Friday, June 23, 2006

How to surf freely and privately

I've finally set up a reliable hack around the Great Firewall of China, and I'd like to record the details here for reference. The solution is quite simple when you know how. Please note that circumventings controls on Internet access may be illegal in some countries - use at your own risk.

Infrastructure you need:

  1. Access to an Internet connected server that's outside the jurisdiction of the entity you're trying to circumvent.
  2. Your own laptop or other computer where you can install client software.
  3. The ability to establish SSH connections between your laptop and your server.

Software needed on the server:

  1. Download and install the Privoxy web proxy.
  2. Make sure your server can accept SSH connections.

Software needed on the client:

  1. All you need is SSH. If you use Microsoft Windows, you can try PuTTY, although I haven't tested this myself.

In fact, any Linux distribution will be useable out of the box for both server and client, with the exception of the need for Privoxy on the server side. Do the standard install on the server, and ignore all the special features of Privoxy. You only need it to act as a proxy, and you can ignore most of the other features for now (you might want to investigate them later for other reasons).

To begin surfing safely, establish a tunnel between your laptop and your server. This SSH command forwards the local port 8118 to port 8118 on the server. If you used the default Privoxy configuration then this should be fine. Replace the "root@myserver.com" with the correct username and server name:

ssh -L 8118:127.0.0.1:8118 root@myserver.com

Set up your web browser to use a manual proxy configuration, with the proxy host as "127.0.0.1" and the port as "8118". Use this for both http and https connections.

That's it. Now you can surf the entire Web, even from within China, or from within company networks that use NetNanny or some other censorship tools. You can also surf from within the U.S.A. secure in the knowledge that the Department of Homeland Security can't monitor your traffic (at least not if your server is outside the U.S.).

How does it work?

Don't let Privoxy's billing as a privacy tool fool you. I'm actually using it as a simple proxy in this case. Normally Privoxy is loaded on your personal computer and filters cookies and other annoyances from the data stream as you surf. In this case I've installed it on my server as the simplest way I could find to get it to forward web traffic for me. The port-forwarding SSH tunnel forwards all of the web traffic to Privoxy on the remote server, and the Privoxy instance on the remote server surfs my behalf.

The connection between the laptop and the server is encrypted, so there's no way for somebody monitoring the traffic to know what I'm looking at. They will know that I'm sending a lot of traffic to a certain server in Helsinki, so if you are in a situation where that will cause problems for you, beware.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)