Hacker News new | past | comments | ask | show | jobs | submit login
Whistleblower provides blocking orders for over 4000 websites in India (reddit.com)
119 points by _tw9j 15 days ago | hide | past | favorite | 26 comments

The list only seems to contain small portion of what is blocked mostly torrent sites and piracy stuff. Almost all porn sites are banned yet not mentioned. The scariest part is that there is no visibility.

Interestingly, reddit blocks nsfw subs in india with few non nsfw too. Telegram web is blocked. Streamable, redgif and few other content sites are blocked on specific ISPs.

They blocked reddit as a whole too before.

They have issued orders for sites like github and pastebin in the past. - https://qz.com/india/319866/a-threat-from-isis-prompts-india...

[1] 28 internet shutdowns this year. 106 in 2019, and 134 in 2018.

IFF is doing good job in fighting against censorship. Check their page [2] for information and support.

What can people do about the draconian laws coming?

People support this. If they were uneducated, you can educate them but many of them are educated indians, how do you change their mind?

1] https://internetshutdowns.in/

2] https://internetfreedom.in

There is more. Individual ISPs can ban or even slow down websites as per their own wishes. Airtel in india (which is about to raise an investment by Amazon) blocked a lot of websites like Streamable when it wasnt even legally banned. Just showed the error as address could not be found. I circumvented by changing my DNS to cloudflare and it started working. Jio totally blocked telegram with no directions from court or govt.

Yes, one day out of nowhere, web.telegram.org stopped loading for me over jio, I didn't think much about it and switched on a VPN, which loaded the SPA. The SPA can now fetch messages after a manual retry over jio networks as well.

Democratic governments too have genuine reasons to regulate the internet access, however half brained the implenmentation is.

Instead of "activism" and protests, what we need is solutions.


- Child pornography - Bullying - Privacy - Terrorism - Hate speech that leads to violence or murders - Orchestration of riots, esp. by foreign intelligence - Misinformation and foreign interference in democracy - ... - ..

The list goes on, please work on solutions and provide practical tools or regulations and lobby for it.

> What can people do about the draconian laws coming?

I dont have the answer but I guess if you have money to spare give a donation to them.


That sounds difficult, it seems like your feelings are still pretty raw. I’m sorry you went through that.

Out of curiosity, do you think there’s a difference between me asking a government to remove something from a web platform vs me asking the platform to remove something?

Perhaps my position is I don’t think anyone should appeal to a government for web censorship, but hold platforms socially accountable for the content they host. If they hear my (and the potentially ensuing mob) complaints about content I found objectionable, the platform can either ignore my complaint or acquiesce. What can I do if they ignore me? Start a boycott? That kind of pressure is an economic one which leads to the platform making a business decision. The content creator that feels slighted starts their own competing platform for a different user base. We now have meaningful competition. It’s the kind of libertarian value that I think is just right for the web.

It might seem unfair, but it doesn’t feel like mob rule/leftist hypocrisy more than the invisible hand of the information market working against your content.

> it seems like your feelings are still pretty raw. I’m sorry you went through that.

It's a badge of honor to be slandered by the NYT, Business Insider and Vice magazine all on the same day.

> do you think there’s a difference between me asking a government to remove something from a web platform vs me asking the platform to remove something?

Corporations have zero accountability once they hit monopoly status.

Governments can change. For example, FOAI requests.

Is there a difference between you asking a government to remove someone vs you asking the mob to remove someone?

This is typical libertarian logic, where you completely disregard outcomes provided they come from the market and not the government. It actually mimics socialist thought; "sure, we don't have a lot of food or stuff in general, but whatever we have was produced using the principles of scientific socialism!"

In reality, people care about having food, not being murdered or being allowed to express themselves. Whether it's the outcome of the institutions called "the government" or the ones called "the market", who are joined at the hip anyway, makes very little difference.

There's a decent write-up about the legal issues around blocking the satirical website called Dowry Calculator, written here: https://internetfreedom.in/delhi-hc-issues-notice-to-the-gov...

Some ommenters are stating that some subreddits are specifically banned as well, such as r/NSFW.

Given that reddit uses TLS, I assume Reddit is assisting governments in banning content like this as well?

Yes, i think Reddit shows a note saying content restricted in your country in response to a legal notice. And then it says geoblocked in India.

If a government has a great firewall installs its own root certificate on locally sold devices, it can pull all sorts of shenanigans.

Check out the CAs your browser trusts. It's a tire fire. People should be a lot more worried about corporate shenanigans than government.

One of the more interesting things you can do with a network tap is take a look at the certificates crossing the wire. Suricata has a tls-log section.

Are there known cases of this being done?


Sorry if this is a dumb question, but wouldn't it suffice to just ban the subreddits by their URL?

It's not a dumb question, since it's a natural assumption. But HTTPS - specifically HTTP over TLS - establishes the secure tunnel to the particular domain (reddit.com) first, and only then transmits elements of the HTTP protocol, such as the path, any query parameters, and so on.

I believe that TLS could be used (and is used) in combination with other protocols, which only require the domain to use for DNS. Everything after that in the URL bar is HTTP-only.

DNS over https solves the problem of plain text DNS. Firefox already supports it. Also check more about ESNI since ISPs like jio employ SNI inspection to block sites - https://www.cloudflare.com/learning/ssl/what-is-encrypted-sn...

Cloudflare has a small demo which you can use to test your browser and learn more about specific parts - https://www.cloudflare.com/ssl/encrypted-sni/

I use https://getintra.org on Android and point it to a recursive DoH resolver running on Cloudflare Workers (free tier has been more than enough for 3 devices worth of queries).

Quick tutorial from StackPath (much of it applies to Cloudflare Workers, too): https://news.ycombinator.com/item?id=19514791

The government could technically do that (and worse) if they controlled the browser. China for instance have a few popular browsers (owned by Tencent, Alibaba, Xiaomi, and Qihoo 360) that made it impossible to either view a GitHub repo or perform certain actions, such as starring it. Imagine them rewriting Wikipedia articles to spread propaganda, or modify a download url to point to a cracked version that infect your device with RAT, etc).

I’m not familiar with the browser situation in India, but it’s yet another reason why we should recommend and support Firefox, and why we should avoid software and hardware from authoritarian countries.

Or a protocol downgrade attack. Many possible ways.

Pretty sure a downgrade is theoretically impossible currently (unless you're exploiting a zero day)

The actual orders.[1] These are all in India.

Most of these are over copyright issues. It's like reading DMCA takedown notices.

[1] https://drive.google.com/drive/folders/1XtWN1FGTnalCIOiEdCLt...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact