encryption.</p>
<p><strong>VPNs</strong> are often used to tunnel all the internet services in your device through an encrypted tunnel to the VPN server, but they can also be set up to tunnel only certain applications.</p>
</section>
<p></p>
<p>Don’t worry, you don’t need to know all the technical details here - the important thing to keep in mind is that both VPNs and Proxies can be secure tools if they fulfil certain criteria (which we’ll get into later in this course).</p>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>