Indian government bans archive.org (opens in new tab)

(imgur.com)

209 pointsanujdeshpande8y ago43 comments

43 comments

43 comments · 17 top-level

ShirsenduK8y ago· 8 in thread

The following article has a tweet from a journo which says its because it was hosting a movie (Jab Harry Met Sejal) illegally and the Madras court thought banning archive.org is a solution.

http://www.dailyo.in/variety/internet-archive-dot-block/stor...

Update: A more detailed from from the BBC. https://www.bbc.co.uk/news/amp/technology-40875528

ShirsenduK8y ago

For people saying; "its working for me". Here is the explanation.

The block has been implemented using a hosts based method. Such methods work in HTTP as anyone on the network can intercept the traffic and modify it. This snooping is not possible in HTTPS, hence the word secure.

(Update: The above statement is misleading. Please read TallGuyShort's comment for clarity).

This kind of block sometimes take time to propagate given how our ISP networks are setup. The blockage can be implemented at any level. ISP, acquiring ISP, backbone etc.

But even HTTPS can get blocked via DNS provided you are using a DNS which is under the influence of DoT. Most internet users use Google DNS(8.8.8.8) or OpenDNS(208.67.222.222) or Berkeley DNS (4.2.2.2) as their DNS (They have fallback ips also). This is set in your network adapter settings or router settings. They are not under the influence of the DoT. I am not sure if there is a DNS block as I use Google DNS.

Also, IP based blockage is possible which restricts access to HTTPS sites but it is not the case here.

Censorship is no solution to piracy or terrorism. Burying your head in the sand doesn't solve the problem.

Edit: Updated to read TallGuyShort's comment.

TallGuyShort8y ago

>> The block has been implemented using a hosts based method

I'm curious what exactly you mean by hosts-based. For it affect HTTP but not HTTPS, routers would have to be inspecting TCP packets and parsing HTTP. I'd call that packet-sniffing. hosts-based sounds like the DNS-level block to me. Am I missing something?

ShirsenduK8y ago

You are correct. I should have explained it better. I tried to over simplify it and ended up writing misinformation.

jwilk8y ago

Using an alternative DNS server won't necessarily save you from DNS-based censorship. The ISP can modify any DNS traffic they want.

I actually had an ISP once that redirected all 53 port traffic to their own DNS server. It was "fun" every time this DNS server went down.

captn3m08y ago

Just using OpenDNS or Google DNS does not prevent DNS-based attacks. ISPs in India are known to do transparent DNS proxying. See https://www.dnsleaktest.com/what-is-transparent-dns-proxy.ht...

mavidser8y ago

AFAIK, Jio, at least is using IP based blocking. Unable to ping or connect to any port on the the blocked IP addresses.

nuriname8y ago

Well, it is a reasonable solution if archive.org was simply ignoring them.

ShirsenduK8y ago

This is not the case. Please read the official response from the Archive Team.

https://www.medianama.com/2017/08/223-india-blocks-access-in...

msravi8y ago· 6 in thread

I'm on ACT, and it appears that I can access both http://web.archive.org/ and https://web.archive.org/

On Airtel, I can't access the http version. So must be an Airtel specific block, unrelated to the "Indian Government."

dingo_bat8y ago

Airtel is usually very responsive in these cases, while ACT isn't. I'm on ACT and I can also access fine.

deafcalculus8y ago

Same here. I can access http://web.archive.org/ on ACT and on my university campus internet which peers directly with the National Internet Backbone (NIB).

captn3m08y ago

archive.org is still getting blocked over Airtel: http://paste.ubuntu.com/25276595/

majewsky8y ago

That's not blocking. I get exactly the same response from Germany. What's happening is this:

  HTTP/1.1 301 Moved Permanently
  Location: https://archive.org

They're upgrading you from HTTP to HTTPS. curl, by default, does not follow redirects. Add `--location` to enable it:

  $ curl --location --head archive.org
  HTTP/1.1 301 Moved Permanently
  Server: nginx/1.4.6 (Ubuntu)
  Date: Wed, 09 Aug 2017 13:20:21 GMT
  Content-Type: text/html; charset=UTF-8
  X-Powered-By: PHP/5.5.9-1ubuntu4.21
  Location: https://archive.org
  Age: 0
  Connection: keep-alive
  Via: 1.1 akamai (ACE 5.8.1/5.8.1)

  HTTP/1.1 200 OK
  Server: nginx/1.4.6 (Ubuntu)
  Date: Wed, 09 Aug 2017 13:20:22 GMT
  Content-Type: text/html; charset=UTF-8
  Connection: keep-alive
  X-Powered-By: PHP/5.5.9-1ubuntu4.21
  Set-Cookie: PHPSESSID=kb7jsuslq8hrsfg96obqc5gnq3; path=/; domain=.archive.org

EDIT: Apparently archive.org does not do HSTS. If they did, a lot less people would be noticing the censorship.

captn3m08y ago

Check the first response on the paste that I posted. The response is an iframe:

    <meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0"/><style>body{margin:0px;padding:0px;}iframe{width:100%;height:100%}</style><iframe src="http://www.airtel.in/dot/?dpid=1&dpruleid=3&cat=107&dplanguage=-&url=http%3a%2f%2farchive%2eorg%2f" width="100%" height="100%" frameborder=0></iframe>

which has the following content:

>Your requested URL has been blocked as per the directions received from Department of Telecommunications, Government of India. Please contact administrator for more information.

manojlds8y ago

Can access both on my Airtel 4G.

cJ0th8y ago· 4 in thread

and why is that?

rubenbe8y ago

I suspect there is an archived site that was removed/censored by the government.

But this site is still available through archive.org, so as a drastic measure, they block archive.org entirely.

cJ0th8y ago

Aparently, Bollywood is to blame http://www.livemint.com/Politics/VxFtRh0qs6H9I3rUWdtKWL/Inte...

anujdeshpandeOP8y ago

This.

Blanket/irrational bans are not new. In Dec '14 we saw a ban[1] on GitHub and some other sites.

1 - https://techcrunch.com/2014/12/31/indian-government-censorsh...

kronos292968y ago

The joke's on them because https works just fine like all other https sites.

captn3m08y ago· 3 in thread

One of the best things I did recently was setup dnscrypt-proxy locally. Most of the Indian ISPs just do transparent DNS proxying and dns-crypt helps avoid those. Lots of them do DPI on HTTP requests, so HTTPS-everywhere helps as well.

chatmasta8y ago

Similarly in the U.K., Potasto2 is a good solution to this kind of filtering. It sets up a local vpn server that allows you to customize DNS servers and proxy settings without added latency of a remote VPN (but of course without the added benefit of encryption.) It's the only way I've found to use non-ISP DNS servers on non-jailbroken iOS when connected to a mobile network.

anujdeshpandeOP8y ago

Nice - for those wondering how to do this themselves (like me) - check out https://github.com/jedisct1/dnscrypt-proxy/wiki

jsudhams8y ago

In the current scenario this would be illegal to circumvent in most cases so if DoT puts block, don't try to circumvent even if it is possible. In India the law situation pretty bad so.....

dingo_bat8y ago· 2 in thread

Sometimes I think court orders should be voted on. And if 5 people think your order is stupid you lose your fucking job. Get disbarred from law for life.

k_sh8y ago

"Judicial independence is the concept that the judiciary needs to be kept away from the other branches of government. That is, courts should not be subject to improper influence from the other branches of government, or from private or partisan interests.

Judicial Independence is vital and important to the idea of separation of powers."[1]

1: https://en.wikipedia.org/wiki/Judicial_independence

dingo_bat8y ago

Yes, I know, but then we should have some procedure to prevent idiots from becoming judges.

mirap8y ago· 1 in thread

May be related to this article?

Airtel is sniffing and censoring CloudFlare’s traffic in India and CloudFlare doesn’t even know it. - https://medium.com/@karthikb351/airtel-is-sniffing-and-censo...

captn3m08y ago

Nopes, this is entirely different. CF was being MITM'd by airtel (likely still is) because airtel was/is their upstream ISP for their edge locations in India.

archive.org is blocked in India because of a court order somewhere.

zac998y ago· 1 in thread

I dont think its banned i can browse it https://archive.org/search.php?query=india

falcolas8y ago

The comment on the image notes that http is being blocked, it https is not (yet?)

1 more reply

factorialboy8y ago· 1 in thread

Incorrect headline. It's not the government but a court, and it's only in one state out of 25+.

anujdeshpandeOP8y ago

I can confirm that it's blocked in Pune, India. [1] this article confirms that it has been blocked in Delhi (and more). That's more than one state.

1- https://www.medianama.com/2017/08/223-india-blocks-access-in...

peterwaller8y ago

I'm amused by "Please contact administrator for more information".

... "But I _am_ administrator!?"

anujdeshpandeOP8y ago

A good (updated) place to see what ISPs and regions are seeing the ban - https://www.medianama.com/2017/08/223-india-blocks-access-in...

aussieguy1238y ago

DNS should be encrypted to prevent this kind of blocking. Were still using DNS technology from the 80s.

192_168_0_18y ago

So, it is the Judiciary (Chennai High Court) which ordered the ban and Indian Gov. followed it.

glax8y ago

I also tweeted to @DoT_India

Let see their response

glax8y ago

Railtel user here. It shows 404 Not Found

https://pasteboard.co/GESzgyf.png

sg248y ago

HTTPS or HTTP; archive.org is not blocked across india,misleading & incorrect post title.

nitin_flanker8y ago

It's working for me!

grey-sunshine8y ago

It works for me!

j / k navigate · click thread line to collapse

43 comments

43 comments · 17 top-level

ShirsenduK8y ago· 8 in thread

The following article has a tweet from a journo which says its because it was hosting a movie (Jab Harry Met Sejal) illegally and the Madras court thought banning archive.org is a solution.

http://www.dailyo.in/variety/internet-archive-dot-block/stor...

Update: A more detailed from from the BBC. https://www.bbc.co.uk/news/amp/technology-40875528

ShirsenduK8y ago

For people saying; "its working for me". Here is the explanation.

(Update: The above statement is misleading. Please read TallGuyShort's comment for clarity).

This kind of block sometimes take time to propagate given how our ISP networks are setup. The blockage can be implemented at any level. ISP, acquiring ISP, backbone etc.

Also, IP based blockage is possible which restricts access to HTTPS sites but it is not the case here.

Censorship is no solution to piracy or terrorism. Burying your head in the sand doesn't solve the problem.

Edit: Updated to read TallGuyShort's comment.

TallGuyShort8y ago

>> The block has been implemented using a hosts based method

ShirsenduK8y ago

You are correct. I should have explained it better. I tried to over simplify it and ended up writing misinformation.

jwilk8y ago

Using an alternative DNS server won't necessarily save you from DNS-based censorship. The ISP can modify any DNS traffic they want.

I actually had an ISP once that redirected all 53 port traffic to their own DNS server. It was "fun" every time this DNS server went down.

captn3m08y ago

Just using OpenDNS or Google DNS does not prevent DNS-based attacks. ISPs in India are known to do transparent DNS proxying. See https://www.dnsleaktest.com/what-is-transparent-dns-proxy.ht...

mavidser8y ago

AFAIK, Jio, at least is using IP based blocking. Unable to ping or connect to any port on the the blocked IP addresses.

nuriname8y ago

Well, it is a reasonable solution if archive.org was simply ignoring them.

ShirsenduK8y ago

This is not the case. Please read the official response from the Archive Team.

https://www.medianama.com/2017/08/223-india-blocks-access-in...

msravi8y ago· 6 in thread

I'm on ACT, and it appears that I can access both http://web.archive.org/ and https://web.archive.org/

On Airtel, I can't access the http version. So must be an Airtel specific block, unrelated to the "Indian Government."

dingo_bat8y ago

Airtel is usually very responsive in these cases, while ACT isn't. I'm on ACT and I can also access fine.

deafcalculus8y ago

Same here. I can access http://web.archive.org/ on ACT and on my university campus internet which peers directly with the National Internet Backbone (NIB).

captn3m08y ago

archive.org is still getting blocked over Airtel: http://paste.ubuntu.com/25276595/

majewsky8y ago

That's not blocking. I get exactly the same response from Germany. What's happening is this:

  HTTP/1.1 301 Moved Permanently
  Location: https://archive.org

They're upgrading you from HTTP to HTTPS. curl, by default, does not follow redirects. Add `--location` to enable it:

  $ curl --location --head archive.org
  HTTP/1.1 301 Moved Permanently
  Server: nginx/1.4.6 (Ubuntu)
  Date: Wed, 09 Aug 2017 13:20:21 GMT
  Content-Type: text/html; charset=UTF-8
  X-Powered-By: PHP/5.5.9-1ubuntu4.21
  Location: https://archive.org
  Age: 0
  Connection: keep-alive
  Via: 1.1 akamai (ACE 5.8.1/5.8.1)

  HTTP/1.1 200 OK
  Server: nginx/1.4.6 (Ubuntu)
  Date: Wed, 09 Aug 2017 13:20:22 GMT
  Content-Type: text/html; charset=UTF-8
  Connection: keep-alive
  X-Powered-By: PHP/5.5.9-1ubuntu4.21
  Set-Cookie: PHPSESSID=kb7jsuslq8hrsfg96obqc5gnq3; path=/; domain=.archive.org

EDIT: Apparently archive.org does not do HSTS. If they did, a lot less people would be noticing the censorship.

captn3m08y ago

Check the first response on the paste that I posted. The response is an iframe:

    <meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0"/><style>body{margin:0px;padding:0px;}iframe{width:100%;height:100%}</style><iframe src="http://www.airtel.in/dot/?dpid=1&dpruleid=3&cat=107&dplanguage=-&url=http%3a%2f%2farchive%2eorg%2f" width="100%" height="100%" frameborder=0></iframe>

which has the following content:

>Your requested URL has been blocked as per the directions received from Department of Telecommunications, Government of India. Please contact administrator for more information.

manojlds8y ago

Can access both on my Airtel 4G.

cJ0th8y ago· 4 in thread

and why is that?

rubenbe8y ago

I suspect there is an archived site that was removed/censored by the government.

But this site is still available through archive.org, so as a drastic measure, they block archive.org entirely.

cJ0th8y ago

Aparently, Bollywood is to blame http://www.livemint.com/Politics/VxFtRh0qs6H9I3rUWdtKWL/Inte...

anujdeshpandeOP8y ago

This.

Blanket/irrational bans are not new. In Dec '14 we saw a ban[1] on GitHub and some other sites.

1 - https://techcrunch.com/2014/12/31/indian-government-censorsh...

kronos292968y ago

The joke's on them because https works just fine like all other https sites.

captn3m08y ago· 3 in thread

chatmasta8y ago

anujdeshpandeOP8y ago

Nice - for those wondering how to do this themselves (like me) - check out https://github.com/jedisct1/dnscrypt-proxy/wiki

jsudhams8y ago

In the current scenario this would be illegal to circumvent in most cases so if DoT puts block, don't try to circumvent even if it is possible. In India the law situation pretty bad so.....

dingo_bat8y ago· 2 in thread

Sometimes I think court orders should be voted on. And if 5 people think your order is stupid you lose your fucking job. Get disbarred from law for life.

k_sh8y ago

Judicial Independence is vital and important to the idea of separation of powers."[1]

1: https://en.wikipedia.org/wiki/Judicial_independence

dingo_bat8y ago

Yes, I know, but then we should have some procedure to prevent idiots from becoming judges.

mirap8y ago· 1 in thread

May be related to this article?

Airtel is sniffing and censoring CloudFlare’s traffic in India and CloudFlare doesn’t even know it. - https://medium.com/@karthikb351/airtel-is-sniffing-and-censo...

captn3m08y ago

Nopes, this is entirely different. CF was being MITM'd by airtel (likely still is) because airtel was/is their upstream ISP for their edge locations in India.

archive.org is blocked in India because of a court order somewhere.

zac998y ago· 1 in thread

I dont think its banned i can browse it https://archive.org/search.php?query=india

falcolas8y ago

The comment on the image notes that http is being blocked, it https is not (yet?)

1 more reply

factorialboy8y ago· 1 in thread

Incorrect headline. It's not the government but a court, and it's only in one state out of 25+.

anujdeshpandeOP8y ago

I can confirm that it's blocked in Pune, India. [1] this article confirms that it has been blocked in Delhi (and more). That's more than one state.

1- https://www.medianama.com/2017/08/223-india-blocks-access-in...

peterwaller8y ago

I'm amused by "Please contact administrator for more information".

... "But I _am_ administrator!?"

anujdeshpandeOP8y ago

A good (updated) place to see what ISPs and regions are seeing the ban - https://www.medianama.com/2017/08/223-india-blocks-access-in...

aussieguy1238y ago

DNS should be encrypted to prevent this kind of blocking. Were still using DNS technology from the 80s.

192_168_0_18y ago

So, it is the Judiciary (Chennai High Court) which ordered the ban and Indian Gov. followed it.

glax8y ago

I also tweeted to @DoT_India

Let see their response

glax8y ago

Railtel user here. It shows 404 Not Found

https://pasteboard.co/GESzgyf.png

sg248y ago

HTTPS or HTTP; archive.org is not blocked across india,misleading & incorrect post title.

nitin_flanker8y ago

It's working for me!

grey-sunshine8y ago

It works for me!

j / k navigate · click thread line to collapse