←back to thread

Cloudflare starts blocking pirate sites for UK users

(torrentfreak.com)
234 points gloxkiqcza | 10 comments | 15 Jul 25 14:33 UTC | HN request time: 0s | source | bottom
1. Retr0id ◴[15 Jul 25 15:30 UTC] No.44572211[source]
Previously, a convenient and low-latency way to bypass UK internet censorship was to proxy via a local datacentre - it's only the residential ISPs that are under pressure to censor traffic, commercial ones less so.

But if the blocking is happening somewhere other than the ISP, this is less effective. A hypothetical TPB user might want to proxy via Luxembourg now (seems like the shortest hop to somewhere with sane legislation)

replies(1): >>44572305 #
2. trollied ◴[15 Jul 25 15:40 UTC] No.44572305[source]
You didn’t even need to do that. Just needed an /etc/hosts entry for the domain.
replies(1): >>44572381 #
3. Retr0id ◴[15 Jul 25 15:47 UTC] No.44572381[source]
My ISP (Virgin Media) does DNS filtering and IP-based blocking and TLS SNI inspection. So you have to use ESNI or domain fronting, which last time I checked my browser could not be easily configured to do.
replies(3): >>44572588 #>>44572615 #>>44574295 #
4. grishka ◴[15 Jul 25 16:05 UTC] No.44572588{3}[source]
You may have some success with DPI bypass tools we've been using in Russia for years now, like GoodbyeDPI and Zapret.
5. arp242 ◴[15 Jul 25 16:07 UTC] No.44572615{3}[source]
Is that common for all ISPs or just Virgin? When I lived in the UK (already a number of years ago) it was all just DNS-based. Running my own DNS resolver unblocked everything. I don't recall which ISP.
replies(1): >>44572708 #
6. Retr0id ◴[15 Jul 25 16:14 UTC] No.44572708{4}[source]
I think it's just Virgin doing the SNI stuff, but I wouldn't be surprised if others are doing IP filtering. I'm not sure if anyone's done a good survey of what the different ISPs are doing (it'd be an interesting project).
replies(1): >>44573618 #
7. doublerabbit ◴[15 Jul 25 17:23 UTC] No.44573618{5}[source]
TalkTalk, Sky, BT & pretty much all domestic mainstream ISPs do DPI down to SNI.

They also exercise an IWF proxy so your already MiTM'd.

https://www.iwf.org.uk/

8. acheong08 ◴[15 Jul 25 18:22 UTC] No.44574295{3}[source]
At this point, what's the difference between the UK and China other than the specific content they block? Some ISPs have even started blocking wireguard here & I've had to resort back to xray/v2ray
replies(1): >>44574468 #
9. Retr0id ◴[15 Jul 25 18:41 UTC] No.44574468{4}[source]
Very little difference. But blocking wireguard is huge change, which ISPs are doing that?
replies(1): >>44577097 #
10. acheong08 ◴[15 Jul 25 23:40 UTC] No.44577097{5}[source]
I currently live in student accommodation so not sure what they're using upstream. The university network also drops wireguard connections but only to known providers like Mullvad (assuming obfuscation is off)