{{Header}}
{{Title|
title=Geo-blocking - Unreachable Websites
}}
{{#seo:
|description=A website is unreachable? Shows access denied or a captcha?
|image=xFmCp.png
}}
[[File:xFmCp.png|thumb|example [[#Captcha_Images|captcha]]]]
{{intro|
A website is unreachable? Shows access denied or a captcha?
}}
= General Issue =
{{quotation
|quote=A website I am trying to reach is blocking access over Tor.
Sometimes websites will block Tor users because they can't tell the difference between the average Tor user and automated traffic. The best success we've had in getting sites to unblock Tor users is getting users to contact the site administrators directly. Something like this might do the trick:
"Hi! I tried to access your site xyz.com while using Tor Browser and discovered that you don't allow Tor users to access your site. I urge you to reconsider this decision; Tor is used by people all over the world to protect their privacy and fight censorship. By blocking Tor users, you are likely blocking people in repressive countries who want to use a free internet, journalists and researchers who want to protect themselves from discovery, whistleblowers, activists, and ordinary people who want to opt out of invasive third party tracking. Please take a strong stance in favor of digital privacy and internet freedom, and allow Tor users access to xyz.com. Thank you."
In the case of banks, and other sensitive websites, it is also common to see geography-based blocking (if a bank knows you generally access their services from one country, and suddenly you are connecting from an exit relay on the other side of the world, your account may be locked or suspended).
If you are unable to connect to an onion service, please see I cannot reach X.onion!.
|context=[https://support.torproject.org/tbb/website-blocking-tor/ A website I am trying to reach is blocking access over Tor.]
}}
= Censors =
{{mbox
| type = notice
| image = [[File:Ambox_notice.png|40px|alt=Info]]
| text = Tor Censorship can mean two different things.
* '''A)''' Destination website level: This wiki page outlines Tor blocks by destination websites.
* '''B)''' {{isp}} level: If connections to the Tor network are blocked by the user's ISP, then [[Bridges|bridges]] or other circumvention tools are necessary.
}}
A number of websites or services [https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor actively block Tor users] via:
* A DNS query-based list used to tag IP addresses.
* Content delivery network (CDN) and/or blocking software like [https://www.akamai.com/ Akamai] and [https://www.cloudflare.com/ Cloudflare].
* Other individual blocks.
But not only Tor is often blocked. Also many IPs by many VPNs or proxies are often blocked. This is a huge issue. Even people using clearnet without something like Tor or VPN often presented with captchas or completely geo-blocked.
The CDN provider Cloudflare is used by millions of websites. [
* https://community.cloudflare.com/t/statistically-speaking-whats-the-percentage-of-total-sites-that-use-cf/372054
* https://blog.cloudflare.com/application-security/
] Many of the top websites are using Cloudflare. See also the [https://framagit.org/dCF/deCloudflare/-/blob/master/README.md Great Cloudwall / Stop Cloudflare / #deCloudflare #Crimeflare project] ([http://crimeflare.eu.org This redirection link might always link to a functional version.]) ([https://news.ycombinator.com/item?id=31801947 on hackernews]), which has (non-exhaustive list):
* [https://framagit.org/dCF/deCloudflare/-/blob/master/readme/en.md English version readme] / [https://framagit.org/dCF/deCloudflare/-/blob/master/README.md non-English version] contains a long list of arguments why cloudflare should not be used,
* [https://framagit.org/dCF/deCloudflare/-/blob/master/readme/en.ethics.md ethics],
* [https://framagit.org/dCF/deCloudflare/-/blob/master/PEOPLE.md anti-cloudflare citations, memes, outage report collections],
* [https://framagit.org/dCF/deCloudflare/-/blob/master/HISTORY.md incidents],
* [https://framagit.org/dCF/deCloudflare/-/blob/master/INSTRUCTION.md list of websites using cloudflare],
* [https://framagit.org/dCF/deCloudflare/-/blob/master/anti-tor_users/domains/attd.txt list of Tor blocking websites]
= Clarification of {{project_name_short}} Role in Website Reachability =
This issue is [[unspecific|unspecific to {{project_name_short}}]] and specific to [[Tor]], VPNs, proxies.
Can {{project_name_short}} be the cause of the inability to access specific destination websites? No. If connectivity is generally functional (some websites can be reached), never in the history of {{project_name_short}}, any website were reachable in [[Install_Tor_Browser_Outside_of_Whonix|Tor Browser outside of {{project_name_short}} (such as Tor Browser on Debian)]] while unreachable in Tor Browser inside of {{project_name_short}}. Neither the [[Tor_Browser#{{project_name_short}} Tor Browser Differences|{{project_name_short}} Tor Browser Differences]] nor {{project_name_short}} firewall discriminate against specific websites.
= Different Treatment of Tor Browser Versus Other Applications =
A potential cause for confusion is the following. Cloudflare treats [[Tor Browser]] users different than [[Other Browsers|other browsers]] (such as Firefox) or command line substitutes (such as curl) when being used over Tor. Quote Cloudflare [https://blog.cloudflare.com/cloudflare-onion-service/ Introducing the Cloudflare Onion Service]:
Today’s edition of the Crypto Week introduces an “opportunistic” solution to this problem, so that under suitable conditions, anyone using Tor Browser 8.0 will benefit from improved security and performance when visiting Cloudflare websites without having to face a CAPTCHA.
It is therefore possible that some websites can be visited with Tor Browser while attempting to fetch these websites with command line utilities such as curl would lead to a different result, a captcha.
= Bypass Tor Censorship =
There are various ad-hoc methods available to try and circumvent blocks. In most cases it is unnecessary to [[Tunnels/Introduction|create a tunnel]] which pairs {{project_name_short}} with other protocols (such as a VPN) in order to access the content.
The following services fetch content via other websites, which is a privacy trade-off. Further, only some services are effective with embedded, non-static content or support specific file types like PDF, .exe and mp3. [
https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor#ad-hoc-solutions-for-accessing-blocked-content-on-tor
]
'''Table:''' ''Tor Censorship Circumvention Options'' [
* Source: [https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor#ad-hoc-solutions-for-accessing-blocked-content-on-tor Ad-hoc Solutions for accessing blocked content on Tor]
* License: Content on this site is Copyright The Tor Project, Inc.. Reproduction of content is permitted under a [https://creativecommons.org/licenses/by/3.0/us/ Creative Commons Attribution 3.0 United States License].
]
{| class="wikitable"
|-
! scope="col"| '''Service'''
! scope="col"| '''URL'''
! scope="col"| '''Comment'''
! scope="col"| '''Non-static Embedded Content'''
! scope="col"| '''PDF, .exe, mp3'''
|-
! scope="row"| The Internet Archive's WaybackMachine
| https://web.archive.org/web/
https://web.archive.org/save/_embed/
| Archive.org respects robots.txt restrictions, works best with JS enabled
| No
| Yes
|-
! scope="row"| Archive.is
| {{Nowrap|https://archive.ph/?run=1&url=}}
| Ideal for news sites, doesn't require JS
| No
| No
|-
! scope="row" | Google Cache
| https://webcache.googleusercontent.com/search?q=cache:
| Google sometimes blocks these requests
| No - static only
| No
|-
! scope="row" | Startpage.com
|
# Go to {{Archive_link|url=https://www.startpage.com/|archive=none|text=startpage.com}}
# Find the URL by searching for the URL
# Click on the Anonymous View mask icon (proxy option) next to the search result [
Note the icon is not visible with Tor Browser's security slider set to safest, but can still be clicked. [https://support.startpage.com/hc/en-us/articles/4521579122964-How-to-use-Anonymous-View Startpage documentation] states: ]Pages viewed through the proxy are served to you anonymously. No connection is made between your computer and the remote site. Because of their potential for being used to identify you, JavaScript is modified and cookies are disabled for proxied pages.
| Not always efficacious
| No
| No
|-
! scope="row" | Any Searx Instance [
Searx instances utilizing v3 onions can be found {{Archive_link|url=https://searx.space/|onion=http://searxspbitokayvkhzhsnljde7rqmn7rvoga6e4waeub3h7ug3nghoad.onion|text=here}}.
]
|
# Choose one from {{Archive_link|url=https://searx.space|text=searx available instances}}.
# Find the URL by searching
# Click on the proxied option
| Not always efficacious
| No
| No
|-
! scope="row" | Hypothes.is
| https://via.hypothes.is/
| Behind Cloudflare
| Yes
| Yes
|-
! scope="row" | Online Proxies
| hide.me/en/proxy, proxysite.com, hidester.com/proxy
| -
| Yes
| Yes
|-
|}
The Tor community also recommends: [
https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor#other-relevant-services
]
To avoid captchas that are sometimes required when visiting YouTube, use hooktube.com/ (behind Cloudflare).
imgur.com blocks Tor uploads, to upload images on an imgur domain go to a stackexchange website (for example tor.stackexchange.com), click on Ask a Question, use the image upload tooltip to upload the image, the resulting url will have a i.stack.imgur.com/... form.
= Impact on Anonymity =
In short: None. Geo-blocking has no influence on the anonymity provided by Whonix.
[[Reliable_IP_Hiding|Whonix provides reliable IP hiding]], but cannot make [[Data_Collection_Techniques#IP_Address|IP address]]. completely disappear. This is impossible. No tool can do this.
There are two distinct strategies for user anonymization.
* '''A)''' Unique Pseudonym On Demand: This approach generates a new, random pseudonym for each user session. It aims to ensure that activities from one session cannot be linked to those of another by external observers. There is no known tool providing such functionality, that is considered safer than Tor by security experts. See also [[Dev/Anonymity_Network|Comparison of anonymizers considered for the implementation of the Anonymous Operating System Whonix]].
* '''B)''' Uniformity: This method aims to make every user appear identical to external observers, employing a "safety in numbers" strategy that makes it difficult to distinguish individual users within a larger group of similar traffic. The concept is encapsulated by the phrase Anonymity Loves Company[
https://www.freehaven.net/anonbib/cache/usability:weis2006.pdf
], a term that the Tor Project has made popular. This is the approach used by [[Tor Browser]] and {{project_name_short}}
Since {{project_name_short}} is based on Tor ([[Why does Whonix use Tor|why?]]), it aims to enhance the functionality of [[Tor]], embracing similar design principles.
The IPs of Tor exit relays is public known information. This is why [[#Censors|censors]] can easily download the list of Tor related IP addresses and block these.
related FAQ: [https://support.torproject.org/misc/hide-exits/ You should hide the list of Tor relays, so people can't block the exits.]
Whonix is an anonymous operating system, but at time of writing does not focus on geo-blocking circumvention. In the far future, Whonix might implement a feature to make the use of [[Tunnels/Introduction|tunnels]] easier to use.
= Captcha Images =
Captcha are related to geo-blocking. When using a different IP such as by using Tor or a VPN, users are more likely to get pestered with captcha challanges.
File:impossible-captcha-recaptcha.png
File:impossible-captcha-tractors.png
= Footnotes =
{{reflist|close=1}}
{{Footer}}
[[Category:Documentation]]